[Freeipa-users] SASL(-13) authentication failure
Bryan Pearson
bwp.pearson at gmail.com
Sat Feb 7 07:22:29 UTC 2015
Okay, sorry for the messages. The original issue has been resolved, one of
the servers time was off.
I am now having a problem similar to this:
https://bugzilla.redhat.com/show_bug.cgi?id=953653. My logs indicate all
the same issues.
With IPA 3.0.0 and Centos 6.6 is this still a viable solution to the
problem?
Bryan
On Sat, Feb 7, 2015 at 12:17 AM, Bryan Pearson <bwp.pearson at gmail.com>
wrote:
> I did a bit more digging into the issue, and realized that the ruv-id of
> ipa2 is different on only one of the servers of the 3. I am imaging I will
> need to run clean-ruv on inconsistent node.
>
> Bryan
>
> On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson <bwp.pearson at gmail.com>
> wrote:
>
>> Hello,
>>
>> My IPA servers are currently saying:
>>
>> "Failed to get data from 'hostname.lan': Invalid credentials SASL(-13):
>> authentication failure: GSSAPI Failure: gss_accept_sec_context"
>>
>> tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors
>>
>> [06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
>> (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
>> gss_accept_sec_context) errno 0 (Success)
>> [06/Feb/2015:21:42:41 -0500] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
>>
>> We have 3 master replicas in operation. ipa2, ipa3, ipa4 and ipa1 we are
>> decommissioning. After losing the CA on 2 nodes, we promoted ipa3 to
>> master, and created a replica file, scped it to ipa4, installed it, and on
>> ipa4 created ipa2. Because of design, 3 and 2 cant communicate with each
>> other.
>>
>> I just stopped dirsrv and pki-ca on ipa1, so its possible it is creating
>> issues.
>>
>> I cant determine where the credentials or how to get them changed as all
>> the nodes are now having similar issues replicating.
>>
>> Bryan
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150207/5cfd6f7e/attachment.htm>
More information about the Freeipa-users
mailing list