On 08/16/2016 09:25 AM, Petr Spacek wrote: > On 15.8.2016 20:18, Linov Suresh wrote: >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0 >> >> >> We can only add the clients from IPA Server 01, not from IPA Server 02. >> When I tried to add the client from IPA Server 02, getting the error, >> >> >> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: >> Unspecified GSS failure. Minor code may provide more information (KDC >> returned error string: NOT_ALLOWED_TO_DELEGATE) >> >> SASL/GSSAPI authentication started >> >> SASL username: vp...@example.net >> >> SASL SSF: 56 >> >> SASL data security layer installed. >> >> ldap_modify: No such object (32) >> >> additional info: Range Check error >> >> modifying entry "fqdn=cpe-5061747522f9.example.net >> ,cn=computers,cn=accounts,dc=example,dc=net" >> >> >> Could you please help us to fix this? > > We need to see exact steps you did before we can give you any meaningful > advice. > > Please have a look at > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html > > It is a very nice document which describes general bug reporting procedure and > best practices. > > We will certainly have a look but we need first see the information :-) >
Also, using IPA on RHEL-6.4 is discouraged. This is a really old release and there are known issues (in cert renewals for example). Using at least RHEL-6.8 or, even better, RHEL-7.2 is preferred and would help you avoid known issues and deficiencies (and the newer FreeIPA versions are way cooler anyway). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
