[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: HA openldap-kerberos problem





--On Tuesday, March 15, 2005 11:23 AM -0500 dijuremo@math.gatech.edu wrote:

Hi,

I have a master ldap server:  gandalf.ibb.gatech.edu
I have an alias ldap.ibb.gatech.edu that points to gandalf.ibb.gatech.edu

I have two servers configured with drbd and heartbeat that use a virtual
ip address to host services:
ibbstaff.ibb.gatech.edu  (10.0.0.15 virtual IP)
alias for nfs.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
alias for samba.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
alias for ldap2.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
arwen.ibb.gatech.edu     (10.0.0.16) (Primary server)
aragorn.ibb.gatech.edu  (10.0.0.17) (Secondary server)

I have created ketyab files on both arwen and aragorn under:
/etc/openldap/keytabs/ldap.keytab that includes the principals:
For arwen:
ldap/arwen.ibb.gatech.edu
ldap/ibbstaff.ibb.gatech.edu
For aragorn:
ldap/arwen.ibb.gatech.edu
ldap/ibbstaff.ibb.gatech.edu


Aragorn should have:

ldap/aragorn.ibb.gatech.edu

You do not need the ldap/ibbstaff* keytabs.

I use a pool of 9 replicas and one master. 6 of the replica's are in an "ldap.stanford.edu" pool.

tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_X18704
Default principal: quanah@stanford.edu

Valid starting     Expires            Service principal
03/15/05 11:12:58  03/16/05 12:12:58  krbtgt/stanford.edu@stanford.edu

tribes:~> lsearch uid=quanah uid
dn: uid=quanah,cn=Accounts,dc=Stanford,dc=edu
uid: quanah

dn: suRegID=85e49978f61311d2ae662436000baa77,cn=People,dc=Stanford,dc=edu
uid: quanah

tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_X18704
Default principal: quanah@stanford.edu

Valid starting     Expires            Service principal
03/15/05 11:12:58  03/16/05 12:12:58  krbtgt/stanford.edu@stanford.edu
03/15/05 11:13:15  03/16/05 12:12:58  ldap/ldap6.stanford.edu@stanford.edu


ldap6:/afs/ir/users/q/u/quanah# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
4 host/ldap6.stanford.edu@stanford.edu
5 ldap/ldap6.stanford.edu@stanford.edu


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html