[Freeipa-users] ipa-replica-manage list fail on server 2

Rob Crittenden rcritten at redhat.com
Thu Jul 3 14:14:36 UTC 2014 

Please keep relies on the list.

barrykfl at gmail.com wrote:
> I saw the error beloe and errpr log is it related ?
> 
> 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure.  Minor code may provide more information (Credentials cache
> file '/tmp/krb5cc_492' not found)) errno 0 (Success)
> [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)

I believe this is fairly normal on a new startup. It has to start
somewhere. The expired ticket errors below are unexpected since there
are so many of them. Is your KDC running?

ipactl status

rob

> 
> 
> 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com <mailto:barrykfl at gmail.com>>:
> 
> 
>     this is the error log i found at 2.abc.com <http://2.abc.com>
> 
>     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not
>     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>     [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
>     agmt="cn=meTo1.abc.com <http://meTo1.abc.com>" (central:389):
>     Replication bind with GSSAPI auth failed: LDAP error -2 (Local
>     error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>     failure.  Minor code may provide more information (Ticket expired))
>     [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not
>     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
>     Error: could not perform interactive bind for id [] mech [GSSAPI]:
>     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>     Error: Unspecified GSS failure.  Minor code may provide more
>     information (Ticket expired)) errno 0 (Success)
>     [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not
>     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> 
> 
>     2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
>     <mailto:barrykfl at gmail.com>>:
> 
>         yes on node 1 it is happening only node2 fail connect
> 
>         ipa-replica-manage list 2.abc.com <http://2.abc.com>
>         Directory Manager password:
> 
>         1.abc.com <http://1.abc.com>: replica
> 
> 
> 
>         2014-06-30 20:59 GMT+08:00 Rob Crittenden <rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>:
> 
>             Barry wrote:
>             > Hi:
>             >
>             > Server 1 and Sever 2 is cluster master master orginally ,
>             but server 2
>             > fail to connect server1 ,.
>             >
>             > ipa-replica-manage list shown Can't contact LDAP server
>             >
>             > But as server1 it is ok  master server1 master server2 ,
>             >
>             > It seem affect if update on server 1 then it syn to
>             server2 no problem
>             > but sometimes if modfy in server2 if fail to update server1.
>             >
>             > Any idea to rebuild mutual relationship.?
> 
>             The first step is to diagnose what is wrong. I've already
>             suggested a
>             few things,
>             https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
> 
>             rob
> 
>             --
>             Manage your subscription for the Freeipa-users mailing list:
>             https://www.redhat.com/mailman/listinfo/freeipa-users
>             Go To http://freeipa.org for more info on the project
> 
> 
> 
>

More information about the Freeipa-users mailing list