[Freeipa-users] ipa-replica-manage list fail on server 2
Rob Crittenden
rcritten at redhat.com
Tue Jul 15 14:29:06 UTC 2014
Rich Megginson wrote:
> On 07/14/2014 05:58 PM, barrykfl at gmail.com wrote:
>> kinit work , can input password
>>
>> any ipa command fail even ipa replica-manage status command >>"cant
>> contact ldap server"
>
> Assuming that ldapsearch works, this sounds like the ipa command line
> tool can't communicate with the httpd server? Any errors in
> /var/log/httpd/error_log?
ipa-replica-manage only uses direct LDAP (maybe a little GSSAPI for good
measure).
It also uses port 636 so at this point I suspect it is an SSL trust
issue. If you watch the access log you should see the connection attempt
and result.
rob
>
>>
>>
>> 2014-07-15 0:03 GMT+08:00 Rich Megginson <rmeggins at redhat.com
>> <mailto:rmeggins at redhat.com>>:
>>
>> On 07/13/2014 08:51 PM, barrykfl at gmail.com
>> <mailto:barrykfl at gmail.com> wrote:
>>> Hi:
>>>
>>> Only for the servers that are getting the "DB_LOCK_DEADLOCK:
>>> Locker killed to resolve a deadlock" message in the errors log.
>>>
>>> > need restart ipactl service after modifcation?
>>>
>>> But this does not explain the "cant contact ldap server" errors.
>>>
>>> Which ipa commands give the "cant contact ldap server" errors?
>>>
>>> > server2.abc.com <http://server2.abc.com> and command related
>>> ipa shown can't contact ldap sver , log shown before.
>>
>> Does this mean that
>> ipa user-find
>> on server2.abc.com <http://server2.abc.com> gives a "cant contact
>> ldap server" error?
>>
>> Or is it only the ipa replica-manage status command that gives
>> this error?
>>
>> If it is the former, does ldapsearch work? Does kinit work?
>>
>>>
>>>
>>> 2014-07-11 21:55 GMT+08:00 Rich Megginson <rmeggins at redhat.com
>>> <mailto:rmeggins at redhat.com>>:
>>>
>>> On 07/11/2014 01:53 AM, barrykfl at gmail.com
>>> <mailto:barrykfl at gmail.com> wrote:
>>>> At server 2 there is a error:
>>>>
>>>>
>>>> [10/Jul/2014:12:29:59 +0800] NSMMReplicationPlugin -
>>>> agmt="cn=meToserver1.abc.com <http://meToserver1.abc.com>"
>>>> (central:389): Replication bind with GSSAPI auth failed:
>>>> LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI Error: Unspecified GSS failure. Minor code may
>>>> provide more information (Credentials cache file
>>>> '/tmp/krb5cc_494' not found))
>>>
>>> This is usually a transient error that should go away.
>>>
>>>>
>>>>
>>>> 2014-07-11 10:26 GMT+08:00 <barrykfl at gmail.com
>>>> <mailto:barrykfl at gmail.com>>:
>>>>
>>>> Yes ,
>>>> still get "cant contact ldap server" after upgrading
>>>> both servers.
>>>>
>>>>
>>>> 2014-07-10 23:18 GMT+08:00 Rich Megginson
>>>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>:
>>>>
>>>> On 07/10/2014 09:15 AM, barrykfl at gmail.com
>>>> <mailto:barrykfl at gmail.com> wrote:
>>>>>
>>>>> But any hint that server 2 say cant contact ldap
>>>>> server if type ipa command?
>>>>>
>>>>
>>>> Please keep replies on list.
>>>>
>>>> You still get "cant contact ldap server" after
>>>> upgrading both servers?
>>>>
>>>>> 2014/7/10 下午10:25 於 "Rich Megginson"
>>>>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>>>>> 寫道:
>>>>>
>>>>> On 07/10/2014 01:14 AM, barrykfl at gmail.com
>>>>> <mailto:barrykfl at gmail.com> wrote:
>>>>>> Tried and now two version same ....but seem
>>>>>> same situation.
>>>>>>
>>>>>> i found a related error log that server1 has
>>>>>> account after added user but not replicated to
>>>>>> server2. Is it too fast on UI clicking ? as i
>>>>>> exp once that click very
>>>>>> fast twice add and edit user may cause server
>>>>>> 2 no record.
