[Freeipa-users] ipa-replica-manage list fail on server 2
barrykfl at gmail.com
barrykfl at gmail.com
Wed Jul 9 02:55:05 UTC 2014
FYI..
160: [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from
192.168.156.89 to 192.168.156.89
163: [04/Jul/2014:12:35:30 +0800] conn=936207 op=-1 fd=73 closed - B1
There is not abt binding but i unsure how to fix ..
2014-07-09 2:01 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
> On 07/08/2014 02:16 AM, barrykfl at gmail.com wrote:
>
> Resent as size limit.
>
>
> Here u are server1 's access log seem one side broken
>
> the problem is how to make it replicate again.
>
> At server 1
>
> it is ok master server1 master server2
>
>
> Another side server 2 contains 2 ip replication.
>
> ipa-replica-manage list shown Can't contact LDAP server
>
> I dont know why but the prolematic server is sever 2 not server 1
>
> log of server2
> [08/Jul/2014:16:02:40 +0800] conn=3299731 fd=69 slot=69 connection from
> 192.168.15.89 (server1) to 192.168.15.88(server2)
> [08/Jul/2014:16:02:40 +0800] conn=3299731 op=-1 fd=69 closed - B1
> [08/Jul/2014:16:02:40 +0800] conn=3299732 fd=69 slot=69 connection from
> 192.168.15.89 to 192.168.15.88
> [08/Jul/2014:16:02:40 +0800] conn=3299732 op=-1 fd=69 closed - B1
> [08/Jul/2014:16:02:41 +0800] conn=3299733 fd=69 slot=69 connection from
> 192.168.15.89 to 192.168.15.88
> [08/Jul/2014:16:02:41 +0800] conn=3299733 op=-1 fd=69 closed - B1
>
>
> You never answered my question below. "Are you sure that this connection
> is a replication session? Can you post all of the operations from the
> access log from conn=936207?"
>
> In the future, please avoid spamming the list with large log files. In
> general, it's better to provide excerpts from the log files showing the
> problem, paste them to fpaste.org, and post the link to the mailing
> list. If for some reason you need to post a large file, please use a file
> sharing service and post the link to the file.
>
> Can you take a look at your errors log from server 1 and server 2 and see
> if there are any relevant errors?
>
> If I had to guess, I would say that there is some sort of network error
> between server 1 and server 2 that causes the excessive closed - B1.
> Perhaps there will be more information in the errors log.
>
>
>
>
>
> 2014-07-07 22:21 GMT+08:00 Rich Megginson <rmeggins at redhat.com>:
>
>> On 07/04/2014 03:28 AM, barrykfl at gmail.com wrote:
>>
>> FOUND something strange that server 1 replicate to itself rather than
>> server2
>>
>> Server1 access log > Wrong
>> [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from
>> 192.168.15.89( server1 ) to 192.168.15.89 (server1)
>>
>>
>> Are you sure that this connection is a replication session? Can you
>> post all of the operations from the access log from conn=936207?
>>
>>
>>
>>
>> Server 2 access log > OK
>> [04/Jul/2014:12:35:30 +0800] conn=936208 fd=74 slot=74 connection from
>> 192.168.15.89(server2) to 192.168.15.88 (server2)
>>
>>
>> 2014-07-04 9:25 GMT+08:00 <barrykfl at gmail.com>:
>>
>>> Just sure now one side flow is broken, if u update server1 , it 100%
>>> work server2 will upgrade.
>>> but if u update server2 there is chance non-syn e.g it create username
>>> in server1 with posfix grp >ok
>>> but in server2 it only created posfix grp but no username /attribute it
>>> occur serveral times. I have to use command line grp del ...etc. to force
>>> del them and recreate them.,.
>>>
>>> Result below:
>>>
>>> server2.abc.com: replica
>>> last init status: None
>>> last init ended: None
>>> last update status: 0 Replica acquired successfully: Incremental
>>> update succeeded
>>> last update ended: 2014-07-04 00:33:18+00:00
>>>
>>> Directory Manager password:
>>>
>>> server1.abc.com: replica
>>> last init status: 0 Total update succeeded
>>> last init ended: 2014-06-20 10:07:02+00:00
>>> last update status: 0 Replica acquired successfully: Incremental
>>> update succeeded
>>> last update ended: 2014-07-04 01:14:19+00:00
>>>
>>>
>>>
>>> [root@(LIVE)server2 ~]$ ipactl status
>>> Directory Service: RUNNING
>>> KDC Service: RUNNING
>>> KPASSWD Service: RUNNING
>>> MEMCACHE Service: RUNNING
>>> HTTP Service: RUNNING
>>>
>>>
>>> 2014-07-04 1:34 GMT+08:00 Rob Crittenden <rcritten at redhat.com>:
>>>
>>> barrykfl at gmail.com wrote:
>>>> > Yes they are running. Server 1 can syn to server2 but error at server
>>>> 2
>>>> > like this.
>>>>
>>>> How do you know server 1 is syncing with server 2?
>>>>
>>>> On server 1 I'd run:
>>>>
>>>> ipa-replica-manage list -v `hostname`
>>>>
>>>> This will show the replication status.
