You mean the /var/log/dirsrv/<server>/error right? Clean except for when I do ipa backup, which actually doesn't look like tis errors, but more info..
However, sometimes, at 0:20 I have: [07/Jul/2016:00:15:41 +0200] NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 4,dc=casalogic,dc=lan> already exists [07/Jul/2016:00:24:45 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:45 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:45 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [07/Jul/2016:00:24:45 +0200] NSMMReplicationPlugin - agmt="cn=meTokoda.casalogic.lan" (koda:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) [07/Jul/2016:00:24:48 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:48 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:48 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [07/Jul/2016:00:24:54 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:54 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)) errno 2 (No such file or directory) [07/Jul/2016:00:24:54 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [07/Jul/2016:00:25:06 +0200] NSMMReplicationPlugin - agmt="cn=meTokoda.casalogic.lan" (koda:389): Replication bind with GSSAPI auth resumed [07/Jul/2016:01:36:52 +0200] NSMMReplicationPlugin - replication keep alive entry <cn=repl keep alive 4,dc=casalogic,dc=lan> already exists However, thats not when I have the auth problems. ----- On Jul 7, 2016, at 9:28 PM, Rob Crittenden [email protected] wrote: > Troels Hansen wrote: >> Hi, we have 2 IPA servers setup in replication. >> All works fine, except sometimes I see unable to authenticate. >> It goes on for like 2-5 minutes, and then everything works again. When >> looking at the logs I see nothing, except err?53 which means incorrect >> password, but its NOT! >> >> [07/Jul/2016:19:38:19 +0200] conn=370373 TLS1.2 128-bit AES-GCM >> [07/Jul/2016:19:38:19 +0200] conn=370373 op=0 BIND >> dn="uid=th,cn=users,cn=accounts,dc=casalogic,dc=lan" method=128 version=3 >> [07/Jul/2016:19:38:19 +0200] conn=370373 op=0 RESULT err=53 tag=97 >> nentries=0 etime=0 >> [07/Jul/2016:19:38:19 +0200] conn=370373 op=1 UNBIND >> [07/Jul/2016:19:38:19 +0200] conn=370373 op=1 fd=118 closed - U1 >> >> Anyone having any clues about where to look? > > 53 is not bad password, it is unwilling to perform. The error log might > have additional details. > > rob -- Med venlig hilsen Troels Hansen Systemkonsulent Casalogic A/S T (+45) 70 20 10 63 M (+45) 22 43 71 57 Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
