On 18-10-17 22:57, Robbie Harwood wrote:
> Kees Bakker writes:
>> Since I've setup a replica it gives errors like these:
>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could
>> not perform interactive bind for id  mech [GSSAPI]: LDAP error -2 (Local
>> error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (Ticket expired)) errno 2 (No such
>> file or directory)
> Well, is the ticket expired?
Maybe. The message suggests it is. Which ticket is this, and how do I check the
> Does the ticket even exist?
I would assume so. The replica seems to be working correctly, besides the
mentioned error messages.
> And are the
> machine clocks synced?
Yes they are.
>> Perhaps the following is valuable information, perhaps not. The
>> installation failed at first due to a timeout problem. I've changed
>> the Python to increase the time, and after that the replica
>> installation succeeded. I'm able to connect to it (LDAP and web UI),
>> and new information entered in the master was replicated correctly.
>> But now I see some clients having Kerberos ticket problems, most
>> likely because they use the replica, which is not valid anymore.
>> Should I abandon the replica and reinstall it, and if so, how should I
>> do that (safely)?
> If the replica is not able to bind correctly: yes, it needs to be
> abandoned or fixed (someone else who knows should say more in this
Like mentioned above, it seems to function alright. It's just that
error message that worries me.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org