Hello, I need some help getting one of my replica's to work. Assistance would be much appreciated.
After the iSCSI volumes of two replicas of were briefly unavailable, on one of them DNS and LDAP stopped working and replication seems to have stopped. The ipa service failed with a message that an upgrade was required, so I ran ipa-server-upgrade, but it failed due to an empty dse.ldif. Then I probably made a mistake by copying a dse.ldif from another replica and trying to run the upgrade. It worked more or less, but DNS still didn't work. Next I replaced it with an older backup file (from Aug 4) ran the upgrade command again and after some fiddling all services started normally, except ipa-dnskeysyncd: journalctl -u ipa-dnskeysyncd Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: ipa-dnskeysyncd.service holdoff time over, scheduling restart. Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key daemon. Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key daemon... Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa: WARNING: session memcached servers not running Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa : INFO LDAP bind... Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client step 1 Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client step 1 Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa : ERROR Login to LDAP server failed: {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No key table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: Traceback (most recent call last): Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI) Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in sasl_interactive_bind_s Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in _apply_method_s Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return func(self,*args,**kwargs) Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in sasl_interactive_bind_s Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result = func(*args,**kwargs) Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No key table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from. DNS and logins to the webinterface on this host are still not working. What can I do to get this replica in working order again? -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project