[Freeipa-users] about rplication FreeIPA
Jenny Galipeau
jgalipea at redhat.com
Thu Oct 1 18:14:35 UTC 2009
Виктор Сергеевич wrote:
> Hello!
>
> I try to create replication server
>
> On a primary-server it is established fedora10, on secondary a server
> fedora 11. I use function multimaster replication and process with pgp
> file on secondary server with help ipa-replica-install passes normally
> (on secondary a server all services start, but in a webinterface
> permission denided, but the given situation is specified in MAN freeIPA
> - only console management of a remark), however by search of the user on
> secondary I receive the message:
>
> ipa-finduser admin
> "Did not receive Kerberos credentials"
>
> It seems is not present krb-authorisation? I try to be authorised:
>
> kinit admin
> ... cannot contact any KDC for realm 'REALM_NAME'
>
> That is it is impossible to find KDC?
>
Hi .. Just to clarify - the first server - primary is all okay, right?
Then let's start by ruling out the easy stuff. Make sure DNS is
configured properly and the machines are forward and reverse resolvable.
And could you post the entire contents of both server's /etc/krb5.conf
files.
Thanks
Jenny
> Distinctions between files krb5.conf on primary and secondary servers:
>
> In krb5.conf on the secondary server:
>
> [realm]
> kdc=secondary.domain.zone
> admin_server=secondary.domain.zone
> default_domain=kbtm-spb.ru
>
> [dbmodules]
> ...
> ldap_servers=ldap://127.0.0.1/
>
>
>
> In krb5.conf on the primary server:
>
> [realm]
> kdc=primary.domain.zone
> admin_server=primary.domain.zone
> default_domain=kbtm-spb.ru
>
> [dbmodules]
> ...
> ldap_servers=ldap://192.168.0.1/
>
>
> If i change parametrs of the pach [realm] secondary>primary? then i can
> use kinit, but ... it's do bad idea.
>
>
> What I have to do?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
--
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
More information about the Freeipa-users
mailing list