>>>>>>
>>>>>>
>>>>>> [10/Jul/2014:14:20:01 +0800]
>>>>>> NSMMReplicationPlugin - changelog program -
>>>>>> _cl5WriteOperationTxn: retry (49) the
>>>>>> transaction (csn=53be3097000000040000) failed
>>>>>> (rc=-30994 (DB_LOCK_DEADLOCK: Locker killed to
>>>>>> resolve a deadlock))
>>>>>> [10/Jul/2014:14:20:01 +0800]
>>>>>> NSMMReplicationPlugin - changelog program -
>>>>>> _cl5WriteOperationTxn: failed to write entry
>>>>>> with csn (53be3097000000040000); db error -
>>>>>> -30994 DB_LOCK_DEADLOCK: Locker killed to
>>>>>> resolve a deadlock
>>>>>> [10/Jul/2014:14:20:01 +0800]
>>>>>> NSMMReplicationPlugin -
>>>>>> write_changelog_and_ruv: can't add a change
>>>>>> for
>>>>>> uid=xuehuimei,cn=users,cn=accounts,dc=abc,dc=com
>>>>>> (uniqid: 1300de84-07fa11e4-b3ddf885-593f3a7a,
>>>>>> optype: 16) to changelog csn 53be3097000000040000
>>>>>> [10/Jul/2014:14:56:51 +0800]
>>>>>> NSMMReplicationPlugin - changelog program -
>>>>>> _cl5WriteOperationTxn: retry (49) the
>>>>>> transaction (csn=53be3939000000040000) failed
>>>>>> (rc=-30994 (DB_LOCK_DEADLOCK: Locker killed to
>>>>>> resolve a deadlock))
>>>>>> [10/Jul/2014:14:56:51 +0800]
>>>>>> NSMMReplicationPlugin - changelog program -
>>>>>> _cl5WriteOperationTxn: failed to write entry
>>>>>> with csn (53be3939000000040000); db error -
>>>>>> -30994 DB_LOCK_DEADLOCK: Locker killed to
>>>>>> resolve a deadlock
>>>>>> [10/Jul/2014:14:56:51 +0800]
>>>>>> NSMMReplicationPlugin -
>>>>>> write_changelog_and_ruv: can't add a change
>>>>>> for
>>>>>> uid=websubcon04,cn=users,cn=accounts,dc=abc,dc=com
>>>>>> (uniqid: 3e39fc81-07ff11e4-b3ddf885-593f3a7a,
>>>>>> optype: 16) to changelog csn 53be3939000000040000
>>>>>
>>>>> This looks like
>>>>> https://fedorahosted.org/389/ticket/47409 and
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=979169
>>>>>
>>>>> Cause: Under certain conditions, with a mix of
>>>>> concurrent search and update and outgoing
>>>>> replication operations, there will be deadlocks
>>>>> in the changelog db, leading to error messages
>>>>> like this:
>>>>> NSMMReplicationPlugin - changelog program -
>>>>> _cl5WriteOperationTxn: failed to write entry
>>>>> with csn (XXXXXXX); db error - -30994
>>>>> DB_LOCK_DEADLOCK: Locker killed to resolve a
>>>>> deadlock
>>>>> This is caused by a deadlock between the
>>>>> changelog readers, writers, and main database
>>>>> writers.
>>>>>
>>>>> Consequence: Update operations will fail with
>>>>> the above error message in the directory server
>>>>> errors log.
>>>>>
>>>>> Fix: A new configuration parameter is introduced:
>>>>> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
>>>>> nsslapd-db-deadlock-policy: 9
>>>>>
>>>>> With the default policy 9 (DB_LOCK_YOUNGEST),
>>>>> the last locker gets killed when there is a
>>>>> deadlock. In the case that this is the
>>>>> changelog writer, the write will fail, and the
>>>>> entire update will fail.
>>>>>
>>>>> Users who frequently see the above errors in
>>>>> the errors log are advised to change this
>>>>> setting to 6 (DB_LOCK_MINWRITE) will which
>>>>> instead kill the locker that has the fewest
>>>>> write locks (that is, the changelog reader).
>>>>> The changelog reader code has been changed to
>>>>> handle this deadlock condition and retry. The
>>>>> setting can be changed like this:
>>>>>
>>>>> ldapmodify -x -D "cn=directory manager" -W <<EOF
>>>>> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
>>>>> changetype: modify
>>>>> replace: nsslapd-db-deadlock-policy
>>>>> nsslapd-db-deadlock-policy: 6
>>>>> EOF
>>>>>
>>>>> You may ask why the default is not changed to
>>>>> 6. The answer is that the setting will apply
>>>>> to _all_ threads, so that changing this setting
>>>>> could cause regular search requests to fail, if
>>>>> the directory server is under a heavy update
>>>>> load. In our testing, we did not see this
>>>>> happen, but we cannot guarantee that changing
>>>>> this value to 6 will not impact regular search
>>>>> requests.
>>>>>
>>>>> Result: After changing
>>>>> nsslapd-db-deadlock-policy to 6, updates will
>>>>> succeed and no longer cause errors like the above.
