On 05/18/2015 02:17 PM, Sina Owolabi wrote: > Hi Martin > > And thanks for getting back, greatly appreciated. > I tore down the replica and reinstalled from scratch, using an old > replica-info file > I had on the primary. Im not sure if this is a good thing to do, but I > would appreciate > if you could point me to the logs you'd be interested in seeing. > I had to reinstall the replica without CA before it would complete, too. > > Thanks again for your precious time.
It depends what component you are actually fighting with. There is a separate log for LDAP server, KDC server, Apache and PKI servers. Most directions are specific here http://www.freeipa.org/page/Troubleshooting We need to know first what specific error you are dealing with right now, to point you to right direction. Martin > > On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <[email protected]> wrote: >> On 05/16/2015 12:19 PM, Sina Owolabi wrote: >>> Please help me. I am in dire straits, this is the linchpin of our >>> network and we are suffering. >> >> I am sorry for delay in answering, but not many people here show up on the >> weekend. Comments below. >> >>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <[email protected]> wrote: >>>> Hi! >>>> >>>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6, >>>> with the following versions: >>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64 >>>> ipa-server-selinux-3.0.0-42.el6.x86_64 >>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64 >>>> ipa-admintools-3.0.0-42.el6.x86_64 >>>> python-iniparse-0.3.1-2.1.el6.noarch >>>> ipa-client-3.0.0-42.el6.x86_64 >>>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64 >>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64 >>>> ipa-server-3.0.0-42.el6.x86_64 >>>> ipa-python-3.0.0-42.el6.x86_64 >>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64 >>>> >>>> >>>> I noticed the replica did not seem to be in sync with the primary IPA >>>> server, as login requests to ipa clients using the replica for domain >>>> authentication failed with >>>> "Too many authentication failures for user UNKNOWN". >>>> I forced a sync with the primary server and rebooted the replica >>>> afterwards. >>>> Now the replica is back up, but when I run "ipactl status", only >>>> dirsrv is running: >>>> # ipactl status >>>> Directory Service: RUNNING >> >> This is strange, try >> >> # ipactl restart >> >> see which services fail to start and see the logs they produce. >> >>>> No other service shows up. I also tried editing /etc/krb5.conf to >>>> change the [realms] information to point to the primary server, but >>>> while I can now kinit admin, >>>> nothing else works. >>>> >>>> Please how can I fix this problem? >>>> >>>> Please what can I do fix this? >> >> First things first. You need to first see if all service start and operate >> properly, if not, we need to see their logs in order to help or advise. >> >> Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
