[Freeipa-users] ipa-replica-manage list fail on server 2
barrykfl at gmail.com
barrykfl at gmail.com
Thu Jul 10 07:14:19 UTC 2014
Tried and now two version same ....but seem same situation.
i found a related error log that server1 has account after added user but
not replicated to server2. Is it too fast on UI clicking ? as i exp once
that click very
fast twice add and edit user may cause server 2 no record.
[10/Jul/2014:14:20:01 +0800] NSMMReplicationPlugin - changelog program -
_cl5WriteOperationTxn: retry (49) the transaction
(csn=53be3097000000040000) failed (rc=-30994 (DB_LOCK_DEADLOCK: Locker
killed to resolve a deadlock))
[10/Jul/2014:14:20:01 +0800] NSMMReplicationPlugin - changelog program -
_cl5WriteOperationTxn: failed to write entry with csn
(53be3097000000040000); db error - -30994 DB_LOCK_DEADLOCK: Locker killed
to resolve a deadlock
[10/Jul/2014:14:20:01 +0800] NSMMReplicationPlugin -
write_changelog_and_ruv: can't add a change for
uid=xuehuimei,cn=users,cn=accounts,dc=abc,dc=com (uniqid:
1300de84-07fa11e4-b3ddf885-593f3a7a, optype: 16) to changelog csn
53be3097000000040000
[10/Jul/2014:14:56:51 +0800] NSMMReplicationPlugin - changelog program -
_cl5WriteOperationTxn: retry (49) the transaction
(csn=53be3939000000040000) failed (rc=-30994 (DB_LOCK_DEADLOCK: Locker
killed to resolve a deadlock))
[10/Jul/2014:14:56:51 +0800] NSMMReplicationPlugin - changelog program -
_cl5WriteOperationTxn: failed to write entry with csn
(53be3939000000040000); db error - -30994 DB_LOCK_DEADLOCK: Locker killed
to resolve a deadlock
[10/Jul/2014:14:56:51 +0800] NSMMReplicationPlugin -
write_changelog_and_ruv: can't add a change for
uid=websubcon04,cn=users,cn=accounts,dc=abc,dc=com (uniqid:
3e39fc81-07ff11e4-b3ddf885-593f3a7a, optype: 16) to changelog csn
53be3939000000040000
2014-07-10 10:40 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
> On 07/09/2014 08:36 PM, barrykfl at gmail.com wrote:
>
> Hi :
>
> What is the procedure for this minor update ?
>
> just yum update ipa-server after stop the server?
>
>
> If you just want to upgrade only the LDAP server, which is the component
> that I for sure know is out of date, then yum update 389-ds-base.
>
> Or just "yum update" - in general I don't like running "franken-systems"
> which have a mix of up-to-date and out of date packages. Note that "IPA
> server" is composed of several packages.
>
> You do not need to stop the server. yum/rpm upgrade will restart as
> needed. If you want to make sure, do ipactl restart after upgrade.
>
>
> and effect of the exsitn ldap?
>
>
> Not sure what you mean. Upgrade should not touch any config or data.
>
>
>
> As the server 2 is master of replica also , so need refo ipa-replica
> install ?
>
>
> No, you just need to perform the same upgrade procedure.
>
>
>
> barry
>
>
> 2014-07-09 22:20 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
>
>> On 07/08/2014 09:02 PM, barrykfl at gmail.com wrote:
>>
>> Some error i found :
>>
>>
>> server1.abc.com:636 (/etc/dirsrv/slapd-abc-COM)
>>
>> [29/Jun/2014:02:00:56 +0800] - 389-Directory/1.2.11.25 B2013.325.1951
>> starting up
>> [29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_unwrap_key: failed to
>> unwrap key for cipher AES
>> [29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_cipher_init: symmetric
>> key failed to unwrap with the private key; Cert might have been renewed
>> since the key is wrapped. To recover the encrypted contents, keep the
>> wrapped symmetric key value.
>> [29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_unwrap_key: failed to
>> unwrap key for cipher 3DES
>> [29/Jun/2014:02:00:56 +0800] attrcrypt - attrcrypt_cipher_init: symmetric
>> key failed to unwrap with the private key; Cert might have been renewed
>> since the key is wrapped. To recover the encrypted contents, keep the
>> wrapped symmetric key value.
>> [29/Jun/2014:02:00:56 +0800] attrcrypt - All prepared ciphers are not
>> available. Please disable attribute encryption.
>> [29/Jun/2014:02:00:56 +0800] schema-compat-plugin - warning: no entries
>> set up under cn=computers, cn=compat,dc=abc,dc=com
>> [29/Jun/2014:02:00:57 +0800] schema-compat-plugin - warning: no entries
>> set up under cn=ng, cn=compat,dc=abc,dc=com
>> [29/Jun/2014:02:00:57 +0800] schema-compat-plugin - warning: no entries
>> set up under ou=sudoers,dc=abc,dc=com
>> [29/Jun/2014:02:00:57 +0800] - Skipping CoS Definition cn=Password
>> Policy,cn=accounts,dc=abc,dc=com--no CoS Templates found, which should be
>> added before the CoS Definition.
