Hi Martin And thanks for getting back, greatly appreciated. I tore down the replica and reinstalled from scratch, using an old replica-info file I had on the primary. Im not sure if this is a good thing to do, but I would appreciate if you could point me to the logs you'd be interested in seeing. I had to reinstall the replica without CA before it would complete, too.
Thanks again for your precious time. On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <mko...@redhat.com> wrote: > On 05/16/2015 12:19 PM, Sina Owolabi wrote: >> Please help me. I am in dire straits, this is the linchpin of our >> network and we are suffering. > > I am sorry for delay in answering, but not many people here show up on the > weekend. Comments below. > >> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <notify.s...@gmail.com> wrote: >>> Hi! >>> >>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6, >>> with the following versions: >>> libipa_hbac-1.11.6-30.el6_6.4.x86_64 >>> ipa-server-selinux-3.0.0-42.el6.x86_64 >>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64 >>> ipa-admintools-3.0.0-42.el6.x86_64 >>> python-iniparse-0.3.1-2.1.el6.noarch >>> ipa-client-3.0.0-42.el6.x86_64 >>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64 >>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64 >>> ipa-server-3.0.0-42.el6.x86_64 >>> ipa-python-3.0.0-42.el6.x86_64 >>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>> sssd-ipa-1.11.6-30.el6_6.4.x86_64 >>> >>> >>> I noticed the replica did not seem to be in sync with the primary IPA >>> server, as login requests to ipa clients using the replica for domain >>> authentication failed with >>> "Too many authentication failures for user UNKNOWN". >>> I forced a sync with the primary server and rebooted the replica afterwards. >>> Now the replica is back up, but when I run "ipactl status", only >>> dirsrv is running: >>> # ipactl status >>> Directory Service: RUNNING > > This is strange, try > > # ipactl restart > > see which services fail to start and see the logs they produce. > >>> No other service shows up. I also tried editing /etc/krb5.conf to >>> change the [realms] information to point to the primary server, but >>> while I can now kinit admin, >>> nothing else works. >>> >>> Please how can I fix this problem? >>> >>> Please what can I do fix this? > > First things first. You need to first see if all service start and operate > properly, if not, we need to see their logs in order to help or advise. > > Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project