[Freeipa-users] CentOS 7, FreeIPA 4.2: slapd crashes soon after launch
Rob Crittenden
rcritten at redhat.com
Thu Jun 16 19:54:34 UTC 2016
Dan.Finkelstein at high5games.com wrote:
> Our FreeIPA master was working fine for about a day and then, apropos of
> nothing, the LDAP component started to crash with nary an error message.
> Obviously, with it down we can log into the WebUI nor can we query the
> status of the components or retrieve data.
>
> In /var/log/dirsrv/slapd-EXAMPLE-COM/errors we see:
>
> [15/Jun/2016:18:50:28 -0400] NSMMReplicationPlugin -
> agmt="cn=meToipa-replica.example.com" (ipa-replica:389): Replication
> bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
> (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context)
>
> [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (No Kerberos
> credentials available)) errno 2 (No such file or directory)
>
> [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
> (Local error)
>
> [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (No Kerberos
> credentials available)) errno 0 (Success)
>
> [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
> (Local error)
>
> [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (No Kerberos
> credentials available)) errno 0 (Success)
>
> [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
> (Local error)
>
> [15/Jun/2016:18:50:30 -0400] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=h5c,dc=local
>
> [15/Jun/2016:18:50:30 -0400] schema-compat-plugin - Finished plugin
> initialization.
>
> [15/Jun/2016:18:50:34 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI
> Failure: gss_accept_sec_context) errno 0 (Success)
>
> [15/Jun/2016:18:50:34 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error 49
> (Invalid credentials)
>
> It appears not to have been replicating for at least a day with our 4
> other replicas, none of which have the data we'd entered into this master.
>
> Is there a way we can bring ldap back to life?
What makes you think it is crashed other than these messages?
What does `ipactl status` show?
rob
More information about the Freeipa-users
mailing list