>> [29/Jun/2014:02:00:57 +0800] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/server1.abc.com at abc.COM] in keytab [
>> FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [29/Jun/2014:02:00:58 +0800] - Skipping CoS Definition cn=Password
>> Policy,cn=accounts,dc=abc,dc=com--no CoS Templates found, which should be
>> added before the CoS Definition.
>> [29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Credentials cache file
>> '/tmp/krb5cc_492' not found)) errno 0 (Success)
>> [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [29/Jun/2014:02:00:58 +0800] NSMMReplicationPlugin - agmt="cn=
>> meToserver2.abc.com" (server2:389): Replication bind with GSSAPI auth
>> failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> Error: Unspecified GSS failure. Minor code may provide more information
>> (Credentials cache file '/tmp/krb5cc_492' not found))
>> [29/Jun/2014:02:00:58 +0800] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [29/Jun/2014:02:00:58 +0800] - Listening on All Interfaces port 636 for
>> LDAPS requests
>>
>>
>> 389-Directory/1.2.11.15 B2013.240.174
>> server2.abc.com:636 (/etc/dirsrv/slapd-abc-COM)
>>
>> [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin - agmt="cn=
>> meToserver1.abc.com" (server1:389): Replication bind with GSSAPI auth
>> failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> Error: Unspecified GSS failure. Minor code may provide more information
>> (Ticket expired))
>> [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2
>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information (Ticket expired)) errno 0
>> (Success)
>> [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [30/Jun/2014:12:51:52 +0800] NSMMReplicationPlugin - agmt="cn=
>> meToserver1.abc.com" (server1:389): Replication bind with GSSAPI auth
>> resumed
>>
>>
>> You are using an older version of 389. The version on server2 is older
>> than the version on server1. Can you upgrade and see if that fixes your
>> problems? Even if it doesn't fix your problems, it will be much easier for
>> us to support.
>>
>>
>>
>> 2014-07-09 10:55 GMT+08:00 <barrykfl at gmail.com>:
>>
>>> FYI..
>>> 160: [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection
>>> from 192.168.156.89 to 192.168.156.89
>>> 163: [04/Jul/2014:12:35:30 +0800] conn=936207 op=-1 fd=73 closed - B1
>>>
>>> There is not abt binding but i unsure how to fix ..
>>>
>>>
>>>
>>>
>>> 2014-07-09 2:01 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
>>>
>>> On 07/08/2014 02:16 AM, barrykfl at gmail.com wrote:
>>>>
>>>> Resent as size limit.
>>>>
>>>>
>>>> Here u are server1 's access log seem one side broken
>>>>
>>>> the problem is how to make it replicate again.
>>>>
>>>> At server 1
>>>>
>>>> it is ok master server1 master server2
>>>>
>>>>
>>>> Another side server 2 contains 2 ip replication.
>>>>
>>>> ipa-replica-manage list shown Can't contact LDAP server
>>>>
>>>> I dont know why but the prolematic server is sever 2 not server 1
>>>>
>>>> log of server2
>>>> [08/Jul/2014:16:02:40 +0800] conn=3299731 fd=69 slot=69 connection from
>>>> 192.168.15.89 (server1) to 192.168.15.88(server2)
>>>> [08/Jul/2014:16:02:40 +0800] conn=3299731 op=-1 fd=69 closed - B1
>>>> [08/Jul/2014:16:02:40 +0800] conn=3299732 fd=69 slot=69 connection from
>>>> 192.168.15.89 to 192.168.15.88
>>>> [08/Jul/2014:16:02:40 +0800] conn=3299732 op=-1 fd=69 closed - B1
>>>> [08/Jul/2014:16:02:41 +0800] conn=3299733 fd=69 slot=69 connection from
>>>> 192.168.15.89 to 192.168.15.88
>>>> [08/Jul/2014:16:02:41 +0800] conn=3299733 op=-1 fd=69 closed - B1
>>>>
>>>>
>>>> You never answered my question below. "Are you sure that this
>>>> connection is a replication session? Can you post all of the operations
>>>> from the access log from conn=936207?"
>>>>
>>>> In the future, please avoid spamming the list with large log files. In
>>>> general, it's better to provide excerpts from the log files showing the
>>>> problem, paste them to fpaste.org, and post the link to the mailing
>>>> list. If for some reason you need to post a large file, please use a file
>>>> sharing service and post the link to the file.
>>>>
>>>> Can you take a look at your errors log from server 1 and server 2 and
>>>> see if there are any relevant errors?
