[Freeipa-users] Replication failed

Martin Basti mbasti at redhat.com
Tue Apr 7 12:21:12 UTC 2015 

Great!

additional comments inline

Martin

On 07/04/15 13:56, Sanju A wrote:
> Dear Martin,
>
> Thanks for your help and the replication issue got resolved after 
> syncing the time. But I am not able to login to the replica server web 
> ui. Keep on getting "Your session has expired. Please re-login.". 
> Please find the logs.
>
Does CLI command works on the server?
What do you use, form based authentication or kerberos to login to webUI?
Did you try to clean browser cache (or kdestroy)?
You can find something useful in this thread, 
https://www.redhat.com/archives/freeipa-users/2015-April/msg00047.html
>
> [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time 
> skew (-20287 secs). Current seqnum=1
> [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time 
> skew (-20288 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20288 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20289 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20290 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20291 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20292 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20293 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20294 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20295 secs). Current seqnum=1
> [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
> skew (-20296 secs). Current seqnum=1
> [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
> skew (-20296 secs). Current seqnum=1
> [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
> skew (-20297 secs). Current seqnum=1
> [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
> skew (-20298 secs). Current seqnum=1
> [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
> skew (-20299 secs). Current seqnum=1
> [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
> skew (-20299 secs). Current seqnum=1
> [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
> skew (-20300 secs). Current seqnum=1
> [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
> skew (-20301 secs). Current seqnum=1
> [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
> skew (-20302 secs). Current seqnum=1
> [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
> skew (-20301 secs). Current seqnum=1
> [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
> skew (-20302 secs). Current seqnum=1
> [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
> skew (-20303 secs). Current seqnum=1
 From which log is this?
>
>
> Regards
> Sanju Abraham
> Linux Admin
>
>
>
>
> From: Martin Basti <mbasti at redhat.com>
> To: Sanju A <sanju.a at tcs.com>, freeipa-users at redhat.com
> Date: 07-04-2015 16:53
> Subject: Re: [Freeipa-users] Replication failed
> ------------------------------------------------------------------------
>
>
>
> On 07/04/15 13:13, Sanju A wrote:
> Dear All,
>
> Replication was working fine for the last 1 month and recently the 
> replica server (ipa2) is having some hardware issue and it was down 
> for a week.
> Replication is not working once the machine is up. Please help.
>
>
> [root at ipa etc]# service dirsrv status
> dirsrv PKI-IPA (pid 29954) is running...
> dirsrv DOMAIN-COM (pid 30023) is running...
>
>
> [root at ipa2 ~]# service dirsrv status
> dirsrv DOMAIN-COM (pid 1892) is running...
> [root at ipa2 ~]#
>
>
>
> [root at ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
>
> [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file 
> ipa_range_check.c, line 235]: Missing entry to modify.
> [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file 
> ipa_range_check.c, line 235]: Missing entry to modify.
> [07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> ^C
>
>
> [root at ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
>
> [07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
> [07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - 
> Error: could not perform interactive bind for id [] mech [GSSAPI]: 
> LDAP error 49 (Invalid credentials) (SASL(-13): authentication 
> failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
> [07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not 
> perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid 
> credentials)
>
>
>
>
> Regards
> Sanju Abraham
> Linux Admin
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
> Hello,
>
> do you have synchronized time on both servers?
>
>
> Martin
>
> -- 
> Martin Basti
>


-- 
Martin Basti

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150407/92ee670d/attachment.htm>

More information about the Freeipa-users mailing list