Kees Bakker writes: > Since I've setup a replica it gives errors like these: > > [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could > not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local > error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (Ticket expired)) errno 2 (No such > file or directory)
Well, is the ticket expired? Does the ticket even exist? And are the machine clocks synced? > Perhaps the following is valuable information, perhaps not. The > installation failed at first due to a timeout problem. I've changed > the Python to increase the time, and after that the replica > installation succeeded. I'm able to connect to it (LDAP and web UI), > and new information entered in the master was replicated correctly. > But now I see some clients having Kerberos ticket problems, most > likely because they use the replica, which is not valid anymore. > > Should I abandon the replica and reinstall it, and if so, how should I > do that (safely)? If the replica is not able to bind correctly: yes, it needs to be abandoned or fixed (someone else who knows should say more in this area). Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org