I'm trying to interpret these log messages. It seems like server ipa03
has no principal for the DNS service and is not able to replicate LDAP
to the other 3 IPA servers. If that is correct:
1. Is "DNS" the service principal it should be using?
2. How do I correct this?
(what concerns me is that ipa03 is the server I designated as
the server where administrative changes are made in case manual
replication is needed)
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: connection to
the LDAP server was lost
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example....@example.com)
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: ldap_syncrepl
will reconnect in 60 seconds
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: connection to
the LDAP server was lost
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example....@example.com)
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: ldap_syncrepl
will reconnect in 60 seconds
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: connection to
the LDAP server was lost
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example....@example.com)
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: ldap_syncrepl
will reconnect in 60 seconds
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
