Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
The ldap/serverB keytab was renewed with the ipa-getkeytab command, but not put into place. Since the existing keytab in /etc/dirsrv/ds.keytab was no longer valid, replication stopped. I've since exported it a couple more times from each of the servers in an attempt to get it working again, but non

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Rob Crittenden
Terry Soucy wrote: I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy. A lot more details are required. Did you change or renew the keytab? Did it suddenly stop working, and when? Logs? /var/log/dirsrv/slapd-REALM/error an

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Steven Jones
[tso...@salesforce.com] Sent: Thursday, 21 November 2013 8:37 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] out of sync replicas I am currently having the following issue. Running Redhat IPA on RHEL6.3 (ipa-server-3.0.0.25) in a basic two server multimaster setup. Servers A is running

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Rich Megginson
On 11/20/2013 01:06 PM, Terry Soucy wrote: I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy. I don't know. Perhaps someone with ipa kerberos expertise can help. Terry On Wed, Nov 20, 2013 at 4:05 PM, Terry Soucy

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
The service principal ldap/serverB was exported but not put into place at /etc/dirsrv/ds.keytab. Replication started failing, dns couldn't connect, the work generally started coming to an end. I've re-exported the service principal to a keytab file. If I export from serverA using the ipa-getkeytab

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy. Terry On Wed, Nov 20, 2013 at 4:05 PM, Terry Soucy wrote: > The service principal ldap/serverB was exported but not put into place at > /etc/dirsrv/ds.keytab. Replication s

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Rich Megginson
On 11/20/2013 12:37 PM, Terry Soucy wrote: I am currently having the following issue. Running Redhat IPA on RHEL6.3 (ipa-server-3.0.0.25) in a basic two server multimaster setup. Servers A is running fine, but Server B is out of sync. More specifically, the ldap service principal is out of s

[Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
I am currently having the following issue. Running Redhat IPA on RHEL6.3 (ipa-server-3.0.0.25) in a basic two server multimaster setup. Servers A is running fine, but Server B is out of sync. More specifically, the ldap service principal is out of sync between the two servers, which is leading to