On 01/30/2013 03:16 PM, Patrick Hemmer wrote: > On 2013/30/01 03:33, Martin Kosek wrote: >> On 01/30/2013 02:05 AM, [email protected] wrote: >>> On 01/29/2013 07:49 PM, Dmitri Pal wrote: >>>> On 01/29/2013 07:26 PM, [email protected] wrote: >>>>> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using >>>>> the >>>>> `ipa-replica-install` script to configure the replica server, the service >>>>> will not start. Whenever I try it throws "SASL(-4): no mechanism >>>>> available" >>>>> during start. >>>>> >>>>> Any ideas? >>>>> >>>>> Full output: >>>>> >>>>> # /etc/init.d/ipa start >>>>> Starting Directory Service >>>>> Starting dirsrv: >>>>> CLIFF-CLOUDBURRITO-COM... [ OK ] >>>>> PKI-IPA... [ OK ] >>>>> Failed to read data from Directory Service: Unknown error when retrieving >>>>> list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ', >>>>> 'desc': 'Unknown authentication method'} >>>>> Shutting down >>>>> Shutting down dirsrv: >>>>> CLIFF-CLOUDBURRITO-COM... [ OK ] >>>>> PKI-IPA... [ OK ] >>>> Sounds like DS did not start under the CA. Please check the DS logs in the >>>> PKI instance. >>> ns-slapd appears to be starting fine. I can even start it manually, but >>> `ipactl >>> status` still shows the error: >>> Below is the result of me starting it manually (directly running ns-slapd): >>> >>> # ps ax|grep slapd >>> 15540 ? Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA >>> -i >>> /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid >>> 15586 ? Sl 0:00 /usr/sbin/ns-slapd -D >>> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i >>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w >>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid >>> # netstat -tpnl | grep slapd >>> tcp 0 0 :::636 :::* >>> LISTEN 15586/ns-slapd >>> tcp 0 0 :::7389 :::* >>> LISTEN 15540/ns-slapd >>> tcp 0 0 :::7390 :::* >>> LISTEN 15540/ns-slapd >>> tcp 0 0 :::389 :::* >>> LISTEN 15586/ns-slapd >>> # ipactl status >>> Directory Service: RUNNING >>> Unknown error when retrieving list of services from LDAP: {'info': >>> 'SASL(-4): >>> no mechanism available: ', 'desc': 'Unknown authentication method'} >>> >> >> Hello, >> >> OK, it seems that ipactl could not bind to your Directory Server. This script >> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to >> connect to Directory Server via EXTERNAL auth. >> >> You can verify yourself if that bind works or not with the following >> ldapsearch >> (just replace $LDAP_URI_VALUE with your setting): >> >> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b >> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com" >> >> I assume it will report the same error as ipactl. We need to verify that the >> referred LDAP URI is indeed right and functional. >> >> Martin > > The system had no /etc/ipa/default.conf > I copied the one from the master server, changed the `host=` and > `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl > status`, along with everything else, is working perfectly. > Should that file have been created during the `ipa-replica-install` > process? I don't see anything in the documentation about having to copy > and edit it manually. > > Thanks > > -Patrick >
Yeah, this should have been created during ipa-replica-install. Can you please check /var/log/ipareplica-install.log and check if ipa-client-install (which is run as part of ipa-replica-install) succeeded? I have a suspicion you hit a bug I was fixing recently. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
