<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 07/08/2014 09:02 PM,
<a class="moz-txt-link-abbreviated" href="mailto:barrykfl@gmail.com">barrykfl@gmail.com</a> wrote:<br>
</div>
<blockquote
cite="mid:CAELz9dvm_tS2P1eXSHyTLJTusEDP_PYmhutaWHW0421jJUvAPg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Some error i found :</div>
<div><br>
</div>
<div><br>
</div>
<div><a moz-do-not-send="true" href="http://server1.abc.com:636">server1.abc.com:636</a>
(/etc/dirsrv/slapd-abc-COM)</div>
<div><br>
</div>
<div>[29/Jun/2014:02:00:56 +0800] - 389-Directory/<a
moz-do-not-send="true" href="http://1.2.11.25">1.2.11.25</a>
B2013.325.1951 starting up</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_unwrap_key: failed to unwrap key for cipher AES</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_cipher_init: symmetric key failed to unwrap with the
private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped
symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt -
attrcrypt_cipher_init: symmetric key failed to unwrap with the
private key; Cert might have been renewed since the key is
wrapped. To recover the encrypted contents, keep the wrapped
symmetric key value.</div>
<div>[29/Jun/2014:02:00:56 +0800] attrcrypt - All prepared
ciphers are not available. Please disable attribute
encryption.</div>
<div>[29/Jun/2014:02:00:56 +0800] schema-compat-plugin -
warning: no entries set up under cn=computers,
cn=compat,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] schema-compat-plugin -
warning: no entries set up under cn=ng,
cn=compat,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] schema-compat-plugin -
warning: no entries set up under ou=sudoers,dc=abc,dc=com</div>
<div>[29/Jun/2014:02:00:57 +0800] - Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=abc,dc=com--no CoS Templates
found, which should be added before the CoS Definition.</div>
<div>[29/Jun/2014:02:00:57 +0800] set_krb5_creds - Could not get
initial credentials for principal
[<a class="moz-txt-link-abbreviated" href="mailto:ldap/server1.abc.com@abc.COM">ldap/server1.abc.com@abc.COM</a>] in keytab
[<a class="moz-txt-link-freetext" href="FILE:/etc/dirsrv/ds.keytab">FILE:/etc/dirsrv/ds.keytab</a>]: -1765328228 (Cannot contact any
KDC for requested realm)</div>
<div>[29/Jun/2014:02:00:58 +0800] - Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=abc,dc=com--no CoS Templates
found, which should be added before the CoS Definition.</div>
<div>[29/Jun/2014:02:00:58 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information
(Credentials cache file '/tmp/krb5cc_492' not found)) errno 0
(Success)</div>
<div>[29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could
not perform interactive bind for id [] mech [GSSAPI]: error -2
(Local error)</div>
<div>[29/Jun/2014:02:00:58 +0800] NSMMReplicationPlugin -
agmt="cn=<a moz-do-not-send="true"
href="http://meToserver2.abc.com">meToserver2.abc.com</a>"
(server2:389): Replication bind with GSSAPI auth failed: LDAP
error -2 (Local error) (SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more
information (Credentials cache file '/tmp/krb5cc_492' not
found))</div>
<div>[29/Jun/2014:02:00:58 +0800] - slapd started. Listening on
All Interfaces port 389 for LDAP requests</div>
<div>[29/Jun/2014:02:00:58 +0800] - Listening on All Interfaces
port 636 for LDAPS requests</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>389-Directory/<a moz-do-not-send="true"
href="http://1.2.11.15">1.2.11.15</a> B2013.240.174</div>
<div><a moz-do-not-send="true"
href="http://server2.abc.com:636">server2.abc.com:636</a>
(/etc/dirsrv/slapd-abc-COM)</div>
<div><br>
</div>
<div>[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
agmt="cn=<a moz-do-not-send="true"
href="http://meToserver1.abc.com">meToserver1.abc.com</a>"
(server1:389): Replication bind with GSSAPI auth failed:
LDAP error -2 (Local error) (SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (Ticket expired))</div>
<div>[30/Jun/2014:12:51:34 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800]
slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Ticket expired)) errno 0 (Success)</div>
<div>[30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]:
error -2 (Local error)</div>
<div>[30/Jun/2014:12:51:52 +0800] NSMMReplicationPlugin -
agmt="cn=<a moz-do-not-send="true"
href="http://meToserver1.abc.com">meToserver1.abc.com</a>"
(server1:389): Replication bind with GSSAPI auth resumed</div>
</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
<br>
You are using an older version of 389. The version on server2 is
older than the version on server1. Can you upgrade and see if that
fixes your problems? Even if it doesn't fix your problems, it will
be much easier for us to support.<br>
<br>
<blockquote
cite="mid:CAELz9dvm_tS2P1eXSHyTLJTusEDP_PYmhutaWHW0421jJUvAPg@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">2014-07-09 10:55 GMT+08:00 <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>FYI..</div>
<div>160: [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73
slot=73 connection from 192.168.156.89 to 192.168.156.89</div>
<div>163: [04/Jul/2014:12:35:30 +0800] conn=936207 op=-1
fd=73 closed - B1</div>
<div><br>
</div>
<div>There is not abt binding but i unsure how to fix ..</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-09 2:01 GMT+08:00 Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>:
<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>On 07/08/2014 02:16 AM, <a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com"
target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Resent as size limit.
