<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Great!<br>
<br>
additional comments inline<br>
<br>
Martin<br>
<br>
On 07/04/15 13:56, Sanju A wrote:<br>
</div>
<blockquote
cite="mid:OF5691E827.BEF5D36B-ON65257E20.0040DDE5-65257E20.0041950F@tcs.com"
type="cite"><font face="sans-serif" size="2">Dear Martin,</font>
<br>
<br>
<font face="sans-serif" size="2">Thanks for your help and the
replication
issue got resolved after syncing the time. But I am not able to
login to
the replica server web ui. Keep on getting "Your session has
expired.
Please re-login.". Please find the logs.</font>
<br>
<br>
</blockquote>
Does CLI command works on the server?<br>
What do you use, form based authentication or kerberos to login to
webUI?<br>
Did you try to clean browser cache (or kdestroy)?<br>
You can find something useful in this thread,
<a class="moz-txt-link-freetext" href="https://www.redhat.com/archives/freeipa-users/2015-April/msg00047.html">https://www.redhat.com/archives/freeipa-users/2015-April/msg00047.html</a><br>
<blockquote
cite="mid:OF5691E827.BEF5D36B-ON65257E20.0040DDE5-65257E20.0041950F@tcs.com"
type="cite">
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:49 +051800]
csngen_new_csn
- Warning: too much time skew (-20287 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:49 +051800]
csngen_new_csn
- Warning: too much time skew (-20288 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20288 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20289 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20290 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20291 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20292 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20293 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20294 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20295 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:50 +051800]
csngen_new_csn
- Warning: too much time skew (-20296 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:51 +051800]
csngen_new_csn
- Warning: too much time skew (-20296 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:51 +051800]
csngen_new_csn
- Warning: too much time skew (-20297 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:51 +051800]
csngen_new_csn
- Warning: too much time skew (-20298 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:51 +051800]
csngen_new_csn
- Warning: too much time skew (-20299 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:52 +051800]
csngen_new_csn
- Warning: too much time skew (-20299 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:52 +051800]
csngen_new_csn
- Warning: too much time skew (-20300 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:52 +051800]
csngen_new_csn
- Warning: too much time skew (-20301 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:52 +051800]
csngen_new_csn
- Warning: too much time skew (-20302 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:54 +051800]
csngen_new_csn
- Warning: too much time skew (-20301 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:54 +051800]
csngen_new_csn
- Warning: too much time skew (-20302 secs). Current seqnum=1</font>
<br>
<font face="sans-serif" size="2">[07/Apr/2015:17:24:54 +051800]
csngen_new_csn
- Warning: too much time skew (-20303 secs). Current seqnum=1</font>
<br>
</blockquote>
From which log is this?<br>
<blockquote
cite="mid:OF5691E827.BEF5D36B-ON65257E20.0040DDE5-65257E20.0041950F@tcs.com"
type="cite"><font face="sans-serif" size="2"><br>
<br>
Regards<br>
Sanju Abraham<br>
Linux Admin<br>
</font>
<br>
<br>
<br>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">From:
</font><font face="sans-serif" size="1">Martin Basti
<a class="moz-txt-link-rfc2396E" href="mailto:mbasti@redhat.com"><mbasti@redhat.com></a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">To:
</font><font face="sans-serif" size="1">Sanju A
<a class="moz-txt-link-rfc2396E" href="mailto:sanju.a@tcs.com"><sanju.a@tcs.com></a>,
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Date:
</font><font face="sans-serif" size="1">07-04-2015 16:53</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Subject:
</font><font face="sans-serif" size="1">Re: [Freeipa-users]
Replication failed</font>
<br>
<hr noshade="noshade">
<br>
<br>
<br>
<font size="3">On 07/04/15 13:13, Sanju A wrote:</font>
<br>
<font face="sans-serif" size="2">Dear All,</font><font size="3"> <br>
</font><font face="sans-serif" size="2"><br>
Replication was working fine for the last 1 month and recently
the replica
server (ipa2) is having some hardware issue and it was down for
a week.
<br>
Replication is not working once the machine is up. Please help.</font><font
size="3">
<br>
<br>
</font><font face="sans-serif" size="2"><br>
[root@ipa etc]# service dirsrv status</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
dirsrv PKI-IPA (pid 29954) is running...</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
dirsrv DOMAIN-COM (pid 30023) is running...</font><font size="3">
<br>
<br>
</font><font face="sans-serif" size="2"><br>
[root@ipa2 ~]# service dirsrv status</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
dirsrv DOMAIN-COM (pid 1892) is running...</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[root@ipa2 ~]#</font><font size="3"> <br>
<br>
<br>
</font><font face="sans-serif" size="2"><br>
[root@ipa etc]# tail -f
/var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors</font><font
size="3">
<br>
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c,
line 235]: Missing entry to modify.</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
[07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c,
line 235]: Missing entry to modify.</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
[07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
^C</font><font size="3"> <br>
<br>
</font><font face="sans-serif" size="2"><br>
[root@ipa2 ~]# tail -f
/var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors</font><font
size="3">
<br>
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind
- Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP
error
49 (Invalid credentials) (SASL(-13): authentication failure:
GSSAPI Failure:
gss_accept_sec_context) errno 0 (Success)</font><font size="3">
</font><font face="sans-serif" size="2"><br>
[07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could
not perform
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)</font><font size="3">
<br>
<br>
</font><font face="sans-serif" size="2"><br>
<br>
<br>
Regards<br>
Sanju Abraham<br>
Linux Admin</font>
<p><font size="3">=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</font>
</p>
<p><font size="3"><br>
</font>
<br>
<font size="3">Hello,<br>
<br>
do you have synchronized time on both servers?<br>
<br>
<br>
Martin<br>
</font>
<br>
<tt><font size="3">-- <br>
Martin Basti</font></tt>
<br>
</p>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>