Kees Bakker writes:

> Since I've setup a replica it gives errors like these:
> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could 
> not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
> error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
> Minor code may provide more information (Ticket expired)) errno 2 (No such 
> file or directory)

Well, is the ticket expired?  Does the ticket even exist?  And are the
machine clocks synced?

> Perhaps the following is valuable information, perhaps not. The
> installation failed at first due to a timeout problem. I've changed
> the Python to increase the time, and after that the replica
> installation succeeded. I'm able to connect to it (LDAP and web UI),
> and new information entered in the master was replicated correctly.
> But now I see some clients having Kerberos ticket problems, most
> likely because they use the replica, which is not valid anymore.
> Should I abandon the replica and reinstall it, and if so, how should I
> do that (safely)?

If the replica is not able to bind correctly: yes, it needs to be
abandoned or fixed (someone else who knows should say more in this


Attachment: signature.asc
Description: PGP signature

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to