On 02/07/2015 02:22 AM, Bryan Pearson wrote:
Okay, sorry for the messages. The original issue has been resolved, one of the servers time was off.

I am now having a problem similar to this: https://bugzilla.redhat.com/show_bug.cgi?id=953653. My logs indicate all the same issues. With IPA 3.0.0 and Centos 6.6 is this still a viable solution to the problem?
Please start a new thread for a different question.
It seems that we were not able to reproduce it so it might be that the issue still there.
One of the problems can be the mismatch of the buffer sizes. See the bug.


On Sat, Feb 7, 2015 at 12:17 AM, Bryan Pearson <bwp.pear...@gmail.com <mailto:bwp.pear...@gmail.com>> wrote:

    I did a bit more digging into the issue, and realized that the
    ruv-id of ipa2 is different on only one of the servers of the 3. I
    am imaging I will need to run clean-ruv on inconsistent node.


    On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson
    <bwp.pear...@gmail.com <mailto:bwp.pear...@gmail.com>> wrote:


        My IPA servers are currently saying:

        "Failed to get data from 'hostname.lan': Invalid credentials
        SASL(-13): authentication failure: GSSAPI Failure:

        tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors

        [06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind
        - Error: could not perform interactive bind for id [] mech
        [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13):
        authentication failure: GSSAPI Failure:
        gss_accept_sec_context) errno 0 (Success)
        [06/Feb/2015:21:42:41 -0500] slapi_ldap_bind - Error: could
        not perform interactive bind for id [] mech [GSSAPI]: error 49
        (Invalid credentials)

        We have 3 master replicas in operation. ipa2, ipa3, ipa4 and
        ipa1 we are decommissioning. After losing the CA on 2 nodes,
        we promoted ipa3 to master, and created a replica file, scped
        it to ipa4, installed it, and on ipa4 created ipa2. Because of
        design, 3 and 2 cant communicate with each other.

        I just stopped dirsrv and pki-ca on ipa1, so its possible it
        is creating issues.

        I cant determine where the credentials or how to get them
        changed as all the nodes are now having similar issues


Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to