[Freeipa-users] Replication failed
Sanju A
sanju.a at tcs.com
Tue Apr 7 11:56:18 UTC 2015
Dear Martin,
Thanks for your help and the replication issue got resolved after syncing
the time. But I am not able to login to the replica server web ui. Keep on
getting "Your session has expired. Please re-login.". Please find the
logs.
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time
skew (-20287 secs). Current seqnum=1
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20289 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20290 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20291 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20292 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20293 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20294 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20295 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20297 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20298 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20300 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20303 secs). Current seqnum=1
Regards
Sanju Abraham
Linux Admin
From: Martin Basti <mbasti at redhat.com>
To: Sanju A <sanju.a at tcs.com>, freeipa-users at redhat.com
Date: 07-04-2015 16:53
Subject: Re: [Freeipa-users] Replication failed
On 07/04/15 13:13, Sanju A wrote:
Dear All,
Replication was working fine for the last 1 month and recently the replica
server (ipa2) is having some hardware issue and it was down for a week.
Replication is not working once the machine is up. Please help.
[root at ipa etc]# service dirsrv status
dirsrv PKI-IPA (pid 29954) is running...
dirsrv DOMAIN-COM (pid 30023) is running...
[root at ipa2 ~]# service dirsrv status
dirsrv DOMAIN-COM (pid 1892) is running...
[root at ipa2 ~]#
[root at ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
[07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c, line 235]: Missing entry to modify.
[07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c, line 235]: Missing entry to modify.
[07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
^C
[root at ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
[07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
[07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
Regards
Sanju Abraham
Linux Admin
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Hello,
do you have synchronized time on both servers?
Martin
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150407/acfc1547/attachment.htm>
More information about the Freeipa-users
mailing list