[Freeipa-users] ipa-replica-manage list fail on server 2
Rob Crittenden
rcritten at redhat.com
Thu Jul 3 14:14:36 UTC 2014
Please keep relies on the list.
barrykfl at gmail.com wrote:
> I saw the error beloe and errpr log is it related ?
>
> 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (Credentials cache
> file '/tmp/krb5cc_492' not found)) errno 0 (Success)
> [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
I believe this is fairly normal on a new startup. It has to start
somewhere. The expired ticket errors below are unexpected since there
are so many of them. Is your KDC running?
ipactl status
rob
>
>
> 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com <mailto:barrykfl at gmail.com>>:
>
>
> this is the error log i found at 2.abc.com <http://2.abc.com>
>
> [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
> agmt="cn=meTo1.abc.com <http://meTo1.abc.com>" (central:389):
> Replication bind with GSSAPI auth failed: LDAP error -2 (Local
> error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> failure. Minor code may provide more information (Ticket expired))
> [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind -
> Error: could not perform interactive bind for id [] mech [GSSAPI]:
> LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Ticket expired)) errno 0 (Success)
> [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>
>
> 2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
> <mailto:barrykfl at gmail.com>>:
>
> yes on node 1 it is happening only node2 fail connect
>
> ipa-replica-manage list 2.abc.com <http://2.abc.com>
> Directory Manager password:
>
> 1.abc.com <http://1.abc.com>: replica
>
>
>
> 2014-06-30 20:59 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>:
>
> Barry wrote:
> > Hi:
> >
> > Server 1 and Sever 2 is cluster master master orginally ,
> but server 2
> > fail to connect server1 ,.
> >
> > ipa-replica-manage list shown Can't contact LDAP server
> >
> > But as server1 it is ok master server1 master server2 ,
> >
> > It seem affect if update on server 1 then it syn to
> server2 no problem
> > but sometimes if modfy in server2 if fail to update server1.
> >
> > Any idea to rebuild mutual relationship.?
>
> The first step is to diagnose what is wrong. I've already
> suggested a
> few things,
> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
>
> rob
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
>
>
>
More information about the Freeipa-users
mailing list