>>>>
>>>> If I had to guess, I would say that there is some sort of network error
>>>> between server 1 and server 2 that causes the excessive closed - B1.
>>>> Perhaps there will be more information in the errors log.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2014-07-07 22:21 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
>>>>
>>>>> On 07/04/2014 03:28 AM, barrykfl at gmail.com wrote:
>>>>>
>>>>> FOUND something strange that server 1 replicate to itself rather than
>>>>> server2
>>>>>
>>>>> Server1 access log > Wrong
>>>>> [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from
>>>>> 192.168.15.89( server1 ) to 192.168.15.89 (server1)
>>>>>
>>>>>
>>>>> Are you sure that this connection is a replication session? Can you
>>>>> post all of the operations from the access log from conn=936207?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Server 2 access log > OK
>>>>> [04/Jul/2014:12:35:30 +0800] conn=936208 fd=74 slot=74 connection from
>>>>> 192.168.15.89(server2) to 192.168.15.88 (server2)
>>>>>
>>>>>
>>>>> 2014-07-04 9:25 GMT+08:00 <barrykfl at gmail.com>:
>>>>>
>>>>>> Just sure now one side flow is broken, if u update server1 , it
>>>>>> 100% work server2 will upgrade.
>>>>>> but if u update server2 there is chance non-syn e.g it create
>>>>>> username in server1 with posfix grp >ok
>>>>>> but in server2 it only created posfix grp but no username /attribute
>>>>>> it occur serveral times. I have to use command line grp del ...etc. to
>>>>>> force del them and recreate them.,.
>>>>>>
>>>>>> Result below:
>>>>>>
>>>>>> server2.abc.com: replica
>>>>>> last init status: None
>>>>>> last init ended: None
>>>>>> last update status: 0 Replica acquired successfully: Incremental
>>>>>> update succeeded
>>>>>> last update ended: 2014-07-04 00:33:18+00:00
>>>>>>
>>>>>> Directory Manager password:
>>>>>>
>>>>>> server1.abc.com: replica
>>>>>> last init status: 0 Total update succeeded
>>>>>> last init ended: 2014-06-20 10:07:02+00:00
>>>>>> last update status: 0 Replica acquired successfully: Incremental
>>>>>> update succeeded
>>>>>> last update ended: 2014-07-04 01:14:19+00:00
>>>>>>
>>>>>>
>>>>>>
>>>>>> [root@(LIVE)server2 ~]$ ipactl status
>>>>>> Directory Service: RUNNING
>>>>>> KDC Service: RUNNING
>>>>>> KPASSWD Service: RUNNING
>>>>>> MEMCACHE Service: RUNNING
>>>>>> HTTP Service: RUNNING
>>>>>>
>>>>>>
>>>>>> 2014-07-04 1:34 GMT+08:00 Rob Crittenden <rcritten at redhat.com>:
>>>>>>
>>>>>> barrykfl at gmail.com wrote:
>>>>>>> > Yes they are running. Server 1 can syn to server2 but error at
>>>>>>> server 2
>>>>>>> > like this.
>>>>>>>
>>>>>>> How do you know server 1 is syncing with server 2?
>>>>>>>
>>>>>>> On server 1 I'd run:
>>>>>>>
>>>>>>> ipa-replica-manage list -v `hostname`
>>>>>>>
>>>>>>> This will show the replication status.
>>>>>>>
>>>>>>> And what does ipactl status show on server 2?
>>>>>>>
>>>>>>> rob
>>>>>>>
>>>>>>> >
>>>>>>> > 2014/7/3 下午10:14 於 "Rob Crittenden" <rcritten at redhat.com
>>>>>>> > <mailto:rcritten at redhat.com>> 寫道:
>>>>>>> >
>>>>>>> > Please keep relies on the list.
>>>>>>> >
>>>>>>> > barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
>>>>>>> > > I saw the error beloe and errpr log is it related ?
>>>>>>> > >
>>>>>>> > > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind
>>>>>>> - Error:
>>>>>>> > > could not perform interactive bind for id [] mech [GSSAPI]:
>>>>>>> LDAP error
>>>>>>> > > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error:
>>>>>>> Unspecified
>>>>>>> > > GSS failure. Minor code may provide more information
>>>>>>> (Credentials
>>>>>>> > cache
>>>>>>> > > file '/tmp/krb5cc_492' not found)) errno 0 (Success)
>>>>>>> > > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could
>>>>>>> not
>>>>>>> > perform
>>>>>>> > > interactive bind for id [] mech [GSSAPI]: error -2 (Local
>>>>>>> error)
>>>>>>> >
>>>>>>> > I believe this is fairly normal on a new startup. It has to
>>>>>>> start
>>>>>>> > somewhere. The expired ticket errors below are unexpected
>>>>>>> since there
>>>>>>> > are so many of them. Is your KDC running?
