Hey Suhail, Issue has been resolved; it was actually my replica server being about 10 minutes out of sync from the master which was causing the credential errors.
Matt From: Choudhury, Suhail [mailto:suhail.choudh...@bskyb.com] Sent: Wednesday, July 30, 2014 9:00 AM To: Joseph, Matthew (EXP); firstname.lastname@example.org Subject: EXTERNAL: RE: IPA Replica Issues Hi, Check your GSSAPIAuthentication settings in sshd.conf and restart sshd: GSSAPIAuthentication yes GSSAPICleanupCredentials yes Last week I had some replication problems between replicas which were fixed after re-enabling GSSAPI. Regards, Suhail Choudhury. DevOps | Recommendations Team | BSkyB ________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Joseph, Matthew (EXP) [matthew.jos...@lmco.com] Sent: 28 July 2014 17:46 To: email@example.com Subject: [Freeipa-users] IPA Replica Issues Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an "invalid password" which I know it is not the case. I tried doing an ipa-replica-manager list replica_server but it gives me the SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context, 'desc' Invalid Credentials I've tried doing a kdestroy and have it prompt me for the password but again, same error. Any idea what this would be? Thanks, Matt Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project