I did a bit more digging into the issue, and realized that the ruv-id of
ipa2 is different on only one of the servers of the 3. I am imaging I will
need to run clean-ruv on inconsistent node.

Bryan

On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson <bwp.pear...@gmail.com>
wrote:

> Hello,
>
> My IPA servers are currently saying:
>
> "Failed to get data from 'hostname.lan': Invalid credentials SASL(-13):
> authentication failure: GSSAPI Failure: gss_accept_sec_context"
>
> tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors
>
> [06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49
> (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure:
> gss_accept_sec_context) errno 0 (Success)
> [06/Feb/2015:21:42:41 -0500] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials)
>
> We have 3 master replicas in operation. ipa2, ipa3, ipa4 and ipa1 we are
> decommissioning. After losing the CA on 2 nodes, we promoted ipa3 to
> master, and created a replica file, scped it to ipa4, installed it, and on
> ipa4 created ipa2. Because of design, 3 and 2 cant communicate with each
> other.
>
> I just stopped dirsrv and pki-ca on ipa1, so its possible it is creating
> issues.
>
> I cant determine where the credentials or how to get them changed as all
> the nodes are now having similar issues replicating.
>
> Bryan
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to