>>>>
>>>> And what does ipactl status show on server 2?
>>>>
>>>> rob
>>>>
>>>> >
>>>> > 2014/7/3 下午10:14 於 "Rob Crittenden" <rcritten at redhat.com
>>>> > <mailto:rcritten at redhat.com>> 寫道:
>>>> >
>>>> > Please keep relies on the list.
>>>> >
>>>> > barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
>>>> > > I saw the error beloe and errpr log is it related ?
>>>> > >
>>>> > > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind -
>>>> Error:
>>>> > > could not perform interactive bind for id [] mech [GSSAPI]:
>>>> LDAP error
>>>> > > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error:
>>>> Unspecified
>>>> > > GSS failure. Minor code may provide more information
>>>> (Credentials
>>>> > cache
>>>> > > file '/tmp/krb5cc_492' not found)) errno 0 (Success)
>>>> > > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not
>>>> > perform
>>>> > > interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>>>> >
>>>> > I believe this is fairly normal on a new startup. It has to start
>>>> > somewhere. The expired ticket errors below are unexpected since
>>>> there
>>>> > are so many of them. Is your KDC running?
>>>> >
>>>> > ipactl status
>>>> >
>>>> > rob
>>>> >
>>>> > >
>>>> > >
>>>> > > 2014-07-02 14:15 GMT+08:00 <barrykfl at gmail.com
>>>> > <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
>>>> > <mailto:barrykfl at gmail.com>>>:
>>>> > >
>>>> > >
>>>> > > this is the error log i found at 2.abc.com <
>>>> http://2.abc.com>
>>>> > <http://2.abc.com>
>>>> > >
>>>> > > [30/Jun/2014:12:51:31 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:31 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could
>>>> not
>>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2
>>>> > (Local error)
>>>> > > [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
>>>> > > agmt="cn=meTo1.abc.com <http://meTo1.abc.com>
>>>> > <http://meTo1.abc.com>" (central:389):
>>>> > > Replication bind with GSSAPI auth failed: LDAP error -2
>>>> (Local
>>>> > > error) (SASL(-1): generic failure: GSSAPI Error:
>>>> Unspecified GSS
>>>> > > failure. Minor code may provide more information (Ticket
>>>> > expired))
>>>> > > [30/Jun/2014:12:51:34 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:35 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could
>>>> not
>>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2
>>>> > (Local error)
>>>> > > [30/Jun/2014:12:51:40 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:40 +0800]
>>>> slapd_ldap_sasl_interactive_bind -
>>>> > > Error: could not perform interactive bind for id [] mech
>>>> [GSSAPI]:
>>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI
>>>> > > Error: Unspecified GSS failure. Minor code may provide more
>>>> > > information (Ticket expired)) errno 0 (Success)
>>>> > > [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could
>>>> not
>>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2
>>>> > (Local error)
>>>> > >
>>>> > >
>>>> > > 2014-07-02 12:32 GMT+08:00 <barrykfl at gmail.com
>>>> > <mailto:barrykfl at gmail.com>
>>>> > > <mailto:barrykfl at gmail.com <mailto:barrykfl at gmail.com>>>:
>>>> > >
>>>> > > yes on node 1 it is happening only node2 fail connect
>>>> > >
>>>> > > ipa-replica-manage list 2.abc.com <http://2.abc.com>
>>>> > <http://2.abc.com>
>>>> > > Directory Manager password:
>>>> > >
>>>> > > 1.abc.com <http://1.abc.com> <http://1.abc.com>:
>>>> replica
>>>> > >
>>>> > >
>>>> > >
>>>> > > 2014-06-30 20:59 GMT+08:00 Rob Crittenden
>>>> > <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>>> > > <mailto:rcritten at redhat.com <mailto:
>>>> rcritten at redhat.com>>>:
>>>> > >
>>>> > > Barry wrote:
>>>> > > > Hi:
>>>> > > >
>>>> > > > Server 1 and Sever 2 is cluster master master
>>>> > orginally ,
>>>> > > but server 2
>>>> > > > fail to connect server1 ,.
>>>> > > >
>>>> > > > ipa-replica-manage list shown Can't contact LDAP
>>>> server
>>>> > > >
>>>> > > > But as server1 it is ok master server1 master
>>>> server2 ,
>>>> > > >
>>>> > > > It seem affect if update on server 1 then it syn
>>>> to
>>>> > > server2 no problem
>>>> > > > but sometimes if modfy in server2 if fail to
>>>> update
>>>> > server1.
>>>> > > >
>>>> > > > Any idea to rebuild mutual relationship.?
>>>> > >
>>>> > > The first step is to diagnose what is wrong. I've
>>>> already
>>>> > > suggested a
>>>> > > few things,
>>>> > >
>>>> >
>>>> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
>>>> > >
>>>> > > rob
>>>> > >
>>>> > > --
>>>> > > Manage your subscription for the Freeipa-users
>>>> mailing
>>>> > list:
>>>> > >
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> > > Go To http://freeipa.org for more info on the
>>>> project
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> >
>>>>
>>>>
>>>
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140709/923fa926/attachment.htm>
More information about the Freeipa-users
mailing list