[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}
Brian J. Murrell
brian at interlinx.bc.ca
Sat Dec 17 03:53:07 UTC 2016
Hi,
After upgrading to EL 7.3 which included an upgrade of IPA from 4.2.0-
15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting:
22:01:00 ipa-dnskeysyncd ipa : INFO LDAP bind...
22:01:00 ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}
22:01:00 ipa-dnskeysyncd Traceback (most recent call last):
22:01:00 ipa-dnskeysyncd File "/usr/libexec/ipa/ipa-dnskeysyncd", line 90, in <module>
22:01:00 ipa-dnskeysyncd ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
22:01:00 ipa-dnskeysyncd File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in sasl_interactive_bind_s
22:01:00 ipa-dnskeysyncd res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
22:01:00 ipa-dnskeysyncd File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in _apply_method_s
22:01:00 ipa-dnskeysyncd return func(self,*args,**kwargs)
22:01:00 ipa-dnskeysyncd File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in sasl_interactive_bind_s
22:01:00 ipa-dnskeysyncd return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
22:01:00 ipa-dnskeysyncd File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
22:01:00 ipa-dnskeysyncd result = func(*args,**kwargs)
22:01:00 ipa-dnskeysyncd INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
22:01:01 systemd ipa-dnskeysyncd.service: main process exited, code=exited, status=1/FAILURE
22:01:01 systemd Unit ipa-dnskeysyncd.service entered failed state.
22:01:01 systemd ipa-dnskeysyncd.service failed.
But I also had to fall back to simple authentication of bind with
arg "auth_method simple";
arg "bind_dn uid=admin,cn=users,cn=accounts,dc=example.com";
arg "password my_password";
in /etc/named.conf due to:
21:12:19 LDAP error: Invalid credentials: bind to LDAP server failed
trying to start bind via systemctl start ipa.
Seems like something's gotten fouled up during that upgrade.
Any ideas?
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161216/add6354e/attachment.sig>
More information about the Freeipa-users
mailing list