I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors, looks definitely like an issue with dirsrv.
On 19 August 2016 at 11:43, Tiemen Ruiten <[email protected]> wrote: > I see I didn't use the right terminology: all four of my FreeIPA servers > are masters. > > On 19 August 2016 at 11:36, Tiemen Ruiten <[email protected]> wrote: > >> Hello, >> >> I need some help getting one of my replica's to work. Assistance would be >> much appreciated. >> >> After the iSCSI volumes of two replicas of were briefly unavailable, on >> one of them DNS and LDAP stopped working and replication seems to have >> stopped. The ipa service failed with a message that an upgrade was >> required, so I ran ipa-server-upgrade, but it failed due to an empty >> dse.ldif. >> >> Then I probably made a mistake by copying a dse.ldif from another replica >> and trying to run the upgrade. It worked more or less, but DNS still didn't >> work. >> >> Next I replaced it with an older backup file (from Aug 4) ran the upgrade >> command again and after some fiddling all services started normally, except >> ipa-dnskeysyncd: >> >> journalctl -u ipa-dnskeysyncd >> >> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: >> ipa-dnskeysyncd.service holdoff time over, scheduling restart. >> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key >> daemon. >> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key >> daemon... >> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa: >> WARNING: session memcached servers not running >> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa >> : INFO LDAP bind... >> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client >> step 1 >> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client >> step 1 >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa >> : ERROR Login to LDAP server failed: {'info': 'SASL(-1): generic >> failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide >> more information (No key table entry found matching >> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >> Traceback (most recent call last): >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module> >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI) >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in >> sasl_interactive_bind_s >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res = >> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_ >> s,*args,**kwargs) >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in >> _apply_method_s >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return >> func(self,*args,**kwargs) >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in >> sasl_interactive_bind_s >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return >> self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req >> uestControlTuples(serverctrls),RequestControlTuples(clientct >> rls),sasl_flags) >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in >> _ldap_call >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result >> = func(*args,**kwargs) >> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error: >> Unspecified GSS failure. Minor code may provide more information (No key >> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc': >> 'Invalid credentials'} >> >> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from. >> DNS and logins to the webinterface on this host are still not working. >> >> What can I do to get this replica in working order again? >> >> -- >> Tiemen Ruiten >> Systems Engineer >> R&D Media >> > > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > -- Tiemen Ruiten Systems Engineer R&D Media
errors.gz
Description: GNU Zip compressed data
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
