[Freeipa-users] server 1 and server 2 cannot replicate now may be ssl cert expire
barrykfl at gmail.com
barrykfl at gmail.com
Fri Apr 29 17:13:02 UTC 2016
server 1:
ipa-server-3.0.0-26.el6_4.4.x86_64
server2
ipa-server-3.0.0-37.el6.x86_64
2016-04-30 1:10 GMT+08:00 <barrykfl at gmail.com>:
>
> ipa-server-3.0.0-37.el6.x86_64 << here
>
> 2016-04-29 19:36 GMT+08:00 Martin Basti <mbasti at redhat.com>:
>
>> Please keep, user-list in CC
>>
>> You did not send all information I requested.
>>
>> Please use `rpm -ql ipa-server` to get exact version number
>>
>>
>> On 29.04.2016 13:32, barrykfl at gmail.com wrote:
>>
>> Error.is from Gss api And i m thinkbif it relate cert issue.
>>
>> Server1> server 2 fail
>> Server 2 > server1 ok
>>
>> Freeipa 3.0 both
>>
>> slapd_ldap_sasl_interactive_bind - Error: could not perform interactive
>> bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1):
>> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may
>> provide more information (Credentials cache file '/tmp/krb5cc_492' not
>> found)) errno 0 (Success)
>> [26/Apr/2016:18:40:19 +0800] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [26/Apr/2016:18:40:19 +0800] NSMMReplicationPlugin - agmt="cn=
>> meTocentral02.ABC.com <http://metocentral02.abc.com/>" (central02:389):
>> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error)
>> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
>> code may provide more information (Credentials cache file '/tmp/krb5cc_492'
>> not found))
>> [26/Apr/2016:18:40:19 +0800] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [26/Apr/2016:18:40:19 +0800] - Listening on /var/run/slapd-ABC-COM.socket
>> for LDAPI requests
>> [26/Apr/2016:18:40:23 +0800] NSMMReplicationPlugin - agmt="cn=
>> meTocentral02.ABC.com <http://metocentral02.abc.com/>" (central02:389):
>> Replication bind with GSSAPI auth resumed
>> [26/Apr/2016:18:40:23 +0800] NSMMReplicationPlugin - agmt="cn=
>> meTocentral02.ABC.com <http://metocentral02.abc.com/>" (central02:389):
>> Missing data encountered
>> [26/Apr/2016:18:40:23 +0800]
>>
>>
>> On 29.04.2016 13:02, barrykfl at gmail.com wrote:
>>
>> Hi All:
>>
>> Any method can fall back the default ipa cert if I didn't backup orginal?
>>
>> Now the slapd and ipa cert storage quite a mess so they cant replicate
>> even disabled nsslapd:security to off
>>
>>
>> thx
>> Barry
>>
>>
>> Hello Barry,
>>
>> Can you provide more info?
>>
>> What is your IPA version, OS?
>> What are the symptoms you are experiencing?
>> What do you mean by default ipa cert ?
>> Can you provide logs from replicas?
>> Can you provide `getcert list` command output?
>> Can you provide `ipactl status` from both server?
>>
>> Replication uses GSSAPI, at least on new IPA versions, I'm not sure if
>> certificates are involved in this.
>>
>> Martin
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160430/c7ff17a7/attachment.htm>
More information about the Freeipa-users
mailing list