Traiano Welcome wrote: > Hi Dmitri > > This is a freshly generated DS log (sanitized: XYZ = realm): > > > 389-Directory/1.3.1.6 B2014.160.2139 > lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL) > > [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting > up > [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no > entries set up under cn=computers, cn=compat,dc=xyz,dc=local > [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password > Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which > should be added before the CoS Definition. > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > cleanAllRUV task found, resuming the cleaning of rid(6)... > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send > startTLS request: error -1 (Can't contact LDAP server) errno 0 > (Success) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat" > (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP > error -1 (Can't contact LDAP server) () > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password > Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which > should be added before the CoS Definition. > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) errno 2 (No such file or directory) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -2 (Local error) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololard-xyz-slve.xyz.local" (lolard-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (No Kerberos credentials > available)) > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -1 (Can't contact LDAP server) ((null)) errno 0 (Success) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -1 (Can't contact LDAP server) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololospr-xyz-slve.xyz.local" (lolospr-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact > LDAP server) () > [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636 > for LDAPS requests > [01/Apr/2015:15:19:02 +0300] - Listening on > /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) errno 0 (Success) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -2 (Local error) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololpr-xyz-slve.xyz.local" (lolpr-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (No Kerberos credentials > available)) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) errno 0 (Success) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -2 (Local error) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meToukpr-xyz-slve.xyz.local" (ukpr-xyz-slve:389): Replication > bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): > generic failure: GSSAPI Error: Unspecified GSS failure. Minor code > may provide more information (No Kerberos credentials available)) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) > [01/Apr/2015:15:19:04 +0300] - slapd shutting down - signaling operation > threads > [01/Apr/2015:15:19:04 +0300] - slapd shutting down - closing down > internal subsystems and plugins > [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > Cleaning rid (6)... > [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > Waiting to process all the updates from the deleted replica... > [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > Waiting for all the replicas to be online... > [01/Apr/2015:15:19:05 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > Server shutting down. Process will resume at server startup > [01/Apr/2015:15:19:05 +0300] - Waiting for 4 database threads to stop > [01/Apr/2015:15:19:05 +0300] - All database threads now stopped > [01/Apr/2015:15:19:05 +0300] - slapd stopped.
At least some of this noise is expected. When 389-ds starts it has no ccache, logs about it, then goes about getting one. At the same time replication agreements are starting and if the credentials haven't been obtained yet, those fail as well. It all (usually) ends up syncing back up within a few seconds. Do you hae an entry for this machine in /etc/hosts? If so, is the FQDN first? If not it should be. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
