Oh yes, you are right.
Makes sense to me as dirsrv is trying to get a
kerberos ticket for replication but Kerberos can't read it's database
from dirsrv yet, as dirsrv is still starting. I've read that in the rhel
documentation. Feeling kind of dump but I guess I have never looked that
critical
I was able to remove the replication, but when I try to readd ipa02 in
replication agreement i get errors in
/var/log/dirsrv/slapd-INTERNAL/errors on ipa02:
[11/Oct/2015:17:17:48 +0200] - 389-Directory/1.3.1.6 B2014.219.1825
starting up
[11/Oct/2015:17:17:48 +0200] - WARNING: userRoot: entry
On 10/14/2015 04:55 AM, Dominik Korittki wrote:
[11/Oct/2015:17:17:53 +0200] NSMMReplicationPlugin -
agmt="cn=meToipa01.internal" (ipa01:389): Replication bind with GSSAPI
auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure. Minor code
Hello folks,
i have two FreeIPA 3.3 Machines running on CentOS7: ipa01.internal and
ipa02.internal. Both have a CA installed.
Initially ipa02 is a replication from ipa01. Recently ipa01 had some
trouble while ipa02 was running fine (see "FreeIPA 3.3 performance
issues with many hosts" on this
