FreeIPA Replication and the Invalid Credentials

I had replication go down between two freeIPA hosts with the following message in the logs.

Error (49) Problem connecting to replica - LDAP error: Invalid credentials (connection error)

If you are used to a world of passwords and keys, then the assumption is something is wrong with “the password.”

Since this is Kerberos authentication, time matters.  If the clocks between the two hosts aren’t very closely synced, then replication fails.

The short answer is:

stop service ntpd.

ntpdate pool.us.ntpd.org

start service ntpd.

The long answer is:

Your NTPD configuration isn’t working.  It seems like the freeIPA installer does not check for a good ntpd setup.   I’ll have another post on a functional /etc/ntp.conf soon as I get the config details confirmed.