Thank you very much Martin

I will get back to you very soon with what I've found out.

On Mon, May 18, 2015 at 3:30 PM, Martin Kosek <> wrote:
> On 05/18/2015 02:17 PM, Sina Owolabi wrote:
>> Hi Martin
>> And thanks for getting back, greatly appreciated.
>> I tore down the replica and reinstalled from scratch, using an old
>> replica-info file
>> I had on the primary. Im not sure if this is a good thing to do, but I
>> would appreciate
>> if you could point me to the logs you'd be interested in seeing.
>> I had to reinstall the replica without CA before it would complete, too.
>> Thanks again for your precious time.
> It depends what component you are actually fighting with. There is a separate
> log for LDAP server, KDC server, Apache and PKI servers.
> Most directions are specific here
> We need to know first what specific error you are dealing with right now, to
> point you to right direction.
> Martin
>> On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <> wrote:
>>> On 05/16/2015 12:19 PM, Sina Owolabi wrote:
>>>> Please help me. I am in dire straits, this is the linchpin of our
>>>> network and we are suffering.
>>> I am sorry for delay in answering, but not many people here show up on the
>>> weekend. Comments below.
>>>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <> 
>>>> wrote:
>>>>> Hi!
>>>>> I am running an IPA domain with two servers, one is a replica. Red Hat 
>>>>> 6.6,
>>>>> with the following versions:
>>>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64
>>>>> ipa-server-selinux-3.0.0-42.el6.x86_64
>>>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64
>>>>> ipa-admintools-3.0.0-42.el6.x86_64
>>>>> python-iniparse-0.3.1-2.1.el6.noarch
>>>>> ipa-client-3.0.0-42.el6.x86_64
>>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64
>>>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64
>>>>> ipa-server-3.0.0-42.el6.x86_64
>>>>> ipa-python-3.0.0-42.el6.x86_64
>>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64
>>>>> I noticed the replica did not seem to be in sync with the primary IPA
>>>>> server, as login requests to ipa clients using the replica for domain
>>>>> authentication failed with
>>>>> "Too many authentication failures for user UNKNOWN".
>>>>> I forced a sync with the primary server and rebooted the replica 
>>>>> afterwards.
>>>>> Now the replica is back up, but when I run "ipactl status", only
>>>>> dirsrv is running:
>>>>> # ipactl status
>>>>> Directory Service: RUNNING
>>> This is strange, try
>>> # ipactl restart
>>> see which services fail to start and see the logs they produce.
>>>>> No other service shows up. I also tried editing /etc/krb5.conf to
>>>>> change the [realms] information to point to the primary server, but
>>>>> while I can now kinit admin,
>>>>> nothing else works.
>>>>> Please how can I fix this problem?
>>>>> Please what can I do fix this?
>>> First things first. You need to first see if all service start and operate
>>> properly, if not, we need to see their logs in order to help or advise.
>>> Martin

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to