On 19-10-17 10:03, Kees Bakker via FreeIPA-users wrote: > On 18-10-17 22:57, Robbie Harwood wrote: >> Kees Bakker writes: >> >>> Since I've setup a replica it gives errors like these: >>> >>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: >>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 >>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS >>> failure. Minor code may provide more information (Ticket expired)) errno 2 >>> (No such file or directory) >> Well, is the ticket expired? > Maybe. The message suggests it is. Which ticket is this, and how do I check > the expiration? > >> Does the ticket even exist? > I would assume so. The replica seems to be working correctly, besides the > mentioned error messages. > >> And are the >> machine clocks synced? > Yes they are. > >>> Perhaps the following is valuable information, perhaps not. The >>> installation failed at first due to a timeout problem. I've changed >>> the Python to increase the time, and after that the replica >>> installation succeeded. I'm able to connect to it (LDAP and web UI), >>> and new information entered in the master was replicated correctly. >>> But now I see some clients having Kerberos ticket problems, most >>> likely because they use the replica, which is not valid anymore. >>> >>> Should I abandon the replica and reinstall it, and if so, how should I >>> do that (safely)? >> If the replica is not able to bind correctly: yes, it needs to be >> abandoned or fixed (someone else who knows should say more in this >> area). >> >> Thanks, >> --Robbie > Like mentioned above, it seems to function alright. It's just that > error message that worries me.
Now on the first master (rotte) there are similar error message too, but the other way around. [18/Oct/2017:11:23:41 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: The referenced context has expired (Success)) errno 0 (Success) [18/Oct/2017:11:23:41 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [18/Oct/2017:11:23:41 +0200] NSMMReplicationPlugin - agmt="cn=meTolinge.ghs.nl" (linge:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: The referenced context has expired (Success)) [18/Oct/2017:11:23:45 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:23:45 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:23:45 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [18/Oct/2017:11:23:51 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:23:51 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:23:51 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [18/Oct/2017:11:24:03 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:24:03 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [18/Oct/2017:11:24:03 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin - agmt="cn=meTolinge.ghs.nl" (linge:389): Replication bind with GSSAPI auth resumed Again, I would really appreciate if someone could hint how to debug this. For example, what commands can I use to check the connection (in both directions)? -- Kees Bakker _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
