Hey Mark,

I can do the ipa-replica-manage list command just fine, it displays all the 
servers.
I just found it weird when on the master if I did the ipa-replica-manage list 
replica_server that it gave that error.

I did the following from the Red Hat site but it just segfaults.
Retrieve a new keytab for the principal using the ipa-getkeytab command. This 
requires the location of the original keytab for the service or host (-k), the 
principal (-p), and the IdM server hostname (-s).
For example, this refreshes the host principal with a keytab in the default 
location of /etc/krb5.keytab:
# ipa-getkeytab -p host/client.example....@example.com -s ipa.example.com -k 
/etc/krb5.keytab


When I do klist it shows an ldap key that would be expiring tomorrow evening.

I looked at the sssd logs and I see nothing in there. The slapd logs show the 
same error I listed below.

Matt


From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:13 PM
To: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues

On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
Hello,

I'm currently running into some issues with my replica server.
I noticed it wasn't getting any updates from the master server so I tried to do 
a force-sync but it states that it is an "invalid password" which I know it is 
not the case.

I tried doing an ipa-replica-manager list replica_server but it gives me the 
SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context, 
'desc' Invalid Credentials

I've tried doing a kdestroy and have it prompt me for the password but again, 
same error.

Any idea what this would be?

Thanks,

Matt


Joe,

Are you actually getting a valid Kerberos ticket - on the surface it would not 
appear so.

Also, the command is 'ipa-replica-manage list':

Example:
  # ipa-replica-manage list
  idm-srv1.example.com: master
  idm-srv2.example.com: master

-m
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to