<div><br>
<div><br>
</div>
<div>
<div
style="font-family:arial,sans-serif;font-size:14px">Here
u are server1 's access log seem
one side broken<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">the
problem is how to make it replicate
again.</div>
<div
style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
At server 1</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>it is ok master server1 master
server2 <br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
Another side server 2 contains 2 ip
replication.</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
<div>ipa-replica-manage list shown
Can't contact LDAP server<br>
</div>
<div><br>
</div>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">I
dont know why but the prolematic
server is sever 2 not server 1</div>
<div
style="font-family:arial,sans-serif;font-size:14px"><br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
log of server2</div>
<div
style="font-family:arial,sans-serif;font-size:14px">[08/Jul/2014:16:02:40
+0800] conn=3299731 fd=69 slot=69
connection from 192.168.15.89
(server1) to 192.168.15.88(server2)<br>
</div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div>[08/Jul/2014:16:02:40 +0800]
conn=3299731 op=-1 fd=69 closed -
B1</div>
<div>[08/Jul/2014:16:02:40 +0800]
conn=3299732 fd=69 slot=69
connection from 192.168.15.89 to
192.168.15.88</div>
<div>[08/Jul/2014:16:02:40 +0800]
conn=3299732 op=-1 fd=69 closed -
B1</div>
<div>[08/Jul/2014:16:02:41 +0800]
conn=3299733 fd=69 slot=69
connection from 192.168.15.89 to
192.168.15.88</div>
<div>[08/Jul/2014:16:02:41 +0800]
conn=3299733 op=-1 fd=69 closed -
B1</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
You never answered my question below. "Are you
sure that this connection is a replication
session? Can you post all of the operations
from the access log from conn=936207?"<br>
<br>
In the future, please avoid spamming the list
with large log files. In general, it's better
to provide excerpts from the log files showing
the problem, paste them to <a
moz-do-not-send="true"
href="http://fpaste.org" target="_blank">fpaste.org</a>,
and post the link to the mailing list. If for
some reason you need to post a large file,
please use a file sharing service and post the
link to the file.<br>
<br>
Can you take a look at your errors log from
server 1 and server 2 and see if there are any
relevant errors?<br>
<br>
If I had to guess, I would say that there is
some sort of network error between server 1 and
server 2 that causes the excessive closed - B1.
Perhaps there will be more information in the
errors log.
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div
style="font-family:arial,sans-serif;font-size:14px">
<div><br>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014-07-07
22:21 GMT+08:00 Rich Megginson <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<div>
<div>On 07/04/2014 03:28 AM, <a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com"
target="_blank">barrykfl@gmail.com</a>
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">FOUND something
strange that server 1
replicate to itself rather
than server2
<div><br>
</div>
<div>
<div>Server1 access log
> Wrong</div>
<div>[04/Jul/2014:12:35:30
+0800] conn=936207 fd=73
slot=73 connection from
192.168.15.89( server1 )
to 192.168.15.89
(server1)</div>
</div>
</div>
</blockquote>
<br>
</div>
Are you sure that this connection
is a replication session? Can you
post all of the operations from
the access log from conn=936207?
