<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 07/09/2014 08:36 PM,
<a class="moz-txt-link-abbreviated" href="mailto:barrykfl@gmail.com">barrykfl@gmail.com</a> wrote:<br>
</div>
<blockquote
cite="mid:CAELz9dvnxmhPkYmhyiobqUgtWPGeY7v=QFiwAs9tjHi-ZeWQEA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi :</div>
<div><br>
</div>
<div>What is the procedure for this minor update ?</div>
<div><br>
</div>
<div>just yum update ipa-server after stop the server?</div>
</div>
</blockquote>
<br>
If you just want to upgrade only the LDAP server, which is the
component that I for sure know is out of date, then yum update
389-ds-base.<br>
<br>
Or just "yum update" - in general I don't like running
"franken-systems" which have a mix of up-to-date and out of date
packages. Note that "IPA server" is composed of several packages.<br>
<br>
You do not need to stop the server. yum/rpm upgrade will restart as
needed. If you want to make sure, do ipactl restart after upgrade.<br>
<br>
<blockquote
cite="mid:CAELz9dvnxmhPkYmhyiobqUgtWPGeY7v=QFiwAs9tjHi-ZeWQEA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>and effect of the exsitn ldap?</div>
</div>
</blockquote>
<br>
Not sure what you mean. Upgrade should not touch any config or
data.<br>
<br>
<blockquote
cite="mid:CAELz9dvnxmhPkYmhyiobqUgtWPGeY7v=QFiwAs9tjHi-ZeWQEA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>As the server 2 is master of replica also , so need refo
ipa-replica install ?</div>
</div>
</blockquote>
<br>
No, you just need to perform the same upgrade procedure.<br>
<br>
<blockquote
cite="mid:CAELz9dvnxmhPkYmhyiobqUgtWPGeY7v=QFiwAs9tjHi-ZeWQEA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>barry<br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-09 22:20 GMT+08:00 Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 07/08/2014 09:02 PM, <a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Some error i found :</div>
<div><br>
</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://server1.abc.com:636"
target="_blank">server1.abc.com:636</a>
(/etc/dirsrv/slapd-abc-COM)</div>
<div><br>
</div>
<div>[29/Jun/2014:02:00:56 +0800] - 389-Directory/<a
moz-do-not-send="true" href="http://1.2.11.25"
target="_blank">1.2.11.25</a> B2013.325.1951
starting up</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_unwrap_key: failed to unwrap key for
cipher AES</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_cipher_init: symmetric key failed to
unwrap with the private key; Cert might have
been renewed since the key is wrapped. To
recover the encrypted contents, keep the wrapped
symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_unwrap_key: failed to unwrap key for
cipher 3DES</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_cipher_init: symmetric key failed to
unwrap with the private key; Cert might have
been renewed since the key is wrapped. To
recover the encrypted contents, keep the wrapped
symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt - All
prepared ciphers are not available. Please
disable attribute encryption.</div>
<div>[29/Jun/2014:02:00:56 +0800]
schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800]
schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800]
schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] - Skipping CoS
Definition cn=Password
Policy,cn=accounts,dc=abc,dc=com--no CoS
Templates found, which should be added before
the CoS Definition.</div>
<div>[29/Jun/2014:02:00:57 +0800] set_krb5_creds -
Could not get initial credentials for principal
[<a moz-do-not-send="true"
href="mailto:ldap/server1.abc.com@abc.COM"
target="_blank">ldap/server1.abc.com@abc.COM</a>]
in keytab [<a moz-do-not-send="true">FILE:/etc/dirsrv/ds.keytab</a>]:
-1765328228 (Cannot contact any KDC for
requested realm)</div>
<div>[29/Jun/2014:02:00:58 +0800] - Skipping CoS
Definition cn=Password
Policy,cn=accounts,dc=abc,dc=com--no CoS
Templates found, which should be added before
the CoS Definition.</div>
<div>[29/Jun/2014:02:00:58 +0800]
slapd_ldap_sasl_interactive_bind - Error: could
not perform interactive bind for id [] mech
[GSSAPI]: LDAP error -2 (Local error) (SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more
information (Credentials cache file
'/tmp/krb5cc_492' not found)) errno 0 (Success)</div>
<div>[29/Jun/2014:02:00:58 +0800] slapi_ldap_bind
- Error: could not perform interactive bind for
id [] mech [GSSAPI]: error -2 (Local error)</div>
<div>[29/Jun/2014:02:00:58 +0800]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://meToserver2.abc.com"
target="_blank">meToserver2.abc.com</a>"
(server2:389): Replication bind with GSSAPI auth
failed: LDAP error -2 (Local error) (SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more
information (Credentials cache file
'/tmp/krb5cc_492' not found))</div>
<div>[29/Jun/2014:02:00:58 +0800] - slapd started.
