[Freeipa-users] ipa-replica-manage list fail on server 2
barrykfl at gmail.com
barrykfl at gmail.com
Fri Jul 4 01:25:06 UTC 2014
Just sure now one side flow is broken, if u update server1 , it 100% work
server2 will upgrade.
but if u update server2 there is chance non-syn e.g it create username in
server1 with posfix grp >ok
but in server2 it only created posfix grp but no username /attribute it
occur serveral times. I have to use command line grp del ...etc. to force
del them and recreate them.,.
Result below:
server2.abc.com: replica
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2014-07-04 00:33:18+00:00
Directory Manager password:
server1.abc.com: replica
last init status: 0 Total update succeeded
last init ended: 2014-06-20 10:07:02+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2014-07-04 01:14:19+00:00
[root@(LIVE)server2 ~]$ ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
2014-07-04 1:34 GMT+08:00 Rob Crittenden <rcritten at redhat.com>:
> barrykfl at gmail.com wrote:
> > Yes they are running. Server 1 can syn to server2 but error at server 2
> > like this.
>
> How do you know server 1 is syncing with server 2?
>
> On server 1 I'd run:
>
> ipa-replica-manage list -v `hostname`
>
> This will show the replication status.
>
> And what does ipactl status show on server 2?
>
> rob
>
> >
> > 2014/7/3 下午10:14 於 "Rob Crittenden" <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>> 寫道:
> >
> > Please keep relies on the list.
> >
> > barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
> > > I saw the error beloe and errpr log is it related ?
> > >
> > > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind -
> Error:
> > > could not perform interactive bind for id [] mech [GSSAPI]: LDAP
> error
> > > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error:
> Unspecified
> > > GSS failure. Minor code may provide more information (Credentials
> > cache
> > > file '/tmp/krb5cc_492' not found)) errno 0 (Success)
> > > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not
> > perform
> > > interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> >
> > I believe this is fairly normal on a new startup. It has to start
> > somewhere. The expired ticket errors below are unexpected since there
> > are so many of them. Is your KDC running?
> >
> > ipactl status
> >
> > rob
> >
> > >
> > >
> > > 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com
> > <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
> > <mailto:barrykfl at gmail.com>>>:
> > >
> > >
> > > this is the error log i found at 2.abc.com <http://2.abc.com>
> > <http://2.abc.com>
> > >
> > > [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not
> > > perform interactive bind for id [] mech [GSSAPI]: error -2
> > (Local error)
> > > [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
> > > agmt="cn=meTo1.abc.com <http://meTo1.abc.com>
> > <http://meTo1.abc.com>" (central:389):
> > > Replication bind with GSSAPI auth failed: LDAP error -2 (Local
> > > error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS
> > > failure. Minor code may provide more information (Ticket
> > expired))
> > > [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not
> > > perform interactive bind for id [] mech [GSSAPI]: error -2
> > (Local error)
> > > [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> > > Error: could not perform interactive bind for id [] mech
> [GSSAPI]:
> > > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> > > Error: Unspecified GSS failure. Minor code may provide more
> > > information (Ticket expired)) errno 0 (Success)
> > > [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not
> > > perform interactive bind for id [] mech [GSSAPI]: error -2
> > (Local error)
> > >
> > >
> > > 2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
> > <mailto:barrykfl at gmail.com>
> > > <mailto:barrykfl at gmail.com <mailto:barrykfl at gmail.com>>>:
> > >
> > > yes on node 1 it is happening only node2 fail connect
> > >
> > > ipa-replica-manage list 2.abc.com <http://2.abc.com>
> > <http://2.abc.com>
> > > Directory Manager password:
> > >
> > > 1.abc.com <http://1.abc.com> <http://1.abc.com>: replica
> > >
> > >
> > >
> > > 2014-06-30 20:59 GMT+08:00 Rob Crittenden
> > <rcritten at redhat.com <mailto:rcritten at redhat.com>
> > > <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com
> >>>:
> > >
> > > Barry wrote:
> > > > Hi:
> > > >
> > > > Server 1 and Sever 2 is cluster master master
> > orginally ,
> > > but server 2
> > > > fail to connect server1 ,.
> > > >
> > > > ipa-replica-manage list shown Can't contact LDAP
> server
> > > >
> > > > But as server1 it is ok master server1 master
> server2 ,
> > > >
> > > > It seem affect if update on server 1 then it syn to
> > > server2 no problem
> > > > but sometimes if modfy in server2 if fail to update
> > server1.
> > > >
> > > > Any idea to rebuild mutual relationship.?
> > >
> > > The first step is to diagnose what is wrong. I've
> already
> > > suggested a
> > > few things,
> > >
> >
> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
> > >
> > > rob
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing
> > list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go To http://freeipa.org for more info on the project
> > >
> > >
> > >
> > >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140704/a0ecfbe1/attachment.htm>
More information about the Freeipa-users
mailing list