...and I got the web UI, authentication and sudo back via: # ipactl stop # ipactl start
Not sure why that worked, but it did. I was grasping at straws, honestly. * * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Mon, Aug 19, 2013 at 12:18 PM, Bret Wortman <bret.wort...@damascusgrp.com > wrote: > Digging further, I think this log entry might be the problem between the > two servers that aren't talking: > > slapd_ldap_sasl_interactive_bind - Error: could not perform interactive > bind for id[] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic > failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more > information (Server ldap/localh...@spx.net not found in Kerberos > database)) errno 2 (No such file or directory) > > Did I build something incorrectly when that server was set up originally? > > > > * > * > *Bret Wortman* > > http://damascusgrp.com/ > http://about.me/wortmanbret > > > On Mon, Aug 19, 2013 at 12:02 PM, Bret Wortman < > bret.wort...@damascusgrp.com> wrote: > >> I ran it on a good master, against a bad one. As in, I ran this command >> on my master IPA node: >> >> # ipa-replica-manage del --force bad1.foo.net --cleanup >> >> Was that wrong? I was trying to delete the bad replica from the master, >> so I figured the command needed to be run on the master. But again, my >> master is now in a state where it's not resolving DNS, user logins, or sudo >> at the very least. >> >> Oh, and I checked the node that it was complaining about earlier. The >> network connection to it is the pits, but it's there. And it resolves. >> >> >> * >> * >> *Bret Wortman* >> >> http://damascusgrp.com/ >> http://about.me/wortmanbret >> >> >> On Mon, Aug 19, 2013 at 11:58 AM, Rob Crittenden <rcrit...@redhat.com>wrote: >> >>> Rob Crittenden wrote: >>> >>>> Bret Wortman wrote: >>>> >>>>> Well, my master ground to a halt and wasn't responding. I rebooted the >>>>> system and now I can't access the web UI or ssh to the master either. I >>>>> have console access but that's it. >>>>> >>>>> The services all say they're running, but the web UI gives an "Unknown >>>>> Error" dialog and ssh fails with "ssh_exchange_identification: >>>>> Connection closed by remote host" whenever I try to ssh to ipamaster. I >>>>> think something has gone really wrong inside my master. Any ideas? Even >>>>> after the reboot, --cleanup isn't helping and just hangs. >>>>> >>>>> The logfiles end (as of the time I ^C'd the process) with: >>>>> >>>>> NSMMReplicationPlugin - agmt="cn=meTogood3.spx.net >>>>> <http://meTogood3.spx.net>" (good3:389): Replication bind with GSSAPI >>>>> auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: >>>>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more >>>>> information (Cannot determine realm for numeric host address)) >>>>> NSMMReplicationPlugin - CleanAllRUV Task: Replica not online >>>>> (agmt="cn=meTogood3.foo.net <http://meTogood3.foo.net>" (good3:389)) >>>>> NSMMReplicationPlugin - CleanAllRUV Task: Not all replicas online, >>>>> retrying in 160 seconds..., >>>>> >>>>> So it looks like it's having trouble talking with one of my replicas >>>>> and >>>>> is doggedly trying to get the job done. Any idea how to get the master >>>>> back working again while I troubleshoot this connectivity issue? >>>>> >>>> >>>> That suggests a DNS problem, and it might explain ssh as well depending >>>> on your configuration. >>>> >>> >>> To be clear, you ran --cleanup against one of the bad masters, not a >>> good one, right? >>> >>> rob >>> >>> >> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users