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> 2014-07-10 10:40 GMT+08:00 Rich Megginson
>>>>>> <rmeggins at redhat.com
>>>>>> <mailto:rmeggins at redhat.com>>:
>>>>>>
>>>>>> On 07/09/2014 08:36 PM, barrykfl at gmail.com
>>>>>> <mailto:barrykfl at gmail.com> wrote:
>>>>>>> Hi :
>>>>>>>
>>>>>>> What is the procedure for this minor update ?
>>>>>>>
>>>>>>> just yum update ipa-server after stop the
>>>>>>> server?
>>>>>>
>>>>>> If you just want to upgrade only the LDAP
>>>>>> server, which is the component that I for
>>>>>> sure know is out of date, then yum update
>>>>>> 389-ds-base.
>>>>>>
>>>>>> Or just "yum update" - in general I don't
>>>>>> like running "franken-systems" which have
>>>>>> a mix of up-to-date and out of date
>>>>>> packages. Note that "IPA server" is
>>>>>> composed of several packages.
>>>>>>
>>>>>> You do not need to stop the server.
>>>>>> yum/rpm upgrade will restart as needed.
>>>>>> If you want to make sure, do ipactl
>>>>>> restart after upgrade.
>>>>>>
>>>>>>
>>>>>>> and effect of the exsitn ldap?
>>>>>>
>>>>>> Not sure what you mean. Upgrade should
>>>>>> not touch any config or data.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> As the server 2 is master of replica also
>>>>>>> , so need refo ipa-replica install ?
>>>>>>
>>>>>> No, you just need to perform the same
>>>>>> upgrade procedure.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> barry
>>>>>>>
>>>>>>>
>>>>>>> 2014-07-09 22:20 GMT+08:00 Rich Megginson
>>>>>>> <rmeggins at redhat.com
>>>>>>> <mailto:rmeggins at redhat.com>>:
>>>>>>>
>>>>>>> On 07/08/2014 09:02 PM,
>>>>>>> barrykfl at gmail.com
>>>>>>> <mailto:barrykfl at gmail.com> wrote:
>>>>>>>> Some error i found :
>>>>>>>>
>>>>>>>>
>>>>>>>> server1.abc.com:636
>>>>>>>> <http://server1.abc.com:636>
>>>>>>>> (/etc/dirsrv/slapd-abc-COM)
>>>>>>>>
>>>>>>>> [29/Jun/2014:02:00:56 +0800] -
>>>>>>>> 389-Directory/1.2.11.25
>>>>>>>> <http://1.2.11.25> B2013.325.1951
>>>>>>>> starting up
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> attrcrypt - attrcrypt_unwrap_key:
>>>>>>>> failed to unwrap key for cipher AES
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> attrcrypt - attrcrypt_cipher_init:
>>>>>>>> symmetric key failed to unwrap with
>>>>>>>> the private key; Cert might have
>>>>>>>> been renewed since the key is
>>>>>>>> wrapped. To recover the encrypted
>>>>>>>> contents, keep the wrapped symmetric
>>>>>>>> key value.
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> attrcrypt - attrcrypt_unwrap_key:
>>>>>>>> failed to unwrap key for cipher 3DES
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> attrcrypt - attrcrypt_cipher_init:
>>>>>>>> symmetric key failed to unwrap with
>>>>>>>> the private key; Cert might have
>>>>>>>> been renewed since the key is
>>>>>>>> wrapped. To recover the encrypted
>>>>>>>> contents, keep the wrapped symmetric
>>>>>>>> key value.
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> attrcrypt - All prepared ciphers are
>>>>>>>> not available. Please disable
>>>>>>>> attribute encryption.
>>>>>>>> [29/Jun/2014:02:00:56 +0800]
>>>>>>>> schema-compat-plugin - warning: no
>>>>>>>> entries set up under cn=computers,
>>>>>>>> cn=compat,dc=abc,dc=com
>>>>>>>> [29/Jun/2014:02:00:57 +0800]
>>>>>>>> schema-compat-plugin - warning: no
>>>>>>>> entries set up under cn=ng,
>>>>>>>> cn=compat,dc=abc,dc=com
>>>>>>>> [29/Jun/2014:02:00:57 +0800]
>>>>>>>> schema-compat-plugin - warning: no
>>>>>>>> entries set up under
>>>>>>>> ou=sudoers,dc=abc,dc=com
>>>>>>>> [29/Jun/2014:02:00:57 +0800] -
>>>>>>>> Skipping CoS Definition cn=Password
>>>>>>>> Policy,cn=accounts,dc=abc,dc=com--no
>>>>>>>> CoS Templates found, which should be
>>>>>>>> added before the CoS Definition.
