Thank you very much Martin I will get back to you very soon with what I've found out.
On Mon, May 18, 2015 at 3:30 PM, Martin Kosek <[email protected]> wrote: > On 05/18/2015 02:17 PM, Sina Owolabi wrote: >> Hi Martin >> >> And thanks for getting back, greatly appreciated. >> I tore down the replica and reinstalled from scratch, using an old >> replica-info file >> I had on the primary. Im not sure if this is a good thing to do, but I >> would appreciate >> if you could point me to the logs you'd be interested in seeing. >> I had to reinstall the replica without CA before it would complete, too. >> >> Thanks again for your precious time. > > It depends what component you are actually fighting with. There is a separate > log for LDAP server, KDC server, Apache and PKI servers. > > Most directions are specific here > http://www.freeipa.org/page/Troubleshooting > > We need to know first what specific error you are dealing with right now, to > point you to right direction. > > Martin > >> >> On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <[email protected]> wrote: >>> On 05/16/2015 12:19 PM, Sina Owolabi wrote: >>>> Please help me. I am in dire straits, this is the linchpin of our >>>> network and we are suffering. >>> >>> I am sorry for delay in answering, but not many people here show up on the >>> weekend. Comments below. >>> >>>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <[email protected]> >>>> wrote: >>>>> Hi! >>>>> >>>>> I am running an IPA domain with two servers, one is a replica. Red Hat >>>>> 6.6, >>>>> with the following versions: >>>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64 >>>>> ipa-server-selinux-3.0.0-42.el6.x86_64 >>>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64 >>>>> ipa-admintools-3.0.0-42.el6.x86_64 >>>>> python-iniparse-0.3.1-2.1.el6.noarch >>>>> ipa-client-3.0.0-42.el6.x86_64 >>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64 >>>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64 >>>>> ipa-server-3.0.0-42.el6.x86_64 >>>>> ipa-python-3.0.0-42.el6.x86_64 >>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64 >>>>> >>>>> >>>>> I noticed the replica did not seem to be in sync with the primary IPA >>>>> server, as login requests to ipa clients using the replica for domain >>>>> authentication failed with >>>>> "Too many authentication failures for user UNKNOWN". >>>>> I forced a sync with the primary server and rebooted the replica >>>>> afterwards. >>>>> Now the replica is back up, but when I run "ipactl status", only >>>>> dirsrv is running: >>>>> # ipactl status >>>>> Directory Service: RUNNING >>> >>> This is strange, try >>> >>> # ipactl restart >>> >>> see which services fail to start and see the logs they produce. >>> >>>>> No other service shows up. I also tried editing /etc/krb5.conf to >>>>> change the [realms] information to point to the primary server, but >>>>> while I can now kinit admin, >>>>> nothing else works. >>>>> >>>>> Please how can I fix this problem? >>>>> >>>>> Please what can I do fix this? >>> >>> First things first. You need to first see if all service start and operate >>> properly, if not, we need to see their logs in order to help or advise. >>> >>> Martin > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