Listening on All Interfaces port 389 for LDAP
requests</div>
<div>[29/Jun/2014:02:00:58 +0800] - Listening on
All Interfaces port 636 for LDAPS requests</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>389-Directory/<a moz-do-not-send="true"
href="http://1.2.11.15" target="_blank">1.2.11.15</a>
B2013.240.174</div>
<div><a moz-do-not-send="true"
href="http://server2.abc.com:636"
target="_blank">server2.abc.com:636</a>
(/etc/dirsrv/slapd-abc-COM)</div>
<div><br>
</div>
<div>[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800]
slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:31 +0800]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://meToserver1.abc.com"
target="_blank">meToserver1.abc.com</a>"
(server1:389): Replication bind with GSSAPI
auth failed: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))</div>
<div>[30/Jun/2014:12:51:34 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800]
slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may
provide more information (Ticket expired))
errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800]
slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:52 +0800]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://meToserver1.abc.com"
target="_blank">meToserver1.abc.com</a>"
(server1:389): Replication bind with GSSAPI
auth resumed</div>
</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
<br>
</div>
</div>
You are using an older version of 389. The version on
server2 is older than the version on server1. Can you
upgrade and see if that fixes your problems? Even if it
doesn't fix your problems, it will be much easier for us
to support.
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">2014-07-09 10:55
GMT+08:00 <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com"
target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div dir="ltr">
<div>FYI..</div>
<div>160: [04/Jul/2014:12:35:30 +0800]
conn=936207 fd=73 slot=73 connection from
192.168.156.89 to 192.168.156.89</div>
<div>163: [04/Jul/2014:12:35:30 +0800]
conn=936207 op=-1 fd=73 closed - B1</div>
<div><br>
</div>
<div>There is not abt binding but i unsure
how to fix ..</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-09 2:01
GMT+08:00 Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>:
<div>
<div><br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div bgcolor="#FFFFFF"
text="#000000">
<div>
<div>On 07/08/2014 02:16 AM, <a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com"
target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Resent as size
limit.
<div><br>
<div><br>
</div>
<div>
<div
style="font-family:arial,sans-serif;font-size:14px">Here
u are server1 's
access log seem one
side broken<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">the
problem is how to make
it replicate again.</div>
<div
style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
At server 1</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>it is ok master
server1 master
server2 <br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
Another side server 2
contains 2 ip
replication.</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>ipa-replica-manage
list shown Can't
contact LDAP server<br>
</div>
<div><br>
</div>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">I
dont know why but the
prolematic server is
sever 2 not server 1</div>
<div
style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
log of server2</div>
<div
style="font-family:arial,sans-serif;font-size:14px">[08/Jul/2014:16:02:40
+0800] conn=3299731
fd=69 slot=69
connection from
192.168.15.89
(server1) to
192.168.15.88(server2)<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div>[08/Jul/2014:16:02:40
+0800] conn=3299731
op=-1 fd=69 closed -
B1</div>
<div>[08/Jul/2014:16:02:40
+0800] conn=3299732
fd=69 slot=69
connection from
192.168.15.89 to
192.168.15.88</div>
<div>[08/Jul/2014:16:02:40
+0800] conn=3299732
op=-1 fd=69 closed -
B1</div>
<div>[08/Jul/2014:16:02:41
+0800] conn=3299733
fd=69 slot=69
connection from
192.168.15.89 to
192.168.15.88</div>
<div>[08/Jul/2014:16:02:41
+0800] conn=3299733
op=-1 fd=69 closed -
B1</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
You never answered my question
below. "Are you sure that this
connection is a replication
session? Can you post all of the
operations from the access log
from conn=936207?"<br>
<br>
In the future, please avoid
spamming the list with large log
files. In general, it's better to
provide excerpts from the log
files showing the problem, paste
them to <a moz-do-not-send="true"
href="http://fpaste.org"
target="_blank">fpaste.org</a>,
and post the link to the mailing
list. If for some reason you need
to post a large file, please use a
file sharing service and post the
link to the file.<br>
<br>
Can you take a look at your errors
log from server 1 and server 2 and
see if there are any relevant
errors?<br>
<br>
If I had to guess, I would say
that there is some sort of network
error between server 1 and server
2 that causes the excessive closed
- B1. Perhaps there will be more
information in the errors log.
