Re: [Freeipa-users] ipactl start fails for no apparent reason
On Wed, Apr 01, 2015 at 01:20:44PM +0200, Martin Babinsky wrote: > On 04/01/2015 10:14 AM, Traiano Welcome wrote: > >Hi Martin > > > > Thanks for the response. Check results inline: > > > > > >On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: > >>On 04/01/2015 09:20 AM, Traiano Welcome wrote: > >>> > >>>Some information from the dirsrv error log (sanitized: XYZ = realm): > >>> > >>>[01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 > >>>starting up > >>>[01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no > >>>entries set up under cn=computers, cn=compat,dc=idm,dc=local > >>>[01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password > >>>Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which > >>>should be added before the CoS Definition. > >>>[01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > >>>cleanAllRUV task found, resuming the cleaning of rid(6)... > >>>[01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password > >>>Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which > >>>should be added before the CoS Definition. > >>>[01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All > >>>Interfaces port 389 for LDAP requests > >>>[01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 > >>>for LDAPS requests > >>>[01/Apr/2015:11:01:49 +0300] - Listening on > >>>/var/run/slapd-IDM-LOCAL.socket for LDAPI requests > >>>[01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial > >>>credentials for principal [ldap/kwtpr-idm-mstr@] in keytab > >>>[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > >>>[01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial > >>>credentials for principal [ldap/kwtpr-idm-mstr@] in keytab > >>>[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > >>>[01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial > >>>credentials for principal [ldap/kwtpr-idm-mstr@] in keytab > >>>[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > >>>[01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial > >>>credentials for principal [ldap/kwtpr-idm-mstr@] in keytab > >>>[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > >>>[01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial > >>>credentials for principal [ldap/kwtpr-idm-mstr@] in keytab > >>>[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > >>>[01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: > >>>could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > >>>-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > >>>GSS failure. Minor code may provide more information (No Kerberos > >>>credentials available)) errno 0 (Success) > >>>[01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not > >>>perform interactive bind for id [] authentication mechanism [GSSAPI]: > >>>error -2 (Local error) > >>>[01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - > >>>agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): > >>>Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > >>>(SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > >>>Minor code may provide more information (No Kerberos credentials > >>>available)) > >>>[01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: > >>>could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > >>>-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > >>>GSS failure. Minor code may provide more information (No Kerberos > >>>credentials available)) errno 0 (Success) > >>>[01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not > >>>perform interactive bind for id [] authentication mechanism [GSSAPI]: > >>>error -2 (Local error) > >>>[01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - > >>>agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): > >>>Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > >>>(SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > >>>Minor code may provide more information (No Kerberos credentials > >>>available)) > >>>[01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation > >>>threads > >>>[01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 > >>>threads to terminate > >>>[01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down > >>>internal subsystems and plugins > >>>[01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > >>>Cleaning rid (6)... > >>>[01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > >>>Waiting to process all the updates from the deleted replica... > >>>[01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > >>>Waiting for all the replicas to be online... > >>>[01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAl
Re: [Freeipa-users] ipactl start fails for no apparent reason
Dude. You rock :-) That was it !! All the entries were the wrong way round (not sure how I missed that ... time for a visit to the optometrists) Beer is in the mail! And thanks to all @redhat for an excellent piece of software and for all the help today! On Wed, Apr 1, 2015 at 4:40 PM, Rob Crittenden wrote: > Traiano Welcome wrote: >> Hi Dmitri >> >> This is a freshly generated DS log (sanitized: XYZ = realm): >> >> >> 389-Directory/1.3.1.6 B2014.160.2139 >> lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL) >> >> [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting >> up >> [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no >> entries set up under cn=computers, cn=compat,dc=xyz,dc=local >> [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> cleanAllRUV task found, resuming the cleaning of rid(6)... >> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send >> startTLS request: error -1 (Can't contact LDAP server) errno 0 >> (Success) >> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - >> agmt="cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat" >> (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP >> error -1 (Can't contact LDAP server) () >> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 2 (No such file or directory) >> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - >> agmt="cn=meTololard-xyz-slve.xyz.local" (lolard-xyz-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) >> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (No Kerberos credentials >> available)) >> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -1 (Can't contact LDAP server) ((null)) errno 0 (Success) >> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -1 (Can't contact LDAP server) >> [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - >> agmt="cn=meTololospr-xyz-slve.xyz.local" (lolospr-xyz-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact >> LDAP server) () >> [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636 >> for LDAPS requests >> [01/Apr/2015:15:19:02 +0300] - Listening on >> /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests >> [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/lolpr-xyz-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 0 (Success) >> [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:15:19:0