>>>>>>>> [29/Jun/2014:02:00:57 +0800]
>>>>>>>> set_krb5_creds - Could not get
>>>>>>>> initial credentials for principal
>>>>>>>> [ldap/server1.abc.com at abc.COM
>>>>>>>> <mailto:ldap/server1.abc.com at abc.COM>]
>>>>>>>> in keytab
>>>>>>>> [FILE:/etc/dirsrv/ds.keytab]:
>>>>>>>> -1765328228 (Cannot contact any KDC
>>>>>>>> for requested realm)
>>>>>>>> [29/Jun/2014:02:00:58 +0800] -
>>>>>>>> Skipping CoS Definition cn=Password
>>>>>>>> Policy,cn=accounts,dc=abc,dc=com--no
>>>>>>>> CoS Templates found, which should be
>>>>>>>> added before the CoS Definition.
>>>>>>>> [29/Jun/2014:02:00:58 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information
>>>>>>>> (Credentials cache file
>>>>>>>> '/tmp/krb5cc_492' not found)) errno
>>>>>>>> 0 (Success)
>>>>>>>> [29/Jun/2014:02:00:58 +0800]
>>>>>>>> slapi_ldap_bind - Error: could not
>>>>>>>> perform interactive bind for id []
>>>>>>>> mech [GSSAPI]: error -2 (Local error)
>>>>>>>> [29/Jun/2014:02:00:58 +0800]
>>>>>>>> NSMMReplicationPlugin -
>>>>>>>> agmt="cn=meToserver2.abc.com
>>>>>>>> <http://meToserver2.abc.com>"
>>>>>>>> (server2:389): Replication bind with
>>>>>>>> GSSAPI auth failed: LDAP error -2
>>>>>>>> (Local error) (SASL(-1): generic
>>>>>>>> failure: GSSAPI Error: Unspecified
>>>>>>>> GSS failure. Minor code may provide
>>>>>>>> more information (Credentials cache
>>>>>>>> file '/tmp/krb5cc_492' not found))
>>>>>>>> [29/Jun/2014:02:00:58 +0800] - slapd
>>>>>>>> started. Listening on All
>>>>>>>> Interfaces port 389 for LDAP requests
>>>>>>>> [29/Jun/2014:02:00:58 +0800] -
>>>>>>>> Listening on All Interfaces port 636
>>>>>>>> for LDAPS requests
>>>>>>>>
>>>>>>>>
>>>>>>>> 389-Directory/1.2.11.15
>>>>>>>> <http://1.2.11.15> B2013.240.174
>>>>>>>> server2.abc.com:636
>>>>>>>> <http://server2.abc.com:636>
>>>>>>>> (/etc/dirsrv/slapd-abc-COM)
>>>>>>>>
>>>>>>>> [30/Jun/2014:12:51:31 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:31 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:31 +0800]
>>>>>>>> slapi_ldap_bind - Error: could not
>>>>>>>> perform interactive bind for id []
>>>>>>>> mech [GSSAPI]: error -2 (Local error)
>>>>>>>> [30/Jun/2014:12:51:31 +0800]
>>>>>>>> NSMMReplicationPlugin -
>>>>>>>> agmt="cn=meToserver1.abc.com
>>>>>>>> <http://meToserver1.abc.com>"
>>>>>>>> (server1:389): Replication bind with
>>>>>>>> GSSAPI auth failed: LDAP error -2
>>>>>>>> (Local error) (SASL(-1): generic
>>>>>>>> failure: GSSAPI Error: Unspecified
>>>>>>>> GSS failure. Minor code may provide
>>>>>>>> more information (Ticket expired))
>>>>>>>> [30/Jun/2014:12:51:34 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:35 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:35 +0800]
>>>>>>>> slapi_ldap_bind - Error: could not
>>>>>>>> perform interactive bind for id []
>>>>>>>> mech [GSSAPI]: error -2 (Local error)
>>>>>>>> [30/Jun/2014:12:51:40 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:40 +0800]
>>>>>>>> slapd_ldap_sasl_interactive_bind -
>>>>>>>> Error: could not perform interactive
>>>>>>>> bind for id [] mech [GSSAPI]: LDAP
>>>>>>>> error -2 (Local error) (SASL(-1):
>>>>>>>> generic failure: GSSAPI Error:
>>>>>>>> Unspecified GSS failure. Minor code
>>>>>>>> may provide more information (Ticket
>>>>>>>> expired)) errno 0 (Success)
>>>>>>>> [30/Jun/2014:12:51:40 +0800]
>>>>>>>> slapi_ldap_bind - Error: could not
>>>>>>>> perform interactive bind for id []
>>>>>>>> mech [GSSAPI]: error -2 (Local error)
>>>>>>>> [30/Jun/2014:12:51:52 +0800]
>>>>>>>> NSMMReplicationPlugin -
>>>>>>>> agmt="cn=meToserver1.abc.com
>>>>>>>> <http://meToserver1.abc.com>"
>>>>>>>> (server1:389): Replication bind with
>>>>>>>> GSSAPI auth resumed
>>>>>>>>
>>>>>>>
>>>>>>> You are using an older version of
>>>>>>> 389. The version on server2 is older
>>>>>>> than the version on server1. Can you
>>>>>>> upgrade and see if that fixes your
>>>>>>> problems? Even if it doesn't fix
>>>>>>> your problems, it will be much easier
>>>>>>> for us to support.
