On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner wrote:
> update:
>
> modifying the /etc/krb5.conf, and replacing the name of my freeipa master
> by the replica fixes the problem.
> So that proves that the kdc is not picked up by discovery.
>
> The problem is that my ubuntu box was enrolled using the
Thanks a lot, that works if I comment out the explicit reference to a
server name, and that I switch dns_lookup_kdc to true.
I think I understand why it was not working from the install:
I used the ipa-client-install with the option --server.
According to the man page, in the "Failover" section, I
On Tue, 05 Jan 2016, Karl Forner wrote:
update:
modifying the /etc/krb5.conf, and replacing the name of my freeipa master
by the replica fixes the problem.
So that proves that the kdc is not picked up by discovery.
This implies you have explicit line stating the KDC address in your
krb5.conf. T
On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo wrote:
> includedir /var/lib/sss/pubconf/krb5.include.d/
> #File modified by ipa-client-install
>
> [libdefaults]
> default_realm = IPA.DOMAIN.TLD
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> fo
update:
modifying the /etc/krb5.conf, and replacing the name of my freeipa master
by the replica fixes the problem.
So that proves that the kdc is not picked up by discovery.
The problem is that my ubuntu box was enrolled using the ipa-client-install
script, and so should be properly configured.
Another piece of information:
the linux boxes are running ubuntu too, with the same configuration.
I have configured 2 dns servers, the first for my main freeipa server
(which is down), and rhe second for the replica.
After boot, the linux box can resolve addresses just fine, using the
secondary d
On Tue, Jan 5, 2016 at 8:14 AM, Jakub Hrozek wrote:
> On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote:
> > Hello,
> >
> > My freeipa master has crashed, and I have a replica running.
> > The problem is that I can not use anymore the webapps on my main server
> > which use a kerberos a
On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote:
> Hello,
>
> My freeipa master has crashed, and I have a replica running.
> The problem is that I can not use anymore the webapps on my main server
> which use a kerberos authentication since my server will not switch to the
> kdc on my
Hello,
My freeipa master has crashed, and I have a replica running.
The problem is that I can not use anymore the webapps on my main server
which use a kerberos authentication since my server will not switch to the
kdc on my replica.
I remember that someone replied me on this list about that prob