>>>>>>> >
>>>>>>> > ipactl status
>>>>>>> >
>>>>>>> > rob
>>>>>>> >
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com
>>>>>>> > <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
>>>>>>> > <mailto:barrykfl at gmail.com>>>:
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > this is the error log i found at 2.abc.com <
>>>>>>> http://2.abc.com>
>>>>>>> > <http://2.abc.com>
>>>>>>> > >
>>>>>>> > > [30/Jun/2014:12:51:31 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:31 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error:
>>>>>>> could not
>>>>>>> > > perform interactive bind for id [] mech [GSSAPI]: error
>>>>>>> -2
>>>>>>> > (Local error)
>>>>>>> > > [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
>>>>>>> > > agmt="cn=meTo1.abc.com <http://meTo1.abc.com>
>>>>>>> > <http://meTo1.abc.com>" (central:389):
>>>>>>> > > Replication bind with GSSAPI auth failed: LDAP error -2
>>>>>>> (Local
>>>>>>> > > error) (SASL(-1): generic failure: GSSAPI Error:
>>>>>>> Unspecified GSS
>>>>>>> > > failure. Minor code may provide more information (Ticket
>>>>>>> > expired))
>>>>>>> > > [30/Jun/2014:12:51:34 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:35 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error:
>>>>>>> could not
>>>>>>> > > perform interactive bind for id [] mech [GSSAPI]: error
>>>>>>> -2
>>>>>>> > (Local error)
>>>>>>> > > [30/Jun/2014:12:51:40 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:40 +0800]
>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>> > > Error: could not perform interactive bind for id [] mech
>>>>>>> [GSSAPI]:
>>>>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>>>>> GSSAPI
>>>>>>> > > Error: Unspecified GSS failure. Minor code may provide
>>>>>>> more
>>>>>>> > > information (Ticket expired)) errno 0 (Success)
>>>>>>> > > [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error:
>>>>>>> could not
>>>>>>> > > perform interactive bind for id [] mech [GSSAPI]: error
>>>>>>> -2
>>>>>>> > (Local error)
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > 2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
>>>>>>> > <mailto:barrykfl at gmail.com>
>>>>>>> > > <mailto:barrykfl at gmail.com <mailto:barrykfl at gmail.com
>>>>>>> >>>:
>>>>>>> > >
>>>>>>> > > yes on node 1 it is happening only node2 fail connect
>>>>>>> > >
>>>>>>> > > ipa-replica-manage list 2.abc.com <http://2.abc.com>
>>>>>>> > <http://2.abc.com>
>>>>>>> > > Directory Manager password:
>>>>>>> > >
>>>>>>> > > 1.abc.com <http://1.abc.com> <http://1.abc.com>:
>>>>>>> replica
>>>>>>> > >
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > 2014-06-30 20:59 GMT+08:00 Rob Crittenden
>>>>>>> > <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>>>>>> > > <mailto:rcritten at redhat.com <mailto:
>>>>>>> rcritten at redhat.com>>>:
>>>>>>> > >
>>>>>>> > > Barry wrote:
>>>>>>> > > > Hi:
>>>>>>> > > >
>>>>>>> > > > Server 1 and Sever 2 is cluster master master
>>>>>>> > orginally ,
>>>>>>> > > but server 2
>>>>>>> > > > fail to connect server1 ,.
>>>>>>> > > >
>>>>>>> > > > ipa-replica-manage list shown Can't contact
>>>>>>> LDAP server
>>>>>>> > > >
>>>>>>> > > > But as server1 it is ok master server1 master
>>>>>>> server2 ,
>>>>>>> > > >
>>>>>>> > > > It seem affect if update on server 1 then it
>>>>>>> syn to
>>>>>>> > > server2 no problem
>>>>>>> > > > but sometimes if modfy in server2 if fail to
>>>>>>> update
>>>>>>> > server1.
>>>>>>> > > >
>>>>>>> > > > Any idea to rebuild mutual relationship.?
>>>>>>> > >
>>>>>>> > > The first step is to diagnose what is wrong.
>>>>>>> I've already
>>>>>>> > > suggested a
>>>>>>> > > few things,
>>>>>>> > >
>>>>>>> >
>>>>>>> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
>>>>>>> > >
>>>>>>> > > rob
>>>>>>> > >
>>>>>>> > > --
>>>>>>> > > Manage your subscription for the Freeipa-users
>>>>>>> mailing
>>>>>>> > list:
>>>>>>> > >
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>> > > Go To http://freeipa.org for more info on the
>>>>>>> project
>>>>>>> > >
>>>>>>> > >
>>>>>>> > >
>>>>>>> > >
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140710/a4728ab6/attachment.htm>
More information about the Freeipa-users
mailing list