[Freeipa-users] dns/ldap failing after temporary storage problem

Tiemen Ruiten t.ruiten at rdmedia.com
Fri Aug 19 09:43:15 UTC 2016 

I see I didn't use the right terminology: all four of my FreeIPA servers
are masters.

On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:

> Hello,
>
> I need some help getting one of my replica's to work. Assistance would be
> much appreciated.
>
> After the iSCSI volumes of two replicas of were briefly unavailable, on
> one of them DNS and LDAP stopped working and replication seems to have
> stopped. The ipa service failed with a message that an upgrade was
> required, so I ran ipa-server-upgrade, but it failed due to an empty
> dse.ldif.
>
> Then I probably made a mistake by copying a dse.ldif from another replica
> and trying to run the upgrade. It worked more or less, but DNS still didn't
> work.
>
> Next I replaced it with an older backup file (from Aug 4) ran the upgrade
> command again and after some fiddling all services started normally, except
> ipa-dnskeysyncd:
>
> journalctl -u ipa-dnskeysyncd
>
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
> daemon.
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
> daemon...
> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
> WARNING: session memcached servers not running
> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>     : INFO     LDAP bind...
> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
> step 1
> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
> step 1
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>     : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
> more information (No key table entry found matching
> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> Traceback (most recent call last):
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
> sasl_interactive_bind_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**
> kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
> _apply_method_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
> func(self,*args,**kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
> sasl_interactive_bind_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
> self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,
> RequestControlTuples(serverctrls),RequestControlTuples(
> clientctrls),sasl_flags)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
> _ldap_call
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result
> = func(*args,**kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information (No key
> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc':
> 'Invalid credentials'}
>
> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
> DNS and logins to the webinterface on this host are still not working.
>
> What can I do to get this replica in working order again?
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/a3dbaadc/attachment.htm>

More information about the Freeipa-users mailing list