[Freeipa-users] Replication stopped working

Thu Sep 4 21:03:09 UTC 2014

sudo ipa-replica-conncheck --replica

for all replicas comes back with

...

The following UDP ports could not be verified as open: 88, 464

This can happen if they are already bound to an application

and ipa-replica-conncheck cannot attach own UDP responder.

Connection from master to replica is OK.

ipa-replica-manage -v list $REPLICA fails w/

Failed to get data from 'REPLICA': Invalid credentials SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context

The common error is: nsds5replicaLastUpdateStatus: -2  - LDAP error: Local
error

On Thu, Sep 4, 2014 at 11:21 AM, Fredy Sanchez <fredy.sanchez at modmed.com>
wrote:

> I should add that we already tried everything at
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
> On Thu, Sep 4, 2014 at 11:11 AM, Guillermo Fuentes <
> guillermo.fuentes at modernizingmedicine.com> wrote:
>
>> Hello list,
>>
>> We’re running FreeIPA with a master and 3 replicas. The replication
>> stopped working and currently we’re adding resources only to the
>> master. This is the environment we have:
>> m1:
>>   OS: CentOS release 6.5
>>   FreeIPA: 3.0.0-37
>>   CA: pki-ca-9.0.3
>>
>>
>> # ipa-replica-manage list -v `hostname`
>> m2.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: 49  - LDAP error: Invalid credentials
>>   last update ended: None
>> m3.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: 0 Replica acquired successfully: Incremental
>> update succeeded
>>   last update ended: 2014-09-04 14:28:44+00:00
>> m4.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: -2  - LDAP error: Local error
>>   last update ended: None
>>
>> m2:
>>   OS: CentOS release 6.5
>>   FreeIPA: 3.0.0-37
>>
>> # ipa-replica-manage list -v `hostname`
>> m1.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: -1 Incremental update has failed and requires
>> administrator actionLDAP error: Can't contact LDAP server
>>   last update ended: 2014-09-03 22:53:21+00:00
>>
>> m3:
>>   OS: CentOS release 6.5
>>   FreeIPA: 3.0.0-37
>>
>> # ipa-replica-manage list -v `hostname`
>> m1.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: 0 Replica acquired successfully: Incremental
>> update succeeded
>>   last update ended: 2014-09-04 14:31:51+00:00
>>
>> m4:
>>   OS: CentOS release 6.5
>>   FreeIPA: 3.3.3-28
>>
>> # ipa-replica-manage list -v `hostname`
>> m1.example.com: replica
>>   last init status: None
>>   last init ended: None
>>   last update status: 49 Unable to acquire replicaLDAP error: Invalid
>> credentials
>>   last update ended: None
>>
>>
>> Note that although m3 reports “Incremental update succeeded”, users
>> created on m1 are not replicated to m3, and users created on m3 are
>> not replicated back to m1.
>>
>> We’ve tried different things including re-initializing m2.
>>
>> Can somebody point me in the right direction to get replication going
>> again?
>>
>> Thanks in advance!
>>
>> Guillermo
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>
>
>
>
> --
>  Cheers,
>
> Fredy Sanchez
> IT Manager @ Modernizing Medicine
> 561-880-2998 x237
> fredy.sanchez at modmed.com
>
> Need IT support? Visit https://mmit.zendesk.com
>
>    -
>
>
>    -
>
>

-- 
Cheers,

Fredy Sanchez
IT Manager @ Modernizing Medicine
561-880-2998 x237
fredy.sanchez at modmed.com

Need IT support? Visit https://mmit.zendesk.com

   -

   -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140904/11999b5a/attachment.htm>