[Freeipa-users] Replication woes
Bret Wortman
bret.wortman at damascusgrp.com
Mon Aug 19 16:19:39 UTC 2013
...and I got the web UI, authentication and sudo back via:
# ipactl stop
# ipactl start
Not sure why that worked, but it did. I was grasping at straws, honestly.
*
*
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Mon, Aug 19, 2013 at 12:18 PM, Bret Wortman <bret.wortman at damascusgrp.com
> wrote:
> Digging further, I think this log entry might be the problem between the
> two servers that aren't talking:
>
> slapd_ldap_sasl_interactive_bind - Error: could not perform interactive
> bind for id[] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more
> information (Server ldap/localhost at SPX.NET not found in Kerberos
> database)) errno 2 (No such file or directory)
>
> Did I build something incorrectly when that server was set up originally?
>
>
>
> *
> *
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
> On Mon, Aug 19, 2013 at 12:02 PM, Bret Wortman <
> bret.wortman at damascusgrp.com> wrote:
>
>> I ran it on a good master, against a bad one. As in, I ran this command
>> on my master IPA node:
>>
>> # ipa-replica-manage del --force bad1.foo.net --cleanup
>>
>> Was that wrong? I was trying to delete the bad replica from the master,
>> so I figured the command needed to be run on the master. But again, my
>> master is now in a state where it's not resolving DNS, user logins, or sudo
>> at the very least.
>>
>> Oh, and I checked the node that it was complaining about earlier. The
>> network connection to it is the pits, but it's there. And it resolves.
>>
>>
>> *
>> *
>> *Bret Wortman*
>>
>> http://damascusgrp.com/
>> http://about.me/wortmanbret
>>
>>
>> On Mon, Aug 19, 2013 at 11:58 AM, Rob Crittenden <rcritten at redhat.com>wrote:
>>
>>> Rob Crittenden wrote:
>>>
>>>> Bret Wortman wrote:
>>>>
>>>>> Well, my master ground to a halt and wasn't responding. I rebooted the
>>>>> system and now I can't access the web UI or ssh to the master either. I
>>>>> have console access but that's it.
>>>>>
>>>>> The services all say they're running, but the web UI gives an "Unknown
>>>>> Error" dialog and ssh fails with "ssh_exchange_identification:
>>>>> Connection closed by remote host" whenever I try to ssh to ipamaster. I
>>>>> think something has gone really wrong inside my master. Any ideas? Even
>>>>> after the reboot, --cleanup isn't helping and just hangs.
>>>>>
>>>>> The logfiles end (as of the time I ^C'd the process) with:
>>>>>
>>>>> NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net
>>>>> <http://meTogood3.spx.net>" (good3:389): Replication bind with GSSAPI
>>>>> auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>>>>> information (Cannot determine realm for numeric host address))
>>>>> NSMMReplicationPlugin - CleanAllRUV Task: Replica not online
>>>>> (agmt="cn=meTogood3.foo.net <http://meTogood3.foo.net>" (good3:389))
>>>>> NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online,
>>>>> retrying in 160 seconds...,
>>>>>
>>>>> So it looks like it's having trouble talking with one of my replicas
>>>>> and
>>>>> is doggedly trying to get the job done. Any idea how to get the master
>>>>> back working again while I troubleshoot this connectivity issue?
>>>>>
>>>>
>>>> That suggests a DNS problem, and it might explain ssh as well depending
>>>> on your configuration.
>>>>
>>>
>>> To be clear, you ran --cleanup against one of the bad masters, not a
>>> good one, right?
>>>
>>> rob
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130819/0fd90210/attachment.htm>
More information about the Freeipa-users
mailing list