Hi! I am running an IPA domain with two servers, one is a replica. Red Hat 6.6, with the following versions: libipa_hbac-1.11.6-30.el6_6.4.x86_64 ipa-server-selinux-3.0.0-42.el6.x86_64 libipa_hbac-python-1.11.6-30.el6_6.4.x86_64 ipa-admintools-3.0.0-42.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-client-3.0.0-42.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64 device-mapper-multipath-0.4.9-80.el6_6.3.x86_64 ipa-server-3.0.0-42.el6.x86_64 ipa-python-3.0.0-42.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch sssd-ipa-1.11.6-30.el6_6.4.x86_64
I noticed the replica did not seem to be in sync with the primary IPA server, as login requests to ipa clients using the replica for domain authentication failed with "Too many authentication failures for user UNKNOWN". I forced a sync with the primary server and rebooted the replica afterwards. Now the replica is back up, but when I run "ipactl status", only dirsrv is running: # ipactl status Directory Service: RUNNING No other service shows up. I also tried editing /etc/krb5.conf to change the [realms] information to point to the primary server, but while I can now kinit admin, nothing else works. Please how can I fix this problem? Please what can I do fix this? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project