On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
On 19-10-17 15:07, Alexander Bokovoy wrote:
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
[18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin - agmt="cn=meTolinge.ghs.nl" 
(linge:389): Replication bind with GSSAPI auth resumed

Again, I would really appreciate if someone could hint how to debug this.
For example, what commands can I use to check the connection (in both 
My understanding is that if you get the last message ("Replication bind
with GSSAPI auth resumed"), you don't need to worry about the ones
above. An intermittent issue of expired ticket is OK, SASL GSSAPI
mechanism in CyrusSASL will reacquire credentials again after few
attempts. Technically these could be multiple times depending on how
many threads are utilizing the same creds at the same time.

Thanks Alexander,
I'll let it run for a couple of days then and see how often this pops up.

I've checked the tickets as follows (from the Troubleshooting page [1]), and it 
there nothing wrong with them.
# kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname --fqdn`
# klist
# ldapsearch -Y GSSAPI -h linge.ghs.nl -b "" -s base
# ldapsearch -Y GSSAPI -h rotte.ghs.nl -b "" -s base

The only noteworthy difference is this:
@@ -74,12 +75,12 @@
 supportedLDAPVersion: 3
 vendorName: 389 Project
 vendorVersion: 389-Directory/ B2016.109.158
-dataversion: 020171016093621020171016093621
-netscapemdsuffix: cn=ldap://dc=linge,dc=ghs,dc=nl:389
-lastusn: 174571
+dataversion: 020171011071705020171011071705020171011071705
+netscapemdsuffix: cn=ldap://dc=rotte,dc=ghs,dc=nl:389
+lastusn: 8107596
 changeLog: cn=changelog
-firstchangenumber: 25375
-lastchangenumber: 35897
+firstchangenumber: 2505058
+lastchangenumber: 2518477
 ipatopologypluginversion: 1.0
 ipatopologyismanaged: on
 ipaDomainLevel: 1
The difference above is expected. In short, I don't see any serious

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to