Dear Martin,

Thanks for your help and the replication issue got resolved after syncing 
the time. But I am not able to login to the replica server web ui. Keep on 
getting "Your session has expired. Please re-login.". Please find the 
logs.


[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time 
skew (-20287 secs). Current seqnum=1
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time 
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20289 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20290 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20291 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20292 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20293 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20294 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20295 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time 
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
skew (-20297 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
skew (-20298 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time 
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
skew (-20300 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time 
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time 
skew (-20303 secs). Current seqnum=1


Regards
Sanju Abraham
Linux Admin




From:   Martin Basti <mba...@redhat.com>
To:     Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
Date:   07-04-2015 16:53
Subject:        Re: [Freeipa-users] Replication failed



On 07/04/15 13:13, Sanju A wrote:
Dear All, 

Replication was working fine for the last 1 month and recently the replica 
server (ipa2) is having some hardware issue and it was down for a week. 
Replication is not working once the machine is up. Please help. 


[root@ipa etc]# service dirsrv status 
dirsrv PKI-IPA (pid 29954) is running... 
dirsrv DOMAIN-COM (pid 30023) is running... 


[root@ipa2 ~]# service dirsrv status 
dirsrv DOMAIN-COM (pid 1892) is running... 
[root@ipa2 ~]# 



[root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors 

[07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file 
ipa_range_check.c, line 235]: Missing entry to modify. 
[07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file 
ipa_range_check.c, line 235]: Missing entry to modify. 
[07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
^C 


[root@ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors 

[07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 
[07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - Error: 
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 
(Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: 
gss_accept_sec_context) errno 0 (Success) 
[07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) 




Regards
Sanju Abraham
Linux Admin
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


Hello,

do you have synchronized time on both servers?


Martin

-- 
Martin Basti
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to