[Freeipa-users] ipactl start fails for no apparent reason
Traiano Welcome
traiano at gmail.com
Wed Apr 1 14:09:24 UTC 2015
Dude. You rock :-)
That was it !! All the entries were the wrong way round (not sure how
I missed that ... time for a visit to the optometrists)
Beer is in the mail!
And thanks to all @redhat for an excellent piece of software and for
all the help today!
On Wed, Apr 1, 2015 at 4:40 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Traiano Welcome wrote:
>> Hi Dmitri
>>
>> This is a freshly generated DS log (sanitized: XYZ = realm):
>>
>>
>> 389-Directory/1.3.1.6 B2014.160.2139
>> lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL)
>>
>> [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up
>> [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no
>> entries set up under cn=computers, cn=compat,dc=xyz,dc=local
>> [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password
>> Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which
>> should be added before the CoS Definition.
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task:
>> cleanAllRUV task found, resuming the cleaning of rid(6)...
>> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send
>> startTLS request: error -1 (Can't contact LDAP server) errno 0
>> (Success)
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin -
>> agmt="cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat"
>> (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP
>> error -1 (Can't contact LDAP server) ()
>> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
>> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
>> [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password
>> Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which
>> should be added before the CoS Definition.
>> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
>> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure. Minor code may provide more information (No Kerberos
>> credentials available)) errno 2 (No such file or directory)
>> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not
>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>> error -2 (Local error)
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin -
>> agmt="cn=meTololard-xyz-slve.xyz.local" (lolard-xyz-slve:389):
>> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error)
>> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (No Kerberos credentials
>> available))
>> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
>> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
>> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not
>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>> error -1 (Can't contact LDAP server)
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin -
>> agmt="cn=meTololospr-xyz-slve.xyz.local" (lolospr-xyz-slve:389):
>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact
>> LDAP server) ()
>> [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636
>> for LDAPS requests
>> [01/Apr/2015:15:19:02 +0300] - Listening on
>> /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests
>> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
>> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure. Minor code may provide more information (No Kerberos
>> credentials available)) errno 0 (Success)
>> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not
>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>> error -2 (Local error)
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin -
>> agmt="cn=meTololpr-xyz-slve.xyz.local" (lolpr-xyz-slve:389):
>> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error)
>> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (No Kerberos credentials
>> available))
>> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure. Minor code may provide more information (No Kerberos
>> credentials available)) errno 0 (Success)
>> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not
>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>> error -2 (Local error)
>> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin -
>> agmt="cn=meToukpr-xyz-slve.xyz.local" (ukpr-xyz-slve:389): Replication
>> bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
>> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code
>> may provide more information (No Kerberos credentials available))
>> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure. Minor code may provide more information (No Kerberos
>> credentials available))
>> [01/Apr/2015:15:19:04 +0300] - slapd shutting down - signaling operation threads
>> [01/Apr/2015:15:19:04 +0300] - slapd shutting down - closing down
>> internal subsystems and plugins
>> [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task:
>> Cleaning rid (6)...
>> [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task:
>> Waiting to process all the updates from the deleted replica...
>> [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task:
>> Waiting for all the replicas to be online...
>> [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task:
>> Server shutting down. Process will resume at server startup
>> [01/Apr/2015:15:19:05 +0300] - Waiting for 4 database threads to stop
>> [01/Apr/2015:15:19:05 +0300] - All database threads now stopped
>> [01/Apr/2015:15:19:05 +0300] - slapd stopped.
>
> At least some of this noise is expected. When 389-ds starts it has no
> ccache, logs about it, then goes about getting one. At the same time
> replication agreements are starting and if the credentials haven't been
> obtained yet, those fail as well. It all (usually) ends up syncing back
> up within a few seconds.
>
> Do you hae an entry for this machine in /etc/hosts? If so, is the FQDN
> first? If not it should be.
>
> rob
>
More information about the Freeipa-users
mailing list