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div><br>
</div>
<div>Server 2 access log
> OK</div>
<div>[04/Jul/2014:12:35:30
+0800] conn=936208
fd=74 slot=74
connection from
192.168.15.89(server2)
to 192.168.15.88
(server2)</div>
</div>
</div>
<div class="gmail_extra"> <br>
<br>
<div class="gmail_quote">2014-07-04
9:25 GMT+08:00 <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr">
<div>Just sure now
one side flow is
broken, if u
update server1 ,
it 100% work
server2 will
upgrade.<br>
</div>
<div>but if u update
server2 there is
chance non-syn e.g
it create username
in server1 with
posfix grp >ok</div>
<div>but in server2
it only created
posfix grp but no
username
/attribute it
occur serveral
times. I have to
use command line
grp del ...etc. to
force del them and
recreate them.,.</div>
<div><br>
</div>
<div>Result below:</div>
<div><br>
</div>
<div><a
moz-do-not-send="true"
href="http://server2.abc.com" target="_blank">server2.abc.com</a>:
replica</div>
<div> last init
status: None</div>
<div> last init
ended: None</div>
<div> last update
status: 0 Replica
acquired
successfully:
Incremental update
succeeded</div>
<div> last update
ended: 2014-07-04
00:33:18+00:00</div>
<div><br>
</div>
<div>Directory
Manager password:</div>
<div><br>
</div>
<div><a
moz-do-not-send="true"
href="http://server1.abc.com" target="_blank">server1.abc.com</a>:
replica</div>
<div> last init
status: 0 Total
update succeeded</div>
<div> last init
ended: 2014-06-20
10:07:02+00:00</div>
<div> last update
status: 0 Replica
acquired
successfully:
Incremental update
succeeded</div>
<div> last update
ended: 2014-07-04
01:14:19+00:00</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>[root@(LIVE)server2
~]$ ipactl status</div>
<div>Directory
Service: RUNNING</div>
<div>KDC Service:
RUNNING</div>
<div>KPASSWD
Service: RUNNING</div>
<div>MEMCACHE
Service: RUNNING</div>
<div> HTTP Service:
RUNNING</div>
</div>
<div
class="gmail_extra"><br>
<br>
<div
class="gmail_quote">2014-07-04
1:34 GMT+08:00 Rob
Crittenden <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span>:
<div>
<div><br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div><a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
> Yes they
are running.
Server 1 can
syn to server2
but error at
server 2<br>
> like
this.<br>
<br>
</div>
How do you
know server 1
is syncing
with server 2?<br>
<br>
On server 1
I'd run:<br>
<br>
ipa-replica-manage
list -v
`hostname`<br>
<br>
This will show
the
replication
status.<br>
<br>
And what does
ipactl status
show on server
2?<br>
<br>
rob<br>
<div><br>
><br>
> 2014/7/3
下午10:14 於 "Rob
Crittenden"
<<a
moz-do-not-send="true"
href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a><br>
</div>
>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>
寫道:<br>
<div>><br>
>
Please keep
relies on the
list.<br>
><br>
</div>
<div>>
<a
moz-do-not-send="true"
href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
wrote:<br>
> >
I saw the
error beloe
and errpr log
is it related
?<br>
> ><br>
> >
29/Jun/2014:02:00:58
+0800]
slapd_ldap_sasl_interactive_bind
- Error:<br>
> >
could not
perform
interactive
bind for id []
mech [GSSAPI]:
LDAP error<br>
> >
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI Error:
Unspecified<br>
> >
GSS failure.
Minor code
may provide
more
information
(Credentials<br>
> cache<br>
> >
file
'/tmp/krb5cc_492'
not found))
errno 0
(Success)<br>
> >
[29/Jun/2014:02:00:58
+0800]
slapi_ldap_bind
- Error: could
not<br>
>
perform<br>
> >
interactive
bind for id []
mech [GSSAPI]:
error -2
(Local error)<br>
><br>
> I
believe this
is fairly
normal on a
new startup.
