Martin Kosek <mko...@redhat.com> schrieb am 29.05.2015 10:06:45: > > Running ipa-getkeytab on this replica is tricky - as if replication > is down and > you do this, the old key is revoked and new one is generated - which is not > known for the other master as replication is not working and you get in a > strange situation. > > You can try to log to your active master, do ipa-getkeytab for the broken > replica, copy the keytab there, restart DS and then run re- > initialize to reload > all the data from active master. It may work. > > > Or it is better to destroy it and do a new install? > > That may be even faster for the making that particular replica up and running > again, if you do not want to dig too much in this issue.
yep done it on other replica and it works, thx! MfG Christoph Kaminski
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project