Figured out the issue. My time was off by about 10 minutes between the replica and master server. This caused the credential errors.
I put the time back to where it should be and the replication went perfect. Would a newer version of FreeIPA display this better in the logs? Currently I'm using 2.2.0-16 Thanks guys. -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, July 29, 2014 9:15 AM To: Simo Sorce Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues Ok I got the directory manager password figured out. I had to go through the steps again and it took the change this time. So from my replica server I can perform the ipa-replica-manage list and supply the directory manager password and it works. When I try to do a force-sync it displays the following error in the errors log on my master server; Replication bind with GSSAPI auth failed; LDAP Error 49 (Invalid Credentials) (SASL (-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, July 29, 2014 7:22 AM To: Simo Sorce Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues Sorry I should clarify what is weird is I supply the Directory Manager password and it's not accepting it. Any idea why this is happening? I know a few months back I changed the admin password and I followed the steps on both my Master and Replica servers from the following link; http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password I've tried supplying both the old and the new Directory manager password but neither are working. -----Original Message----- From: Simo Sorce [mailto:s...@redhat.com] Sent: Monday, July 28, 2014 5:04 PM To: Joseph, Matthew (EXP) Cc: Mark Heslin; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues On Mon, 2014-07-28 at 18:39 +0000, Joseph, Matthew (EXP) wrote: > Weird, when I do kdestroy it prompts me for a password to do the > ipa-replica-manage list command and I supply the password but it states > invaloud crednetials. > When I do kinit and supply the password it works. > They use the same account/password don't they? No, if you look carefully when you do not have a ticket it asks you for the "Directory Manager" password, which is/should not the same as any of your users. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
