[Freeipa-users] ipa-replica-manage list fail on server 2

barrykfl at gmail.com barrykfl at gmail.com
Thu Jul 3 14:32:37 UTC 2014 

Yes they are running. Server 1 can syn to server2 but error at server 2
like this.
2014/7/3 下午10:14 於 "Rob Crittenden" <rcritten at redhat.com> 寫道:

> Please keep relies on the list.
>
> barrykfl at gmail.com wrote:
> > I saw the error beloe and errpr log is it related ?
> >
> > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error:
> > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> > GSS failure.  Minor code may provide more information (Credentials cache
> > file '/tmp/krb5cc_492' not found)) errno 0 (Success)
> > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform
> > interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>
> I believe this is fairly normal on a new startup. It has to start
> somewhere. The expired ticket errors below are unexpected since there
> are so many of them. Is your KDC running?
>
> ipactl status
>
> rob
>
> >
> >
> > 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com <mailto:
> barrykfl at gmail.com>>:
> >
> >
> >     this is the error log i found at 2.abc.com <http://2.abc.com>
> >
> >     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not
> >     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local
> error)
> >     [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
> >     agmt="cn=meTo1.abc.com <http://meTo1.abc.com>" (central:389):
> >     Replication bind with GSSAPI auth failed: LDAP error -2 (Local
> >     error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> >     failure.  Minor code may provide more information (Ticket expired))
> >     [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not
> >     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local
> error)
> >     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> >     Error: could not perform interactive bind for id [] mech [GSSAPI]:
> >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> >     Error: Unspecified GSS failure.  Minor code may provide more
> >     information (Ticket expired)) errno 0 (Success)
> >     [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not
> >     perform interactive bind for id [] mech [GSSAPI]: error -2 (Local
> error)
> >
> >
> >     2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
> >     <mailto:barrykfl at gmail.com>>:
> >
> >         yes on node 1 it is happening only node2 fail connect
> >
> >         ipa-replica-manage list 2.abc.com <http://2.abc.com>
> >         Directory Manager password:
> >
> >         1.abc.com <http://1.abc.com>: replica
> >
> >
> >
> >         2014-06-30 20:59 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> >         <mailto:rcritten at redhat.com>>:
> >
> >             Barry wrote:
> >             > Hi:
> >             >
> >             > Server 1 and Sever 2 is cluster master master orginally ,
> >             but server 2
> >             > fail to connect server1 ,.
> >             >
> >             > ipa-replica-manage list shown Can't contact LDAP server
> >             >
> >             > But as server1 it is ok  master server1 master server2 ,
> >             >
> >             > It seem affect if update on server 1 then it syn to
> >             server2 no problem
> >             > but sometimes if modfy in server2 if fail to update
> server1.
> >             >
> >             > Any idea to rebuild mutual relationship.?
> >
> >             The first step is to diagnose what is wrong. I've already
> >             suggested a
> >             few things,
> >
> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
> >
> >             rob
> >
> >             --
> >             Manage your subscription for the Freeipa-users mailing list:
> >             https://www.redhat.com/mailman/listinfo/freeipa-users
> >             Go To http://freeipa.org for more info on the project
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140703/8083f257/attachment.htm>

More information about the Freeipa-users mailing list