Dear Martin, Thanks for your help and the replication issue got resolved after syncing the time. But I am not able to login to the replica server web ui. Keep on getting "Your session has expired. Please re-login.". Please find the logs.
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20287 secs). Current seqnum=1 [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20289 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20290 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20291 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20292 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20293 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20294 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20295 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20297 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20298 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20300 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20303 secs). Current seqnum=1 Regards Sanju Abraham Linux Admin From: Martin Basti <[email protected]> To: Sanju A <[email protected]>, [email protected] Date: 07-04-2015 16:53 Subject: Re: [Freeipa-users] Replication failed On 07/04/15 13:13, Sanju A wrote: Dear All, Replication was working fine for the last 1 month and recently the replica server (ipa2) is having some hardware issue and it was down for a week. Replication is not working once the machine is up. Please help. [root@ipa etc]# service dirsrv status dirsrv PKI-IPA (pid 29954) is running... dirsrv DOMAIN-COM (pid 30023) is running... [root@ipa2 ~]# service dirsrv status dirsrv DOMAIN-COM (pid 1892) is running... [root@ipa2 ~]# [root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) ^C [root@ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) Regards Sanju Abraham Linux Admin =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you Hello, do you have synchronized time on both servers? Martin -- Martin Basti
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
