I see I didn't use the right terminology: all four of my FreeIPA servers are masters.
On 19 August 2016 at 11:36, Tiemen Ruiten <[email protected]> wrote: > Hello, > > I need some help getting one of my replica's to work. Assistance would be > much appreciated. > > After the iSCSI volumes of two replicas of were briefly unavailable, on > one of them DNS and LDAP stopped working and replication seems to have > stopped. The ipa service failed with a message that an upgrade was > required, so I ran ipa-server-upgrade, but it failed due to an empty > dse.ldif. > > Then I probably made a mistake by copying a dse.ldif from another replica > and trying to run the upgrade. It worked more or less, but DNS still didn't > work. > > Next I replaced it with an older backup file (from Aug 4) ran the upgrade > command again and after some fiddling all services started normally, except > ipa-dnskeysyncd: > > journalctl -u ipa-dnskeysyncd > > Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: > ipa-dnskeysyncd.service holdoff time over, scheduling restart. > Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key > daemon. > Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key > daemon... > Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa: > WARNING: session memcached servers not running > Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa > : INFO LDAP bind... > Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client > step 1 > Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client > step 1 > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa > : ERROR Login to LDAP server failed: {'info': 'SASL(-1): generic > failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide > more information (No key table entry found matching > ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > Traceback (most recent call last): > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File > "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module> > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI) > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File > "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in > sasl_interactive_bind_s > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res = > self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,** > kwargs) > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File > "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in > _apply_method_s > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return > func(self,*args,**kwargs) > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File > "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in > sasl_interactive_bind_s > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return > self._ldap_call(self._l.sasl_interactive_bind_s,who,auth, > RequestControlTuples(serverctrls),RequestControlTuples( > clientctrls),sasl_flags) > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File > "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in > _ldap_call > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result > = func(*args,**kwargs) > Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error: > Unspecified GSS failure. Minor code may provide more information (No key > table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc': > 'Invalid credentials'} > > praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from. > DNS and logins to the webinterface on this host are still not working. > > What can I do to get this replica in working order again? > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
