<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/07/2015 02:22 AM, Bryan Pearson
wrote:<br>
</div>
<blockquote
cite="mid:CA+Kcopu9pF0_xqh3-JLUjitzrVJSTJY2Ow_GJ3Be+jYPAsGkgA@mail.gmail.com"
type="cite">
<div dir="ltr">Okay, sorry for the messages. The original issue
has been resolved, one of the servers time was off.
<div><br>
</div>
<div>I am now having a problem similar to this: <a
moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?id=953653">https://bugzilla.redhat.com/show_bug.cgi?id=953653</a>.
My logs indicate all the same issues.</div>
<div>With IPA 3.0.0 and Centos 6.6 is this still a viable
solution to the problem?</div>
</div>
</blockquote>
Please start a new thread for a different question.<br>
It seems that we were not able to reproduce it so it might be that
the issue still there.<br>
One of the problems can be the mismatch of the buffer sizes. See the
bug.<br>
<br>
<blockquote
cite="mid:CA+Kcopu9pF0_xqh3-JLUjitzrVJSTJY2Ow_GJ3Be+jYPAsGkgA@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">Bryan</div>
</div>
<br>
<div class="gmail_quote">On Sat, Feb 7, 2015 at 12:17 AM, Bryan
Pearson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bwp.pearson@gmail.com" target="_blank">bwp.pearson@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I did a bit more digging into the issue, and
realized that the ruv-id of ipa2 is different on only one
of the servers of the 3. I am imaging I will need to run
clean-ruv on inconsistent node.</div>
<div class="gmail_extra"><span class="HOEnZb"><font
color="#888888"><br clear="all">
<div>
<div>Bryan</div>
</div>
</font></span>
<div>
<div class="h5">
<br>
<div class="gmail_quote">On Fri, Feb 6, 2015 at 10:11
PM, Bryan Pearson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bwp.pearson@gmail.com"
target="_blank">bwp.pearson@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hello,
<div><br>
</div>
<div>My IPA servers are currently saying:</div>
<div><br>
</div>
<div>"Failed to get data from 'hostname.lan':
Invalid credentials SASL(-13): authentication
failure: GSSAPI Failure:
gss_accept_sec_context"</div>
<div><br>
</div>
<div>
<div>tail -f
/var/log/dirsrv/slapd-HOSTNAME-LAN/errors</div>
<div><br>
</div>
<div>[06/Feb/2015:21:42:41 -0500]
slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id []
mech [GSSAPI]: LDAP error 49 (Invalid
credentials) (SASL(-13): authentication
failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</div>
<div>[06/Feb/2015:21:42:41 -0500]
slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]:
error 49 (Invalid credentials)</div>
<div><br>
</div>
</div>
<div>We have 3 master replicas in operation.
ipa2, ipa3, ipa4 and ipa1 we are
decommissioning. After losing the CA on 2
nodes, we promoted ipa3 to master, and created
a replica file, scped it to ipa4, installed
it, and on ipa4 created ipa2. Because of
design, 3 and 2 cant communicate with each
other.</div>
<div><br>
</div>
<div>I just stopped dirsrv and pki-ca on ipa1,
so its possible it is creating issues. </div>
<div><br>
</div>
<div>I cant determine where the credentials or
how to get them changed as all the nodes are
now having similar issues replicating.</div>
<span><font color="#888888">
<div><br>
</div>
<div>
<div>
<div>Bryan</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>