On 10/11/15 11:54, Gronde, Christopher (Contractor) wrote:
# ldapsearch -x -D 'cn=Directory Manager' -W -b cn=mapping,cn=sasl,cn=config
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
:12:16 -0500] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1
etime=0
[10/Nov/2015:14:12:16 -0500] conn=Internal op=-1 SRCH base="cn=Name
Only,cn=mapping,cn=sasl,cn=config" scope=0
filter="(|(objectclass=*)(objectclass=ldapsubentry))" attrs=ALL
[10/Nov/2015:14:12:16 -0500] conn=In
red
[root@comipa02 ~]# ldapmodify -a -D "cn=config" -W Enter LDAP
Password:
ldap_bind: Inappropriate authentication (48)
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Tuesday, November 10, 2015 9:48 AM
To: Gronde, Christopher (Contractor) <christopher.gro...
260
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, November 10, 2015 9:03 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos
authentication error)
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(uid=ldap/comipa01.itmodev.gov)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
On 11/10/2015 05:16 PM, Gronde, Christopher (Contractor) wrote:
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(uid=ldap/comipa01.itmodev.gov)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
On 11/10/2015 09:49 AM, Gronde, Christopher (Contractor) wrote:
Note comipa01 is the master and comipa02 is the replica that is having the KDC
issue
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(krbprincipalname=ldap/comipa01.itmodev.gov*)'
Enter LDAP
e: [Freeipa-users] krb5kdc will not start (kerberos
>> authentication error)
>>
>>
>> On 11/10/2015 02:40 PM, Alexander Bokovoy wrote:
>>> On Tue, 10 Nov 2015, Gronde, Christopher (Contractor) wrote:
>>>> Where can I verify or change the credentials it i
2
result: 0 Success
# numResponses: 142
# numEntries: 141
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, November 10, 2015 11:37 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] kr
On 11/10/2015 09:16 AM, Gronde, Christopher (Contractor) wrote:
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(uid=ldap/comipa01.itmodev.gov)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Tuesday, November 10, 2015 9:48 AM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authenticat
Note comipa01 is the master and comipa02 is the replica that is having the KDC
issue
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov" '(krbprincipalname=ldap/comipa01.itmodev.gov*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
>
> -Original Message-
> From: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
> Sent: Tuesday, November 10, 2015 11:37 AM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] krb5kdc will not start (kerbe
what do you get if you search for "objectclass=krbprincipal" ?
On 11/10/2015 05:27 PM, Rich Megginson wrote:
On 11/10/2015 09:16 AM, Gronde, Christopher (Contractor) wrote:
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov"
day, November 10, 2015 9:48 AM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 03:32 PM, Gronde, Christopher (Contractor) wrote:
> How do I
On 11/10/2015 05:54 PM, Gronde, Christopher (Contractor) wrote:
# ldapsearch -x -D 'cn=Directory Manager' -W -b cn=mapping,cn=sasl,cn=config
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
ay, November 10, 2015 12:03 PM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>; Rob
Crittenden <rcrit...@redhat.com>; Ludwig Krispenz <lkris...@redhat.com>;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
This is the mappings from the Master...it looks very different from the replica
# ldapsearch -x -D 'cn=Directory Manager' -W -b cn=mapping,cn=sasl,cn=config
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
class=ldapsubentry))" attrs=ALL
[10/Nov/2015:14:12:16 -0500] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1
etime=0
[10/Nov/2015:14:12:16 -0500] conn=Internal op=-1 SRCH base="cn=Name
Only,cn=mapping,cn=sasl,cn=config" scope=0
filter="(|(objectclass=*)(objectclass=ld
Gronde, Christopher (Contractor) wrote:
> Is it possible to delete the mapping and try it and if it doesn't work or
> breaks something else add it back? How would I go about deleting this
> mapping? Or adding the mapping for principal name in the right order?
>
So what I'd do is this:
Do
<rcrit...@redhat.com>; Ludwig Krispenz <lkris...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 05:54 PM, Gronde, Christopher (Contractor) wrote:
# ldapsearch -x -D 'cn=Directory Manager' -W -b
cn=
12:03 PM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>;
Rob Crittenden <rcrit...@redhat.com>; Ludwig Krispenz
<lkris...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos
authentication error)
On 11/10/201
) <christopher.gro...@fincen.gov>;
Rob Crittenden <rcrit...@redhat.com>; Ludwig Krispenz
<lkris...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos
authentication error)
On 11/10/2015 05:54 PM, Gronde, Christopher (Contractor) wrote:
# ld
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Tuesday, November 10, 2015 12:26 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 10:25 AM, Ludwig Krispenz wrote:
>
> On 11/10/2015 06:08 PM,
: Martin Babinsky [mailto:mbabi...@redhat.com]
Sent: Tuesday, November 10, 2015 12:03 PM
To: Gronde, Christopher (Contractor)
<christopher.gro...@fincen.gov>; Rob Crittenden
<rcrit...@redhat.com>; Ludwig Krispenz <lkris...@redhat.com>;
freeipa-users@redhat.com
Subject: Re: [Free
; ongoing. This is normal for SASL GSSAPI.
>>
>> err=49 is wrong password or username, i.e. credentials were incorrect.
>> It may also mean that LDAP server side was unable to process Kerberos
>> negotiation due to not having a current Kerberos ticket for own
>> service
>&
: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, November 10, 2015 9:03 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 02:40 PM, Alexander Bokovoy
en.gov>
Cc: Rob Crittenden <rcrit...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On Tue, 10 Nov 2015, Gronde, Christopher (Contractor) wrote:
>Where can I verify or change the credentials it is trying to use? Is
m>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
Gronde, Christopher (Contractor) wrote:
Nothing bad came back and there is definitely data in the tree.
Ok, I guess I'd try to start the kdc again and then watch the
c: Rob Crittenden <rcrit...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On Tue, 10 Nov 2015, Gronde, Christopher (Contractor) wrote:
>When I tried to start the service again I got no response from ta
ristopher.gro...@fincen.gov>
Cc: Rob Crittenden <rcrit...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On Tue, 10 Nov 2015, Gronde, Christopher (Contractor) wrote:
When I tried to start the service again I got
er 09, 2015 3:26 PM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>; Alexander
Bokovoy <aboko...@redhat.com>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
Gronde, Christopher (Contractor) wrote:
>
t.com>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
Gronde, Christopher (Contractor) wrote:
> I restarted dirsrv and attempted to start krb5kdc and this is what the
> error log shows
>
> # tail /var/log/dirsrv/
On Mon, 09 Nov 2015, Gronde, Christopher (Contractor) wrote:
Hello all!
On my replica IPA server after fixing a cert issue that had been going on for
sometime, I have all my certs figured out but the krb5kdc service will not
start.
# service krb5kdc start
Starting Kerberos 5 KDC: krb5kdc:
; To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
> error)
>
> On Mon, 09 Nov 2015, Gronde, Christopher (Contractor) wrote:
>> Hello all!
(Contractor) <christopher.gro...@fincen.gov>; Alexander
Bokovoy <aboko...@redhat.com>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
Gronde, Christopher (Contractor) wrote:
> Nothing bad came back and there is definitely da
t; Alexander Bokovoy <aboko...@redhat.com>
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
> error)
>
> Gronde, Christopher (Contractor) wrote:
>> I restarted dirsrv and attempted to start krb5kdc and this is wha
37 matches
Mail list logo