[Freeipa-users] Replication woes

Bret Wortman bret.wortman at damascusgrp.com
Mon Aug 19 16:18:24 UTC 2013 

Digging further, I think this log entry might be the problem between the
two servers that aren't talking:

slapd_ldap_sasl_interactive_bind - Error: could not perform interactive
bind for id[] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (Server ldap/localhost at SPX.NET not found in Kerberos database))
errno 2 (No such file or directory)

Did I build something incorrectly when that server was set up originally?



*
*
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret


On Mon, Aug 19, 2013 at 12:02 PM, Bret Wortman <bret.wortman at damascusgrp.com
> wrote:

> I ran it on a good master, against a bad one. As in, I ran this command on
> my master IPA node:
>
> # ipa-replica-manage del --force bad1.foo.net --cleanup
>
> Was that wrong? I was trying to delete the bad replica from the master, so
> I figured the command needed to be run on the master. But again, my master
> is now in a state where it's not resolving DNS, user logins, or sudo at the
> very least.
>
> Oh, and I checked the node that it was complaining about earlier. The
> network connection to it is the pits, but it's there. And it resolves.
>
>
> *
> *
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
> On Mon, Aug 19, 2013 at 11:58 AM, Rob Crittenden <rcritten at redhat.com>wrote:
>
>> Rob Crittenden wrote:
>>
>>> Bret Wortman wrote:
>>>
>>>> Well, my master ground to a halt and wasn't responding. I rebooted the
>>>> system and now I can't access the web UI or ssh to the master either. I
>>>> have console access but that's it.
>>>>
>>>> The services all say they're running, but the web UI gives an "Unknown
>>>> Error" dialog and ssh fails with "ssh_exchange_identification:
>>>> Connection closed by remote host" whenever I try to ssh to ipamaster. I
>>>> think something has gone really wrong inside my master. Any ideas? Even
>>>> after the reboot, --cleanup isn't helping and just hangs.
>>>>
>>>> The logfiles end (as of the time I ^C'd the process) with:
>>>>
>>>> NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net
>>>> <http://meTogood3.spx.net>" (good3:389): Replication bind with GSSAPI
>>>> auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>>>> information (Cannot determine realm for numeric host address))
>>>> NSMMReplicationPlugin - CleanAllRUV Task: Replica not online
>>>> (agmt="cn=meTogood3.foo.net <http://meTogood3.foo.net>" (good3:389))
>>>> NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online,
>>>> retrying in 160 seconds...,
>>>>
>>>> So it looks like it's having trouble talking with one of my replicas and
>>>> is doggedly trying to get the job done. Any idea how to get the master
>>>> back working again while I troubleshoot this connectivity issue?
>>>>
>>>
>>> That suggests a DNS problem, and it might explain ssh as well depending
>>> on your configuration.
>>>
>>
>> To be clear, you ran --cleanup against one of the bad masters, not a good
>> one, right?
>>
>> rob
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130819/5e93d105/attachment.htm>

More information about the Freeipa-users mailing list