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> 2014-07-09 10:55 GMT+08:00
>>>>>>>> <barrykfl at gmail.com
>>>>>>>> <mailto:barrykfl at gmail.com>>:
>>>>>>>>
>>>>>>>> FYI..
>>>>>>>> 160: [04/Jul/2014:12:35:30
>>>>>>>> +0800] conn=936207 fd=73 slot=73
>>>>>>>> connection from 192.168.156.89
>>>>>>>> to 192.168.156.89
>>>>>>>> 163: [04/Jul/2014:12:35:30
>>>>>>>> +0800] conn=936207 op=-1 fd=73
>>>>>>>> closed - B1
>>>>>>>>
>>>>>>>> There is not abt binding but i
>>>>>>>> unsure how to fix ..
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2014-07-09 2:01 GMT+08:00 Rich
>>>>>>>> Megginson <rmeggins at redhat.com
>>>>>>>> <mailto:rmeggins at redhat.com>>:
>>>>>>>>
>>>>>>>> On 07/08/2014 02:16 AM,
>>>>>>>> barrykfl at gmail.com
>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>> wrote:
>>>>>>>>> Resent as size limit.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Here u are server1 's
>>>>>>>>> access log seem one side broken
>>>>>>>>>
>>>>>>>>> the problem is how to make
>>>>>>>>> it replicate again.
>>>>>>>>>
>>>>>>>>> At server 1
>>>>>>>>>
>>>>>>>>> it is ok master server1
>>>>>>>>> master server2
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Another side server 2
>>>>>>>>> contains 2 ip replication.
>>>>>>>>>
>>>>>>>>> ipa-replica-manage list
>>>>>>>>> shown Can't contact LDAP server
>>>>>>>>>
>>>>>>>>> I dont know why but the
>>>>>>>>> prolematic server is sever
>>>>>>>>> 2 not server 1
>>>>>>>>>
>>>>>>>>> log of server2
>>>>>>>>> [08/Jul/2014:16:02:40
>>>>>>>>> +0800] conn=3299731 fd=69
>>>>>>>>> slot=69 connection from
>>>>>>>>> 192.168.15.89 (server1) to
>>>>>>>>> 192.168.15.88(server2)
>>>>>>>>> [08/Jul/2014:16:02:40
>>>>>>>>> +0800] conn=3299731 op=-1
>>>>>>>>> fd=69 closed - B1
>>>>>>>>> [08/Jul/2014:16:02:40
>>>>>>>>> +0800] conn=3299732 fd=69
>>>>>>>>> slot=69 connection from
>>>>>>>>> 192.168.15.89 to 192.168.15.88
>>>>>>>>> [08/Jul/2014:16:02:40
>>>>>>>>> +0800] conn=3299732 op=-1
>>>>>>>>> fd=69 closed - B1
>>>>>>>>> [08/Jul/2014:16:02:41
>>>>>>>>> +0800] conn=3299733 fd=69
>>>>>>>>> slot=69 connection from
>>>>>>>>> 192.168.15.89 to 192.168.15.88
>>>>>>>>> [08/Jul/2014:16:02:41
>>>>>>>>> +0800] conn=3299733 op=-1
>>>>>>>>> fd=69 closed - B1
>>>>>>>>
>>>>>>>> You never answered my
>>>>>>>> question below. "Are you
>>>>>>>> sure that this connection is
>>>>>>>> a replication session? Can
>>>>>>>> you post all of the
>>>>>>>> operations from the access
>>>>>>>> log from conn=936207?"
>>>>>>>>
>>>>>>>> In the future, please avoid
>>>>>>>> spamming the list with large
>>>>>>>> log files. In general, it's
>>>>>>>> better to provide excerpts
>>>>>>>> from the log files showing
>>>>>>>> the problem, paste them to
>>>>>>>> fpaste.org
>>>>>>>> <http://fpaste.org>, and
>>>>>>>> post the link to the mailing
>>>>>>>> list. If for some reason
>>>>>>>> you need to post a large
>>>>>>>> file, please use a file
>>>>>>>> sharing service and post the
>>>>>>>> link to the file.