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-07
22:21 GMT+08:00 Rich
Megginson <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>:<br>
<blockquote
class="gmail_quote"
style="margin:0px 0px
0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div bgcolor="#FFFFFF"
text="#000000">
<div>
<div>On 07/04/2014
03:28 AM, <a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote
type="cite">
<div dir="ltr">FOUND
something
strange that
server 1
replicate to
itself rather
than server2
<div><br>
</div>
<div>
<div>Server1
access log
> Wrong</div>
<div>[04/Jul/2014:12:35:30
+0800]
conn=936207
fd=73 slot=73
connection
from
192.168.15.89(
server1 ) to
192.168.15.89
(server1)</div>
</div>
</div>
</blockquote>
<br>
</div>
Are you sure that
this connection is a
replication
session? Can you
post all of the
operations from the
access log from
conn=936207?
<div>
<div><br>
<br>
<blockquote
type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div><br>
</div>
<div>Server 2
access log
> OK</div>
<div>[04/Jul/2014:12:35:30
+0800]
conn=936208
fd=74 slot=74
connection
from
192.168.15.89(server2)
to
192.168.15.88
(server2)</div>
</div>
</div>
<div
class="gmail_extra">
<br>
<br>
<div
class="gmail_quote">2014-07-04
9:25 GMT+08:00
<span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote
class="gmail_quote"
style="margin:0px
0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div dir="ltr">
<div>Just sure
now one side
flow is
broken, if u
update server1
, it 100% work
server2 will
upgrade.<br>
</div>
<div>but if u
update server2
there is
chance non-syn
e.g it create
username in
server1 with
posfix grp
>ok</div>
<div>but in
server2 it
only created
posfix grp but
no username
/attribute it
occur serveral
times. I have
to use command
line grp del
...etc. to
force del them
and recreate
them.,.</div>
<div><br>
</div>
<div>Result
below:</div>
<div><br>
</div>
<div><a
moz-do-not-send="true"
href="http://server2.abc.com" target="_blank">server2.abc.com</a>:
replica</div>
<div> last
init status:
None</div>
<div> last
init ended:
None</div>
<div> last
update status:
0 Replica
acquired
successfully:
Incremental
update
succeeded</div>
<div> last
update ended:
2014-07-04
00:33:18+00:00</div>
<div><br>
</div>
<div>Directory
Manager
password:</div>
<div><br>
</div>
<div><a
moz-do-not-send="true"
href="http://server1.abc.com" target="_blank">server1.abc.com</a>:
replica</div>
<div> last
init status: 0
Total update
succeeded</div>
<div> last
init ended:
2014-06-20
10:07:02+00:00</div>
<div> last
update status:
0 Replica
acquired
successfully:
Incremental
update
succeeded</div>
<div> last
update ended:
2014-07-04
01:14:19+00:00</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>[root@(LIVE)server2
~]$ ipactl
status</div>
<div>Directory
Service:
RUNNING</div>
<div>KDC
Service:
RUNNING</div>
<div>KPASSWD
Service:
RUNNING</div>
<div>MEMCACHE
Service:
RUNNING</div>
<div> HTTP
Service:
RUNNING</div>
</div>
<div
class="gmail_extra"><br>
<br>
<div
class="gmail_quote">2014-07-04
1:34 GMT+08:00
Rob Crittenden
<span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span>:
<div>
<div><br>
<blockquote
class="gmail_quote"
style="margin:0px
0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div><a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
> Yes they
are running.
Server 1 can
syn to server2
but error at
server 2<br>
> like
this.<br>
<br>
</div>
How do you
know server 1
is syncing
with server 2?<br>
<br>
On server 1
I'd run:<br>
<br>
ipa-replica-manage
list -v
`hostname`<br>
<br>
This will show
the
replication
status.<br>
<br>
And what does
ipactl status
show on server
2?<br>
<br>
rob<br>
<div><br>
><br>
> 2014/7/3
下午10:14 於 "Rob
Crittenden"
<<a
moz-do-not-send="true"
href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
</div>
>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>
寫道:<br>
<div>><br>
>
Please keep
relies on the
list.<br>
><br>
</div>
<div>>
<a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
wrote:<br>
> >
I saw the
error beloe
and errpr log
is it related
?<br>
> ><br>
> >
29/Jun/2014:02:00:58
+0800]
slapd_ldap_sasl_interactive_bind
- Error:<br>
> >
could not
perform
interactive
bind for id []
mech [GSSAPI]:
LDAP error<br>
> >
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI Error:
Unspecified<br>
> >
GSS failure.
