On 05/18/2015 02:17 PM, Sina Owolabi wrote:
> Hi Martin
> And thanks for getting back, greatly appreciated.
> I tore down the replica and reinstalled from scratch, using an old
> replica-info file
> I had on the primary. Im not sure if this is a good thing to do, but I
> would appreciate
> if you could point me to the logs you'd be interested in seeing.
> I had to reinstall the replica without CA before it would complete, too.
> Thanks again for your precious time.

It depends what component you are actually fighting with. There is a separate
log for LDAP server, KDC server, Apache and PKI servers.

Most directions are specific here

We need to know first what specific error you are dealing with right now, to
point you to right direction.


> On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <mko...@redhat.com> wrote:
>> On 05/16/2015 12:19 PM, Sina Owolabi wrote:
>>> Please help me. I am in dire straits, this is the linchpin of our
>>> network and we are suffering.
>> I am sorry for delay in answering, but not many people here show up on the
>> weekend. Comments below.
>>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <notify.s...@gmail.com> wrote:
>>>> Hi!
>>>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6,
>>>> with the following versions:
>>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64
>>>> ipa-server-selinux-3.0.0-42.el6.x86_64
>>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64
>>>> ipa-admintools-3.0.0-42.el6.x86_64
>>>> python-iniparse-0.3.1-2.1.el6.noarch
>>>> ipa-client-3.0.0-42.el6.x86_64
>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64
>>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64
>>>> ipa-server-3.0.0-42.el6.x86_64
>>>> ipa-python-3.0.0-42.el6.x86_64
>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64
>>>> I noticed the replica did not seem to be in sync with the primary IPA
>>>> server, as login requests to ipa clients using the replica for domain
>>>> authentication failed with
>>>> "Too many authentication failures for user UNKNOWN".
>>>> I forced a sync with the primary server and rebooted the replica 
>>>> afterwards.
>>>> Now the replica is back up, but when I run "ipactl status", only
>>>> dirsrv is running:
>>>> # ipactl status
>>>> Directory Service: RUNNING
>> This is strange, try
>> # ipactl restart
>> see which services fail to start and see the logs they produce.
>>>> No other service shows up. I also tried editing /etc/krb5.conf to
>>>> change the [realms] information to point to the primary server, but
>>>> while I can now kinit admin,
>>>> nothing else works.
>>>> Please how can I fix this problem?
>>>> Please what can I do fix this?
>> First things first. You need to first see if all service start and operate
>> properly, if not, we need to see their logs in order to help or advise.
>> Martin

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to