>>>>>>>>
>>>>>>>> Can you take a look at your
>>>>>>>> errors log from server 1 and
>>>>>>>> server 2 and see if there
>>>>>>>> are any relevant errors?
>>>>>>>>
>>>>>>>> If I had to guess, I would
>>>>>>>> say that there is some sort
>>>>>>>> of network error between
>>>>>>>> server 1 and server 2 that
>>>>>>>> causes the excessive closed
>>>>>>>> - B1. Perhaps there will be
>>>>>>>> more information in the
>>>>>>>> errors log.
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2014-07-07 22:21 GMT+08:00
>>>>>>>>> Rich Megginson
>>>>>>>>> <rmeggins at redhat.com
>>>>>>>>> <mailto:rmeggins at redhat.com>>:
>>>>>>>>>
>>>>>>>>> On 07/04/2014 03:28 AM,
>>>>>>>>> barrykfl at gmail.com
>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>> FOUND something
>>>>>>>>>> strange that server 1
>>>>>>>>>> replicate to itself
>>>>>>>>>> rather than server2
>>>>>>>>>>
>>>>>>>>>> Server1 access log > Wrong
>>>>>>>>>> [04/Jul/2014:12:35:30
>>>>>>>>>> +0800] conn=936207
>>>>>>>>>> fd=73 slot=73
>>>>>>>>>> connection from
>>>>>>>>>> 192.168.15.89( server1
>>>>>>>>>> ) to 192.168.15.89
>>>>>>>>>> (server1)
>>>>>>>>>
>>>>>>>>> Are you sure that this
>>>>>>>>> connection is a
>>>>>>>>> replication session?
>>>>>>>>> Can you post all of the
>>>>>>>>> operations from the
>>>>>>>>> access log from
>>>>>>>>> conn=936207?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Server 2 access log > OK
>>>>>>>>>> [04/Jul/2014:12:35:30
>>>>>>>>>> +0800] conn=936208
>>>>>>>>>> fd=74 slot=74
>>>>>>>>>> connection from
>>>>>>>>>> 192.168.15.89(server2)
>>>>>>>>>> to 192.168.15.88 (server2)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-07-04 9:25
>>>>>>>>>> GMT+08:00
>>>>>>>>>> <barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>:
>>>>>>>>>>
>>>>>>>>>> Just sure now one
>>>>>>>>>> side flow is
>>>>>>>>>> broken, if u
>>>>>>>>>> update server1 ,
>>>>>>>>>> it 100% work
>>>>>>>>>> server2 will upgrade.
>>>>>>>>>> but if u update
>>>>>>>>>> server2 there is
>>>>>>>>>> chance non-syn e.g
>>>>>>>>>> it create username
>>>>>>>>>> in server1 with
>>>>>>>>>> posfix grp >ok
>>>>>>>>>> but in server2 it
>>>>>>>>>> only created
>>>>>>>>>> posfix grp but no
>>>>>>>>>> username
>>>>>>>>>> /attribute it
>>>>>>>>>> occur serveral
>>>>>>>>>> times. I have to
>>>>>>>>>> use command line
>>>>>>>>>> grp del ...etc. to
>>>>>>>>>> force del them and
>>>>>>>>>> recreate them.,.
>>>>>>>>>>
>>>>>>>>>> Result below:
>>>>>>>>>>
>>>>>>>>>> server2.abc.com
>>>>>>>>>> <http://server2.abc.com>:
>>>>>>>>>> replica
>>>>>>>>>> last init
>>>>>>>>>> status: None
>>>>>>>>>> last init ended:
>>>>>>>>>> None
>>>>>>>>>> last update
>>>>>>>>>> status: 0 Replica
>>>>>>>>>> acquired
>>>>>>>>>> successfully:
>>>>>>>>>> Incremental update
>>>>>>>>>> succeeded
>>>>>>>>>> last update
>>>>>>>>>> ended: 2014-07-04
>>>>>>>>>> 00:33:18+00:00
>>>>>>>>>>
>>>>>>>>>> Directory Manager
>>>>>>>>>> password:
>>>>>>>>>>
>>>>>>>>>> server1.abc.com
>>>>>>>>>> <http://server1.abc.com>:
>>>>>>>>>> replica
>>>>>>>>>> last init
>>>>>>>>>> status: 0 Total
>>>>>>>>>> update succeeded
>>>>>>>>>> last init ended:
>>>>>>>>>> 2014-06-20
>>>>>>>>>> 10:07:02+00:00
>>>>>>>>>> last update
>>>>>>>>>> status: 0 Replica
>>>>>>>>>> acquired
>>>>>>>>>> successfully:
>>>>>>>>>> Incremental update
>>>>>>>>>> succeeded
>>>>>>>>>> last update
>>>>>>>>>> ended: 2014-07-04
>>>>>>>>>> 01:14:19+00:00
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> [root@(LIVE)server2 ~]$
>>>>>>>>>> ipactl status
>>>>>>>>>> Directory Service:
>>>>>>>>>> RUNNING
>>>>>>>>>> KDC Service: RUNNING
>>>>>>>>>> KPASSWD Service:
>>>>>>>>>> RUNNING
>>>>>>>>>> MEMCACHE Service:
>>>>>>>>>> RUNNING
>>>>>>>>>> HTTP Service: RUNNING
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2014-07-04 1:34
>>>>>>>>>> GMT+08:00 Rob
>>>>>>>>>> Crittenden
>>>>>>>>>> <rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>>:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>> > Yes they are
>>>>>>>>>> running.
