[Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.
Simo Sorce
simo at redhat.com
Tue May 8 13:08:05 UTC 2012
On Mon, 2012-05-07 at 20:38 -0700, David Copperfield wrote:
> I have a IPA replica server with disk problems, and then it is
> reimaged and rebuild. But when the IPA replica function is rebuilt, it
> reports the following problem:
>
>
> [root at ipareplica02 ipa]# ipa-replica-install
> --no-ntp /var/lib/ipa/replica-info-ipareplica02.example.com.gpg
>
> ...
> [21/29]: setting up initial replication
> Starting replication, please wait until this has completed.
> [ipamaster.example.com] reports: Update failed! Status: [49 - LDAP
> error: Invalid credentials]
> ...
>
>
> Before I run the replica rebuilding step on IPA replica, I already run
> 'ipa-replica-manage disconn ipareplica01.example.com' on IPA master,
> and delete the host entry for ipareplica02 as well.
>
>
> Did I missed any steps above? Please help. Thanks.
Due to the way kerberos ticket are built you need to restart the master
this replica was replicating to before you rebuild a replica with the
exact same name.
This is because krb tickets are cached but you will change the long term
key with a full reinstall, so the current master will have a ticket the
replica cannot decrypt.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list