I can do the ipa-replica-manage list command just fine, it displays all the
I just found it weird when on the master if I did the ipa-replica-manage list
replica_server that it gave that error.
I did the following from the Red Hat site but it just segfaults.
Retrieve a new keytab for the principal using the ipa-getkeytab command. This
requires the location of the original keytab for the service or host (-k), the
principal (-p), and the IdM server hostname (-s).
For example, this refreshes the host principal with a keytab in the default
location of /etc/krb5.keytab:
# ipa-getkeytab -p host/client.example....@example.com -s ipa.example.com -k
When I do klist it shows an ldap key that would be expiring tomorrow evening.
I looked at the sssd logs and I see nothing in there. The slapd logs show the
same error I listed below.
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:13 PM
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
I'm currently running into some issues with my replica server.
I noticed it wasn't getting any updates from the master server so I tried to do
a force-sync but it states that it is an "invalid password" which I know it is
not the case.
I tried doing an ipa-replica-manager list replica_server but it gives me the
SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context,
'desc' Invalid Credentials
I've tried doing a kdestroy and have it prompt me for the password but again,
Any idea what this would be?
Are you actually getting a valid Kerberos ticket - on the surface it would not
Also, the command is 'ipa-replica-manage list':
# ipa-replica-manage list
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project