[Freeipa-users] dns/ldap failing after temporary storage problem

Tiemen Ruiten t.ruiten at rdmedia.com
Fri Aug 19 13:26:26 UTC 2016 

Managed to fix it: had to stop dirsrv at IPA-RDMEDIA-COM and put the server's
hostname on the line with nsslapd-localhost

Then run ipa-replica-manage re-initialize --from
other-master.ipa.rdmedia.com

On 19 August 2016 at 12:14, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:

> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors,
> looks definitely like an issue with dirsrv.
>
> On 19 August 2016 at 11:43, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>
>> I see I didn't use the right terminology: all four of my FreeIPA servers
>> are masters.
>>
>> On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>>
>>> Hello,
>>>
>>> I need some help getting one of my replica's to work. Assistance would
>>> be much appreciated.
>>>
>>> After the iSCSI volumes of two replicas of were briefly unavailable, on
>>> one of them DNS and LDAP stopped working and replication seems to have
>>> stopped. The ipa service failed with a message that an upgrade was
>>> required, so I ran ipa-server-upgrade, but it failed due to an empty
>>> dse.ldif.
>>>
>>> Then I probably made a mistake by copying a dse.ldif from another
>>> replica and trying to run the upgrade. It worked more or less, but DNS
>>> still didn't work.
>>>
>>> Next I replaced it with an older backup file (from Aug 4) ran the
>>> upgrade command again and after some fiddling all services started
>>> normally, except ipa-dnskeysyncd:
>>>
>>> journalctl -u ipa-dnskeysyncd
>>>
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
>>> daemon.
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
>>> daemon...
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
>>> WARNING: session memcached servers not running
>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>       : INFO     LDAP bind...
>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>> step 1
>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>> step 1
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>>> more information (No key table entry found matching
>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> Traceback (most recent call last):
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
>>> sasl_interactive_bind_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
>>> s,*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
>>> _apply_method_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> return func(self,*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
>>> sasl_interactive_bind_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
>>> uestControlTuples(serverctrls),RequestControlTuples(clientct
>>> rls),sasl_flags)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
>>> _ldap_call
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> result = func(*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
>>> Unspecified GSS failure.  Minor code may provide more information (No key
>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)',
>>> 'desc': 'Invalid credentials'}
>>>
>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
>>> DNS and logins to the webinterface on this host are still not working.
>>>
>>> What can I do to get this replica in working order again?
>>>
>>> --
>>> Tiemen Ruiten
>>> Systems Engineer
>>> R&D Media
>>>
>>
>>
>>
>> --
>> Tiemen Ruiten
>> Systems Engineer
>> R&D Media
>>
>
>
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/a8be4851/attachment.htm>

More information about the Freeipa-users mailing list