>>>>>>>>>> Server 1 can
>>>>>>>>>> syn to server2
>>>>>>>>>> but error at
>>>>>>>>>> server 2
>>>>>>>>>> > like this.
>>>>>>>>>>
>>>>>>>>>> How do you
>>>>>>>>>> know server 1
>>>>>>>>>> is syncing
>>>>>>>>>> with server 2?
>>>>>>>>>>
>>>>>>>>>> On server 1
>>>>>>>>>> I'd run:
>>>>>>>>>>
>>>>>>>>>> ipa-replica-manage
>>>>>>>>>> list -v `hostname`
>>>>>>>>>>
>>>>>>>>>> This will show
>>>>>>>>>> the
>>>>>>>>>> replication
>>>>>>>>>> status.
>>>>>>>>>>
>>>>>>>>>> And what does
>>>>>>>>>> ipactl status
>>>>>>>>>> show on server 2?
>>>>>>>>>>
>>>>>>>>>> rob
>>>>>>>>>>
>>>>>>>>>> >
>>>>>>>>>> > 2014/7/3 下
>>>>>>>>>> 午10:14 於
>>>>>>>>>> "Rob
>>>>>>>>>> Crittenden"
>>>>>>>>>> <rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>
>>>>>>>>>> >
>>>>>>>>>> <mailto:rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>>>
>>>>>>>>>> 寫道:
>>>>>>>>>> >
>>>>>>>>>> > Please
>>>>>>>>>> keep relies on
>>>>>>>>>> the list.
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>
>>>>>>>>>> wrote:
>>>>>>>>>> > > I saw
>>>>>>>>>> the error
>>>>>>>>>> beloe and
>>>>>>>>>> errpr log is
>>>>>>>>>> it related ?
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> 29/Jun/2014:02:00:58
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> - Error:
>>>>>>>>>> > > could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> LDAP error
>>>>>>>>>> > > -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure:
>>>>>>>>>> GSSAPI Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> > > GSS
>>>>>>>>>> failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide
>>>>>>>>>> more
>>>>>>>>>> information
>>>>>>>>>> (Credentials
>>>>>>>>>> > cache
>>>>>>>>>> > > file
>>>>>>>>>> '/tmp/krb5cc_492'
>>>>>>>>>> not found))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [29/Jun/2014:02:00:58
>>>>>>>>>> +0800]
>>>>>>>>>> slapi_ldap_bind -
>>>>>>>>>> Error: could not
>>>>>>>>>> > perform
>>>>>>>>>> > >
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> >
>>>>>>>>>> > I
>>>>>>>>>> believe this
>>>>>>>>>> is fairly
>>>>>>>>>> normal on a
>>>>>>>>>> new startup.
>>>>>>>>>> It has to start
>>>>>>>>>> >
>>>>>>>>>> somewhere. The
>>>>>>>>>> expired ticket
>>>>>>>>>> errors below
>>>>>>>>>> are unexpected
>>>>>>>>>> since there
>>>>>>>>>> > are so
>>>>>>>>>> many of them.
>>>>>>>>>> Is your KDC
>>>>>>>>>> running?