Minor code
may provide
more
information
(Credentials<br>
> cache<br>
> >
file
'/tmp/krb5cc_492'
not found))
errno 0
(Success)<br>
> >
[29/Jun/2014:02:00:58
+0800]
slapi_ldap_bind
- Error: could
not<br>
>
perform<br>
> >
interactive
bind for id []
mech [GSSAPI]:
error -2
(Local error)<br>
><br>
> I
believe this
is fairly
normal on a
new startup.
It has to
start<br>
>
somewhere. The
expired ticket
errors below
are unexpected
since there<br>
> are
so many of
them. Is your
KDC running?<br>
><br>
>
ipactl status<br>
><br>
> rob<br>
><br>
> ><br>
> ><br>
> >
2014-07-02
14:15
GMT+08:00 <<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
</div>
>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
<div>
<div>>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
> ><br>
> ><br>
> >
this is
the error log
i found at <a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">2.abc.com</a>
<<a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> ><br>
> >
[30/Jun/2014:12:51:31
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> >
[30/Jun/2014:12:51:31
+0800]
NSMMReplicationPlugin
-<br>
> >
agmt="cn=<a
moz-do-not-send="true" href="http://meTo1.abc.com" target="_blank">meTo1.abc.com</a>
<<a
moz-do-not-send="true"
href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>>"
(central:389):<br>
> >
Replication
bind with
GSSAPI auth
failed: LDAP
error -2
(Local<br>
> >
error)
(SASL(-1):
generic
failure:
GSSAPI Error:
Unspecified
GSS<br>
> >
failure.
Minor code
may provide
more
information
(Ticket<br>
>
expired))<br>
> >
[30/Jun/2014:12:51:34
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> ><br>
> ><br>
> >
2014-07-02
12:32
GMT+08:00 <<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>><br>
</div>
</div>
> >
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
<div>>
><br>
> >
yes on
node 1 it is
happening only
node2 fail
connect<br>
> ><br>
> >
ipa-replica-manage
list <a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">2.abc.com</a> <<a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> >
Directory
Manager
password:<br>
> ><br>
</div>
> >
<a
moz-do-not-send="true"
href="http://1.abc.com" target="_blank">1.abc.com</a> <<a
moz-do-not-send="true"
href="http://1.abc.com" target="_blank">http://1.abc.com</a>> <<a
moz-do-not-send="true" href="http://1.abc.com" target="_blank">http://1.abc.com</a>>:
replica<br>
<div>>
><br>
> ><br>
> ><br>
> >
2014-06-30
20:59
GMT+08:00 Rob
Crittenden<br>
> <<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
</div>
> >
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>>:<br>
<div>
<div>>
><br>
> >
Barry wrote:<br>
> >
> Hi:<br>
> >
><br>
> >
> Server 1
and Sever 2 is
cluster master
master<br>
>
orginally ,<br>
> >
but server 2<br>
> >
> fail to
connect
server1 ,.<br>
> >
><br>
> >
>
ipa-replica-manage
list shown
Can't contact
LDAP server<br>
> >
><br>
> >
> But as
server1 it is
ok master
server1 master
server2 ,<br>
> >
><br>
> >
> It seem
affect if
update on
server 1 then
it syn to<br>
> >
server2 no
problem<br>
> >
> but
sometimes if
modfy in
server2 if
fail to update<br>
>
server1.<br>
> >
><br>
> >
> Any idea
to rebuild
mutual
relationship.?<br>
> ><br>
> >
The first step
is to diagnose
what is wrong.
I've already<br>
> >
suggested a<br>
> >
few things,<br>
> ><br>
> <a
moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html"
target="_blank">https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html</a><br>
> ><br>
> >
rob<br>
> ><br>
> >
--<br>
> >
Manage your
subscription
for the
Freeipa-users
mailing<br>
> list:<br>
> >
<a
moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
> >
Go
To <a
moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a> for
more info on
the project<br>
> ><br>
> ><br>
> ><br>
> ><br>
><br>
<br>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>