On 18-10-17 22:57, Robbie Harwood wrote:
> Kees Bakker writes:
>
>> Since I've setup a replica it gives errors like these:
>>
>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could 
>> not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
>> error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
>> Minor code may provide more information (Ticket expired)) errno 2 (No such 
>> file or directory)
> Well, is the ticket expired?

Maybe. The message suggests it is. Which ticket is this, and how do I check the 
expiration?

>   Does the ticket even exist?

I would assume so. The replica seems to be working correctly, besides the
mentioned  error messages.

>   And are the
> machine clocks synced?

Yes they are.

>
>> Perhaps the following is valuable information, perhaps not. The
>> installation failed at first due to a timeout problem. I've changed
>> the Python to increase the time, and after that the replica
>> installation succeeded. I'm able to connect to it (LDAP and web UI),
>> and new information entered in the master was replicated correctly.
>> But now I see some clients having Kerberos ticket problems, most
>> likely because they use the replica, which is not valid anymore.
>>
>> Should I abandon the replica and reinstall it, and if so, how should I
>> do that (safely)?
> If the replica is not able to bind correctly: yes, it needs to be
> abandoned or fixed (someone else who knows should say more in this
> area).
>
> Thanks,
> --Robbie

Like mentioned above, it seems to function alright. It's just that
error message that worries me.
-- 
Kees Bakker
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to