FOUND something strange that server 1 replicate to itself rather than
server2

Server1 access log > Wrong
[04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from
192.168.15.89( server1 )  to 192.168.15.89 (server1)


Server 2 access log > OK
[04/Jul/2014:12:35:30 +0800] conn=936208 fd=74 slot=74 connection from
192.168.15.89(server2) to 192.168.15.88 (server2)


2014-07-04 9:25 GMT+08:00 <barry...@gmail.com>:

> Just sure now one side flow is broken, if u update server1 , it 100% work
> server2 will upgrade.
> but if u update server2 there is chance non-syn e.g it create username  in
> server1 with posfix grp >ok
> but in server2 it only created posfix grp but no username /attribute it
> occur serveral times. I have to use command line grp del ...etc. to force
> del them and recreate them.,.
>
> Result below:
>
> server2.abc.com: replica
>   last init status: None
>   last init ended: None
>   last update status: 0 Replica acquired successfully: Incremental update
> succeeded
>   last update ended: 2014-07-04 00:33:18+00:00
>
> Directory Manager password:
>
> server1.abc.com: replica
>   last init status: 0 Total update succeeded
>   last init ended: 2014-06-20 10:07:02+00:00
>   last update status: 0 Replica acquired successfully: Incremental update
> succeeded
>   last update ended: 2014-07-04 01:14:19+00:00
>
>
>
> [root@(LIVE)server2 ~]$  ipactl status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> MEMCACHE Service: RUNNING
> HTTP Service: RUNNING
>
>
> 2014-07-04 1:34 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>:
>
> barry...@gmail.com wrote:
>> > Yes they are running. Server 1 can syn to server2 but error at server 2
>> > like this.
>>
>> How do you know server 1 is syncing with server 2?
>>
>> On server 1 I'd run:
>>
>> ipa-replica-manage list -v `hostname`
>>
>> This will show the replication status.
>>
>> And what does ipactl status show on server 2?
>>
>> rob
>>
>> >
>> > 2014/7/3 下午10:14 於 "Rob Crittenden" <rcrit...@redhat.com
>> > <mailto:rcrit...@redhat.com>> 寫道:
>> >
>> >     Please keep relies on the list.
>> >
>> >     barry...@gmail.com <mailto:barry...@gmail.com> wrote:
>> >     > I saw the error beloe and errpr log is it related ?
>> >     >
>> >     > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind -
>> Error:
>> >     > could not perform interactive bind for id [] mech [GSSAPI]: LDAP
>> error
>> >     > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error:
>> Unspecified
>> >     > GSS failure.  Minor code may provide more information (Credentials
>> >     cache
>> >     > file '/tmp/krb5cc_492' not found)) errno 0 (Success)
>> >     > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not
>> >     perform
>> >     > interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> >
>> >     I believe this is fairly normal on a new startup. It has to start
>> >     somewhere. The expired ticket errors below are unexpected since
>> there
>> >     are so many of them. Is your KDC running?
>> >
>> >     ipactl status
>> >
>> >     rob
>> >
>> >     >
>> >     >
>> >     > 2014-07-02 14:15 GMT+08:00 <barry...@gmail.com
>> >     <mailto:barry...@gmail.com> <mailto:barry...@gmail.com
>> >     <mailto:barry...@gmail.com>>>:
>> >     >
>> >     >
>> >     >     this is the error log i found at 2.abc.com <http://2.abc.com>
>> >     <http://2.abc.com>
>> >     >
>> >     >     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could
>> not
>> >     >     perform interactive bind for id [] mech [GSSAPI]: error -2
>> >     (Local error)
>> >     >     [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin -
>> >     >     agmt="cn=meTo1.abc.com <http://meTo1.abc.com>
>> >     <http://meTo1.abc.com>" (central:389):
>> >     >     Replication bind with GSSAPI auth failed: LDAP error -2 (Local
>> >     >     error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS
>> >     >     failure.  Minor code may provide more information (Ticket
>> >     expired))
>> >     >     [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could
>> not
>> >     >     perform interactive bind for id [] mech [GSSAPI]: error -2
>> >     (Local error)
>> >     >     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind
>> -
>> >     >     Error: could not perform interactive bind for id [] mech
>> [GSSAPI]:
>> >     >     LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
>> >     >     Error: Unspecified GSS failure.  Minor code may provide more
>> >     >     information (Ticket expired)) errno 0 (Success)
>> >     >     [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could
>> not
>> >     >     perform interactive bind for id [] mech [GSSAPI]: error -2
>> >     (Local error)
>> >     >
>> >     >
>> >     >     2014-07-02 12:32 GMT+08:00 <barry...@gmail.com
>> >     <mailto:barry...@gmail.com>
>> >     >     <mailto:barry...@gmail.com <mailto:barry...@gmail.com>>>:
>> >     >
>> >     >         yes on node 1 it is happening only node2 fail connect
>> >     >
>> >     >         ipa-replica-manage list 2.abc.com <http://2.abc.com>
>> >     <http://2.abc.com>
>> >     >         Directory Manager password:
>> >     >
>> >     >         1.abc.com <http://1.abc.com> <http://1.abc.com>: replica
>> >     >
>> >     >
>> >     >
>> >     >         2014-06-30 20:59 GMT+08:00 Rob Crittenden
>> >     <rcrit...@redhat.com <mailto:rcrit...@redhat.com>
>> >     >         <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com
>> >>>:
>> >     >
>> >     >             Barry wrote:
>> >     >             > Hi:
>> >     >             >
>> >     >             > Server 1 and Sever 2 is cluster master master
>> >     orginally ,
>> >     >             but server 2
>> >     >             > fail to connect server1 ,.
>> >     >             >
>> >     >             > ipa-replica-manage list shown Can't contact LDAP
>> server
>> >     >             >
>> >     >             > But as server1 it is ok  master server1 master
>> server2 ,
>> >     >             >
>> >     >             > It seem affect if update on server 1 then it syn to
>> >     >             server2 no problem
>> >     >             > but sometimes if modfy in server2 if fail to update
>> >     server1.
>> >     >             >
>> >     >             > Any idea to rebuild mutual relationship.?
>> >     >
>> >     >             The first step is to diagnose what is wrong. I've
>> already
>> >     >             suggested a
>> >     >             few things,
>> >     >
>> >
>> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html
>> >     >
>> >     >             rob
>> >     >
>> >     >             --
>> >     >             Manage your subscription for the Freeipa-users mailing
>> >     list:
>> >     >             https://www.redhat.com/mailman/listinfo/freeipa-users
>> >     >             Go To http://freeipa.org for more info on the project
>> >     >
>> >     >
>> >     >
>> >     >
>> >
>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to