Digging further, I think this log entry might be the problem between the
two servers that aren't talking:
slapd_ldap_sasl_interactive_bind - Error: could not perform interactive
bind for id mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (Server ldap/localh...@spx.net not found in Kerberos database))
errno 2 (No such file or directory)
Did I build something incorrectly when that server was set up originally?
On Mon, Aug 19, 2013 at 12:02 PM, Bret Wortman <bret.wort...@damascusgrp.com
> I ran it on a good master, against a bad one. As in, I ran this command on
> my master IPA node:
> # ipa-replica-manage del --force bad1.foo.net --cleanup
> Was that wrong? I was trying to delete the bad replica from the master, so
> I figured the command needed to be run on the master. But again, my master
> is now in a state where it's not resolving DNS, user logins, or sudo at the
> very least.
> Oh, and I checked the node that it was complaining about earlier. The
> network connection to it is the pits, but it's there. And it resolves.
> *Bret Wortman*
> On Mon, Aug 19, 2013 at 11:58 AM, Rob Crittenden <rcrit...@redhat.com>wrote:
>> Rob Crittenden wrote:
>>> Bret Wortman wrote:
>>>> Well, my master ground to a halt and wasn't responding. I rebooted the
>>>> system and now I can't access the web UI or ssh to the master either. I
>>>> have console access but that's it.
>>>> The services all say they're running, but the web UI gives an "Unknown
>>>> Error" dialog and ssh fails with "ssh_exchange_identification:
>>>> Connection closed by remote host" whenever I try to ssh to ipamaster. I
>>>> think something has gone really wrong inside my master. Any ideas? Even
>>>> after the reboot, --cleanup isn't helping and just hangs.
>>>> The logfiles end (as of the time I ^C'd the process) with:
>>>> NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net
>>>> <http://meTogood3.spx.net>" (good3:389): Replication bind with GSSAPI
>>>> auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
>>>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>>>> information (Cannot determine realm for numeric host address))
>>>> NSMMReplicationPlugin - CleanAllRUV Task: Replica not online
>>>> (agmt="cn=meTogood3.foo.net <http://meTogood3.foo.net>" (good3:389))
>>>> NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online,
>>>> retrying in 160 seconds...,
>>>> So it looks like it's having trouble talking with one of my replicas and
>>>> is doggedly trying to get the job done. Any idea how to get the master
>>>> back working again while I troubleshoot this connectivity issue?
>>> That suggests a DNS problem, and it might explain ssh as well depending
>>> on your configuration.
>> To be clear, you ran --cleanup against one of the bad masters, not a good
>> one, right?
Freeipa-users mailing list