[Freeipa-users] IPA Query Tuning and a Recovery Question
Rob Crittenden
rcritten at redhat.com
Mon Sep 16 14:21:05 UTC 2013
Rich Megginson wrote:
> On 09/16/2013 03:21 AM, Charlie Derwent wrote:
>> Hi
>> Update on the errors
>> kinit charlesd
>> kinit: Generic error (see e-text) while getting initial credentials
>> krb5kdc.log - LOOKING_UP_CLIENT: charlesd at EXAMPLE.COM
>> <mailto:charlesd at EXAMPLE.COM> for krbtg/EXAMPLE.COM at EXAMPLE.COM
>> <mailto:EXAMPLE.COM at EXAMPLE.COM>, Server Error
>> Starting the IPA service (dirsrv in particular) gives
>> Failed to read data from Directory Service: Failed to get list of
>> services to probe status!
>> Configured hostname 'ipa3.example.com <http://ipa3.example.com>'
>> doesn't match any master server in LDAP:
>> No master found because of error: {'matched': dc=example,dc=com',
>> 'desc': 'No such object'}
>> Shutting down
>> The errors log has a load of different services schema-compat-plugin.
>> dna-plugin, ipalockout_preop/postop all complaining in one way or
>> another about being unable to retrieve entries or no entries being set up.
>
> I think you'll have to use the workaround where you change replication
> to use simple bind in order to initialize the consumer, then switch back
> to sasl/gssapi.
>
> Simo/Rob - which ticket was this? Does freeipa.org have the workaround?
http://freeipa.org/page/TroubleshootingGuide#Replica_Re-Initialization
rob
More information about the Freeipa-users
mailing list