Our FreeIPA master was working fine for about a day and then, apropos of nothing, the LDAP component started to crash with nary an error message. Obviously, with it down we can log into the WebUI nor can we query the status of the components or retrieve data.
In /var/log/dirsrv/slapd-EXAMPLE-COM/errors we see: [15/Jun/2016:18:50:28 -0400] NSMMReplicationPlugin - agmt="cn=meToipa-replica.example.com" (ipa-replica:389): Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 2 (No such file or directory) [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [15/Jun/2016:18:50:30 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=h5c,dc=local [15/Jun/2016:18:50:30 -0400] schema-compat-plugin - Finished plugin initialization. [15/Jun/2016:18:50:34 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [15/Jun/2016:18:50:34 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error 49 (Invalid credentials) It appears not to have been replicating for at least a day with our 4 other replicas, none of which have the data we'd entered into this master. Is there a way we can bring ldap back to life? Thanks, Dan [cid:image001.jpg@01D1C73A.4309EE90]<http://www.high5games.com/> Daniel Alex Finkelstein| Lead Dev Ops Engineer dan.finkelst...@h5g.com<mailto:dan.finkelst...@h5g.com> | 212.604.3447 One World Trade Center, New York, NY 10007 www.high5games.com<http://www.high5games.com/> Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/> Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah> This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project