Oh yes, you are right.
Makes sense to me as dirsrv is trying to get a
kerberos ticket for replication but Kerberos can't read it's database from dirsrv yet, as dirsrv is still starting. I've read that in the rhel documentation. Feeling kind of dump but I guess I have never looked that critical in the logs to notice this messages.

Thanks for your answer, have a nice weekend.

- Dominik

Am 14.10.2015 um 15:42 schrieb Mark Reynolds:


On 10/14/2015 04:55 AM, Dominik Korittki wrote:
[11/Oct/2015:17:17:53 +0200] NSMMReplicationPlugin -
agmt="cn=meToipa01.internal" (ipa01:389): Replication bind with GSSAPI
auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure.  Minor code may provide more
information (No Kerberos credentials available))
[11/Oct/2015:17:17:56 +0200] NSMMReplicationPlugin -
agmt="cn=meToipa01.internal" (ipa01:389): *Replication bind with
GSSAPI auth resumed*
This last line implies that replication authentication finally did
succeed - so replication should be working.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to