>>>>>>>>>> >
>>>>>>>>>> > ipactl
>>>>>>>>>> status
>>>>>>>>>> >
>>>>>>>>>> > rob
>>>>>>>>>> >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> 2014-07-02
>>>>>>>>>> 14:15
>>>>>>>>>> GMT+08:00
>>>>>>>>>> <barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> >
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> >
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>>>:
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> this is the
>>>>>>>>>> error log i
>>>>>>>>>> found at
>>>>>>>>>> 2.abc.com
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> >
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:31
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:31
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:31
>>>>>>>>>> +0800]
>>>>>>>>>> slapi_ldap_bind -
>>>>>>>>>> Error: could not
>>>>>>>>>> > >
>>>>>>>>>> perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> error -2
>>>>>>>>>> > (Local
>>>>>>>>>> error)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:31
>>>>>>>>>> +0800]
>>>>>>>>>> NSMMReplicationPlugin
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> agmt="cn=meTo1.abc.com
>>>>>>>>>> <http://meTo1.abc.com>
>>>>>>>>>> <http://meTo1.abc.com>
>>>>>>>>>> >
>>>>>>>>>> <http://meTo1.abc.com>"
>>>>>>>>>> (central:389):
>>>>>>>>>> > >
>>>>>>>>>> Replication
>>>>>>>>>> bind with
>>>>>>>>>> GSSAPI auth
>>>>>>>>>> failed: LDAP
>>>>>>>>>> error -2 (Local
>>>>>>>>>> > >
>>>>>>>>>> error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure:
>>>>>>>>>> GSSAPI Error:
>>>>>>>>>> Unspecified GSS
>>>>>>>>>> > >
>>>>>>>>>> failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide
>>>>>>>>>> more
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> > expired))
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:34
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:35
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:35
>>>>>>>>>> +0800]
>>>>>>>>>> slapi_ldap_bind -
>>>>>>>>>> Error: could not
>>>>>>>>>> > >
>>>>>>>>>> perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> error -2
>>>>>>>>>> > (Local
>>>>>>>>>> error)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:40
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:40
>>>>>>>>>> +0800]
>>>>>>>>>> slapd_ldap_sasl_interactive_bind
>>>>>>>>>> -
>>>>>>>>>> > >
>>>>>>>>>> Error: could
>>>>>>>>>> not perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> > >
>>>>>>>>>> LDAP error -2
>>>>>>>>>> (Local error)
>>>>>>>>>> (SASL(-1):
>>>>>>>>>> generic
>>>>>>>>>> failure: GSSAPI
>>>>>>>>>> > >
>>>>>>>>>> Error:
>>>>>>>>>> Unspecified
>>>>>>>>>> GSS failure.
>>>>>>>>>> Minor code
>>>>>>>>>> may provide more
>>>>>>>>>> > >
>>>>>>>>>> information
>>>>>>>>>> (Ticket
>>>>>>>>>> expired))
>>>>>>>>>> errno 0 (Success)
>>>>>>>>>> > >
>>>>>>>>>> [30/Jun/2014:12:51:40
>>>>>>>>>> +0800]
>>>>>>>>>> slapi_ldap_bind -
>>>>>>>>>> Error: could not
>>>>>>>>>> > >
>>>>>>>>>> perform
>>>>>>>>>> interactive
>>>>>>>>>> bind for id []
>>>>>>>>>> mech [GSSAPI]:
>>>>>>>>>> error -2
>>>>>>>>>> > (Local
>>>>>>>>>> error)
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> 2014-07-02
>>>>>>>>>> 12:32
>>>>>>>>>> GMT+08:00
>>>>>>>>>> <barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> >
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>
>>>>>>>>>> > >
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>
>>>>>>>>>> <mailto:barrykfl at gmail.com
>>>>>>>>>> <mailto:barrykfl at gmail.com>>>>:
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> yes on node
>>>>>>>>>> 1 it is
>>>>>>>>>> happening only
>>>>>>>>>> node2 fail connect
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>>
>>>>>>>>>> ipa-replica-manage
>>>>>>>>>> list 2.abc.com
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> >
>>>>>>>>>> <http://2.abc.com>
>>>>>>>>>> > >
>>>>>>>>>> Directory
>>>>>>>>>> Manager password:
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> 1.abc.com
>>>>>>>>>> <http://1.abc.com>
>>>>>>>>>> <http://1.abc.com>
>>>>>>>>>> <http://1.abc.com>:
>>>>>>>>>> replica
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> 2014-06-30
>>>>>>>>>> 20:59
>>>>>>>>>> GMT+08:00 Rob
>>>>>>>>>> Crittenden
>>>>>>>>>> >
>>>>>>>>>> <rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>
>>>>>>>>>> <mailto:rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>>
>>>>>>>>>> > >
>>>>>>>>>>
>>>>>>>>>> <mailto:rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>
>>>>>>>>>> <mailto:rcritten at redhat.com
>>>>>>>>>> <mailto:rcritten at redhat.com>>>>:
>>>>>>>>>> > >
>>>>>>>>>> > >
>>>>>>>>>> Barry wrote:
>>>>>>>>>> > >
>>>>>>>>>> > Hi:
>>>>>>>>>> > >
>>>>>>>>>>
>>>>> ...
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>
More information about the Freeipa-users
mailing list