It has to
start<br>
>
somewhere. The
expired ticket
errors below
are unexpected
since there<br>
> are
so many of
them. Is your
KDC running?<br>
><br>
>
ipactl status<br>
><br>
> rob<br>
><br>
> ><br>
> ><br>
> >
2014-07-02
14:15
GMT+08:00 <<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
</div>
>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
<div>
<div>>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
> ><br>
> ><br>
> >
this is
the error log
i found at <a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">2.abc.com</a>
<<a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> ><br>
> >
[30/Jun/2014:12:51:31
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:31
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> >
[30/Jun/2014:12:51:31
+0800]
NSMMReplicationPlugin
-<br>
> >
agmt="cn=<a
moz-do-not-send="true" href="http://meTo1.abc.com" target="_blank">meTo1.abc.com</a>
<<a
moz-do-not-send="true"
href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://meTo1.abc.com" target="_blank">http://meTo1.abc.com</a>>"
(central:389):<br>
> >
Replication
bind with
GSSAPI auth
failed: LDAP
error -2
(Local<br>
> >
error)
(SASL(-1):
generic
failure:
GSSAPI Error:
Unspecified
GSS<br>
> >
failure.
Minor code
may provide
more
information
(Ticket<br>
>
expired))<br>
> >
[30/Jun/2014:12:51:34
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:35
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapd_ldap_sasl_interactive_bind
-<br>
> >
Error:
could not
perform
interactive
bind for id []
mech [GSSAPI]:<br>
> >
LDAP error
-2 (Local
error)
(SASL(-1):
generic
failure:
GSSAPI<br>
> >
Error:
Unspecified
GSS failure.
Minor code
may provide
more<br>
> >
information
(Ticket
expired))
errno 0
(Success)<br>
> >
[30/Jun/2014:12:51:40
+0800]
slapi_ldap_bind
- Error: could
not<br>
> >
perform
interactive
bind for id []
mech [GSSAPI]:
error -2<br>
>
(Local error)<br>
> ><br>
> ><br>
> >
2014-07-02
12:32
GMT+08:00 <<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a><br>
>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>><br>
</div>
</div>
> >
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>>:<br>
<div>>
><br>
> >
yes on
node 1 it is
happening only
node2 fail
connect<br>
> ><br>
> >
ipa-replica-manage
list <a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">2.abc.com</a> <<a
moz-do-not-send="true"
href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> <<a
moz-do-not-send="true" href="http://2.abc.com" target="_blank">http://2.abc.com</a>><br>
> >
Directory
Manager
password:<br>
> ><br>
</div>
> >
<a
moz-do-not-send="true"
href="http://1.abc.com" target="_blank">1.abc.com</a> <<a
moz-do-not-send="true"
href="http://1.abc.com" target="_blank">http://1.abc.com</a>> <<a
moz-do-not-send="true" href="http://1.abc.com" target="_blank">http://1.abc.com</a>>:
replica<br>
<div>>
><br>
> ><br>
> ><br>
> >
2014-06-30
20:59
GMT+08:00 Rob
Crittenden<br>
> <<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>><br>
</div>
> >
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>
<mailto:<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>>:<br>
<div>
<div>>
><br>
> >
Barry wrote:<br>
> >
> Hi:<br>
> >
><br>
> >
> Server 1
and Sever 2 is
cluster master
master<br>
>
orginally ,<br>
> >
but server 2<br>
> >
> fail to
connect
server1 ,.<br>
> >
><br>
> >
>
ipa-replica-manage
list shown
Can't contact
LDAP server<br>
> >
><br>
> >
> But as
server1 it is
ok master
server1 master
server2 ,<br>
> >
><br>
> >
> It seem
affect if
update on
server 1 then
it syn to<br>
> >
server2 no
problem<br>
> >
> but
sometimes if
modfy in
server2 if
fail to update<br>
>
server1.<br>
> >
><br>
> >
> Any idea
to rebuild
mutual
relationship.?<br>
> ><br>
> >
The first step
is to diagnose
what is wrong.
I've already<br>
> >
suggested a<br>
> >
few things,<br>
> ><br>
> <a
moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html"
target="_blank">https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html</a><br>
> ><br>
> >
rob<br>
> ><br>
> >
--<br>
> >
Manage your
subscription
for the
Freeipa-users
mailing<br>
> list:<br>
> >
<a
moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
> >
Go
To <a
moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a> for
more info on
the project<br>
> ><br>
> ><br>
> ><br>
> ><br>
><br>
<br>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>