[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: HA openldap-kerberos problem
--On Tuesday, March 15, 2005 11:23 AM -0500 dijuremo@math.gatech.edu wrote:
Hi,
I have a master ldap server: gandalf.ibb.gatech.edu
I have an alias ldap.ibb.gatech.edu that points to gandalf.ibb.gatech.edu
I have two servers configured with drbd and heartbeat that use a virtual
ip address to host services:
ibbstaff.ibb.gatech.edu (10.0.0.15 virtual IP)
alias for nfs.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
alias for samba.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
alias for ldap2.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
arwen.ibb.gatech.edu (10.0.0.16) (Primary server)
aragorn.ibb.gatech.edu (10.0.0.17) (Secondary server)
I have created ketyab files on both arwen and aragorn under:
/etc/openldap/keytabs/ldap.keytab that includes the principals:
For arwen:
ldap/arwen.ibb.gatech.edu
ldap/ibbstaff.ibb.gatech.edu
For aragorn:
ldap/arwen.ibb.gatech.edu
ldap/ibbstaff.ibb.gatech.edu
Aragorn should have:
ldap/aragorn.ibb.gatech.edu
You do not need the ldap/ibbstaff* keytabs.
I use a pool of 9 replicas and one master. 6 of the replica's are in an
"ldap.stanford.edu" pool.
tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_X18704
Default principal: quanah@stanford.edu
Valid starting Expires Service principal
03/15/05 11:12:58 03/16/05 12:12:58 krbtgt/stanford.edu@stanford.edu
tribes:~> lsearch uid=quanah uid
dn: uid=quanah,cn=Accounts,dc=Stanford,dc=edu
uid: quanah
dn: suRegID=85e49978f61311d2ae662436000baa77,cn=People,dc=Stanford,dc=edu
uid: quanah
tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_X18704
Default principal: quanah@stanford.edu
Valid starting Expires Service principal
03/15/05 11:12:58 03/16/05 12:12:58 krbtgt/stanford.edu@stanford.edu
03/15/05 11:13:15 03/16/05 12:12:58 ldap/ldap6.stanford.edu@stanford.edu
ldap6:/afs/ir/users/q/u/quanah# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
4 host/ldap6.stanford.edu@stanford.edu
5 ldap/ldap6.stanford.edu@stanford.edu
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html