On 19.8.2016 15:26, Tiemen Ruiten wrote:
> Managed to fix it: had to stop dirsrv@IPA-RDMEDIA-COM and put the server's
> hostname on the line with nsslapd-localhost

Uh, this is quite brutal. There might be some other server-specific options.

If you can dig up older dse.ldif from the same server, I would rather restore
that version. You never know what will silently break.

Petr^2 Spacek

> 
> Then run ipa-replica-manage re-initialize --from
> other-master.ipa.rdmedia.com
> 
> On 19 August 2016 at 12:14, Tiemen Ruiten <t.rui...@rdmedia.com> wrote:
> 
>> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors,
>> looks definitely like an issue with dirsrv.
>>
>> On 19 August 2016 at 11:43, Tiemen Ruiten <t.rui...@rdmedia.com> wrote:
>>
>>> I see I didn't use the right terminology: all four of my FreeIPA servers
>>> are masters.
>>>
>>> On 19 August 2016 at 11:36, Tiemen Ruiten <t.rui...@rdmedia.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I need some help getting one of my replica's to work. Assistance would
>>>> be much appreciated.
>>>>
>>>> After the iSCSI volumes of two replicas of were briefly unavailable, on
>>>> one of them DNS and LDAP stopped working and replication seems to have
>>>> stopped. The ipa service failed with a message that an upgrade was
>>>> required, so I ran ipa-server-upgrade, but it failed due to an empty
>>>> dse.ldif.
>>>>
>>>> Then I probably made a mistake by copying a dse.ldif from another
>>>> replica and trying to run the upgrade. It worked more or less, but DNS
>>>> still didn't work.
>>>>
>>>> Next I replaced it with an older backup file (from Aug 4) ran the
>>>> upgrade command again and after some fiddling all services started
>>>> normally, except ipa-dnskeysyncd:
>>>>
>>>> journalctl -u ipa-dnskeysyncd
>>>>
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
>>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
>>>> daemon.
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
>>>> daemon...
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
>>>> WARNING: session memcached servers not running
>>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>>       : INFO     LDAP bind...
>>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>>> step 1
>>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>>> step 1
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
>>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>>>> more information (No key table entry found matching
>>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> Traceback (most recent call last):
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
>>>> sasl_interactive_bind_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
>>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
>>>> s,*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
>>>> _apply_method_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> return func(self,*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
>>>> sasl_interactive_bind_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
>>>> uestControlTuples(serverctrls),RequestControlTuples(clientct
>>>> rls),sasl_flags)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
>>>> _ldap_call
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> result = func(*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
>>>> Unspecified GSS failure.  Minor code may provide more information (No key
>>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)',
>>>> 'desc': 'Invalid credentials'}
>>>>
>>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
>>>> DNS and logins to the webinterface on this host are still not working.
>>>>
>>>> What can I do to get this replica in working order again?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to