Re: [Freeipa-users] ipactl start fails for no apparent reason
Traiano Welcome wrote: > Hi Dmitri > > This is a freshly generated DS log (sanitized: XYZ = realm): > > > 389-Directory/1.3.1.6 B2014.160.2139 > lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL) > > [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting > up > [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no > entries set up under cn=computers, cn=compat,dc=xyz,dc=local > [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password > Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which > should be added before the CoS Definition. > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task: > cleanAllRUV task found, resuming the cleaning of rid(6)... > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send > startTLS request: error -1 (Can't contact LDAP server) errno 0 > (Success) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat" > (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP > error -1 (Can't contact LDAP server) () > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password > Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which > should be added before the CoS Definition. > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) errno 2 (No such file or directory) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -2 (Local error) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololard-xyz-slve.xyz.local" (lolard-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (No Kerberos credentials > available)) > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -1 (Can't contact LDAP server) ((null)) errno 0 (Success) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -1 (Can't contact LDAP server) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololospr-xyz-slve.xyz.local" (lolospr-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact > LDAP server) () > [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636 > for LDAPS requests > [01/Apr/2015:15:19:02 +0300] - Listening on > /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests > [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial > credentials for principal [ldap/lolpr-xyz-mstr@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (No Kerberos > credentials available)) errno 0 (Success) > [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not > perform interactive bind for id [] authentication mechanism [GSSAPI]: > error -2 (Local error) > [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - > agmt="cn=meTololpr-xyz-slve.xyz.local" (lolpr-xyz-slve:389): > Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) > (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (No Kerberos credentials > available)) > [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: > coul
Re: [Freeipa-users] ipactl start fails for no apparent reason
Hi Dmitri On Wed, Apr 1, 2015 at 3:06 PM, Dmitri Pal wrote: > On 04/01/2015 07:52 AM, Traiano Welcome wrote: >> >> Hi Dmitri >> >> >> On Wed, Apr 1, 2015 at 2:23 PM, Dmitri Pal wrote: >>> >>> On 04/01/2015 04:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: > > On 04/01/2015 09:20 AM, Traiano Welcome wrote: >> >> Some information from the dirsrv error log (sanitized: XYZ = realm): >> >> [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 >> starting up >> [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no >> entries set up under cn=computers, cn=compat,dc=idm,dc=local >> [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> cleanAllRUV task found, resuming the cleaning of rid(6)... >> [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 >> for LDAPS requests >> [01/Apr/2015:11:01:49 +0300] - Listening on >> /var/run/slapd-IDM-LOCAL.socket for LDAPI requests >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 0 (Success) >> [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - >> agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) >> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (No Kerberos credentials >> available)) >> [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 0 (Success) >> [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - >> agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) >> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (No Kerberos credentials >> available)) >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling >> operation >> threads >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 >> threads to terminate >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down >> internal subsystems and plugins >> [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> Cleaning rid (6)... >> [01/Apr/2015:11:01:58
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 07:52 AM, Traiano Welcome wrote: Hi Dmitri On Wed, Apr 1, 2015 at 2:23 PM, Dmitri Pal wrote: On 04/01/2015 04:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform
Re: [Freeipa-users] ipactl start fails for no apparent reason
Hi Dmitri On Wed, Apr 1, 2015 at 2:23 PM, Dmitri Pal wrote: > On 04/01/2015 04:14 AM, Traiano Welcome wrote: >> >> Hi Martin >> >> Thanks for the response. Check results inline: >> >> >> On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky >> wrote: >>> >>> On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - Clea
Re: [Freeipa-users] ipactl start fails for no apparent reason
On Wed, Apr 1, 2015 at 2:20 PM, Martin Babinsky wrote: > On 04/01/2015 10:14 AM, Traiano Welcome wrote: >> >> Hi Martin >> >> Thanks for the response. Check results inline: >> >> >> On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky >> wrote: >>> >>> On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanA
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 04:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 10:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015
Re: [Freeipa-users] ipactl start fails for no apparent reason
Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky wrote: > On 04/01/2015 09:20 AM, Traiano Welcome wrote: >> >> Some information from the dirsrv error log (sanitized: XYZ = realm): >> >> [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 >> starting up >> [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no >> entries set up under cn=computers, cn=compat,dc=idm,dc=local >> [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> cleanAllRUV task found, resuming the cleaning of rid(6)... >> [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password >> Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which >> should be added before the CoS Definition. >> [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 >> for LDAPS requests >> [01/Apr/2015:11:01:49 +0300] - Listening on >> /var/run/slapd-IDM-LOCAL.socket for LDAPI requests >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial >> credentials for principal [ldap/kwtpr-idm-mstr@] in keytab >> [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) >> [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 0 (Success) >> [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - >> agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) >> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (No Kerberos credentials >> available)) >> [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No Kerberos >> credentials available)) errno 0 (Success) >> [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not >> perform interactive bind for id [] authentication mechanism [GSSAPI]: >> error -2 (Local error) >> [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - >> agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): >> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) >> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (No Kerberos credentials >> available)) >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation >> threads >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 >> threads to terminate >> [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down >> internal subsystems and plugins >> [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> Cleaning rid (6)... >> [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> Waiting to process all the updates from the deleted replica... >> [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> Waiting for all the replicas to be online... >> [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: >> Server shutting down. Process will resume at server startup >> [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error >> -1 (Can't contact LDAP server) ((null)) errno 110 (Connection tim
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:11:02:09 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtospr-idm-slve.idm.local" (kwtospr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't
Re: [Freeipa-users] ipactl start fails for no apparent reason
Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtard-idm-slve.idm.local" (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt="cn=meToindpr-idm-slve.idm.local" (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:11:02:09 +0300] NSMMReplicationPlugin - agmt="cn=meTokwtospr-idm-slve.idm.local" (kwtospr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:11:02:09 +03
[Freeipa-users] ipactl start fails for no apparent reason
Hi List I've just tried to restart my IPA services after recently adding a new replica (0 configuration changes on the IPA server otherwise!), but ipactl fails when starting up named: --- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details. Failed to start named Service Shutting down Aborting ipactl --- I then manual start named service and try again, but then smb service fails: --- [root@lolpr-xyz-mstr ~]# ipactl start Existing service file detected! Assuming stale, cleaning and proceeding Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed. See 'systemctl status smb.service' and 'journalctl -xn' for details. Failed to start smb Service Shutting down Aborting ipactl --- systemctl status shows the following output for smb.service: --- [root@lolpr-xyz-mstr ~]# systemctl -l status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:21:10 AST; 1min 14s ago Process: 4662 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 4662 (code=exited, status=1/FAILURE) Status: "Starting process..." CGroup: /system.slice/smb.service Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI client step 1 Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/lolpr-xyz-mstr@XYZ.LOCAL not found in Kerberos database) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211028, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: Failed to get base DN. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211210, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. Apr 01 09:21:12 lolpr-xyz-mstr.xyz.local systemd[1]: Stopped Samba SMB Daemon. --- I manually try to start the smb service as follows, but can't (Of course the directory service is not up, so there's a little catch22 there and this many not mean much): --- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# systemctl status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:50:38 AST; 57s ago Process: 8089 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 8089 (code=exited, status=1/FAILURE) Status: "Starting process..." Apr 01 09:50:36 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:37.573772, 0] ipa_sam.c:4128(bind_callback_cleanup) Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574722, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: Failed to get base DN. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574903, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# --- Please could someone advise me on how to drill deeper into debugging this issue to get ipactl to start ? NOTES: - This server is successfully in a Trust relationship with ActiveDirectory. - There are a number of replicas established which have been working fine til this morning - Another replica was added around the time of the failure using the same steps as usual (not sure how this could be re