Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using the
`ipa-replica-install` script to configure the replica server, the service
will not start. Whenever I try it throws SASL(-4): no mechanism available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info': 'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that the
referred LDAP URI is indeed right and functional.
Martin
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using
the
`ipa-replica-install` script to configure the replica server, the service
will not start. Whenever I try it throws SASL(-4): no mechanism available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info': 'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using
the
`ipa-replica-install` script to configure the replica server, the service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA
-i
/var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the
`ipa-replica-install` script to configure the replica server, the
service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism available:
',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in
the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running
ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This
script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that
the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=com
Configured /etc/sssd/sssd.conf
Installation failed. Rolling back changes.
2013-01-29T23:24:20Z DEBUG stderr=DNS domain 'cliff.cloudburrito.com' is
not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Failed to add CA to the
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using
the
`ipa-replica-install` script to configure the replica server, the service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism available:
',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA
-i
/var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This
script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=com
Configured /etc/sssd/sssd.conf
Installation failed. Rolling back changes.
2013-01-29T23:24:20Z DEBUG stderr=DNS domain 'cliff.cloudburrito.com' is
not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Failed to add CA to the default NSS database.
2013-01-29T23:24:20Z DEBUG Failed to configure the client
File
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 2013/30/01 09:37, Martin Kosek wrote:
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the
`ipa-replica-install` script to configure the replica server, the
service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism
available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in
the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running
ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This
script
uses a ldap_uri configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that
the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install) succeeded?
I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=com
Configured /etc/sssd/sssd.conf
Installation failed. Rolling back changes.
2013-01-29T23:24:20Z DEBUG stderr=DNS domain 'cliff.cloudburrito.com' is
not configured for automatic KDC address lookup.
KDC address will be set to
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
On 2013/30/01 09:37, Martin Kosek wrote:
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the
`ipa-replica-install` script to configure the replica server, the
service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism
available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in
the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running
ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This
script
uses a ldap_uri configuration option value from /etc/ipa/default.conf
to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify that
the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install)
succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=com
Configured /etc/sssd/sssd.conf
Installation failed. Rolling back changes.
2013-01-29T23:24:20Z DEBUG stderr=DNS domain 'cliff.cloudburrito.com' is
not configured for
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 2013/30/01 11:59, Dmitri Pal wrote:
On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
On 2013/30/01 09:37, Martin Kosek wrote:
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the
`ipa-replica-install` script to configure the replica server, the
service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism
available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs
in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually,
but `ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running
ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server. This
script
uses a ldap_uri configuration option value from /etc/ipa/default.conf
to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify
that the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install)
succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=com
Configured /etc/sssd/sssd.conf
Installation failed. Rolling back changes.
2013-01-29T23:24:20Z DEBUG stderr=DNS domain
Re: [Freeipa-users] Unable to start replica server after setting up replication
On Wed, Jan 30, 2013 at 12:02:30PM -0500, free...@stormcloud9.net wrote:
On 2013/30/01 11:59, Dmitri Pal wrote:
On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
On 2013/30/01 09:37, Martin Kosek wrote:
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the
`ipa-replica-install` script to configure the replica server, the
service
will not start. Whenever I try it throws SASL(-4): no mechanism
available
during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving
list of services from LDAP: {'info': 'SASL(-4): no mechanism
available: ',
'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs
in the
PKI instance.
ns-slapd appears to be starting fine. I can even start it manually,
but `ipactl
status` still shows the error:
Below is the result of me starting it manually (directly running
ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i
/var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636 :::*
LISTEN 15586/ns-slapd
tcp0 0 :::7389 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::7390 :::*
LISTEN 15540/ns-slapd
tcp0 0 :::389 :::*
LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4):
no mechanism available: ', 'desc': 'Unknown authentication method'}
Hello,
OK, it seems that ipactl could not bind to your Directory Server.
This script
uses a ldap_uri configuration option value from
/etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.
You can verify yourself if that bind works or not with the following
ldapsearch
(just replace $LDAP_URI_VALUE with your setting):
# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com
I assume it will report the same error as ipactl. We need to verify
that the
referred LDAP URI is indeed right and functional.
Martin
The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.
Thanks
-Patrick
Yeah, this should have been created during ipa-replica-install.
Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install)
succeeded? I
have a suspicion you hit a bug I was fixing recently.
Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd: [ OK ]
Starting httpd:[ OK ]
2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server:
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the `ipa-replica-install` script to configure the replica
server, the service will not start. Whenever I try it throws
SASL(-4): no mechanism available during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving list of services from LDAP: {'info': 'SASL(-4): no
mechanism available: ', 'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in
the PKI instance.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to start replica server after setting up replication
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after
using the `ipa-replica-install` script to configure the replica
server, the service will not start. Whenever I try it throws
SASL(-4): no mechanism available during start.
Any ideas?
Full output:
# /etc/init.d/ipa start
Starting Directory Service
Starting dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory Service: Unknown error when
retrieving list of services from LDAP: {'info': 'SASL(-4): no
mechanism available: ', 'desc': 'Unknown authentication method'}
Shutting down
Shutting down dirsrv:
CLIFF-CLOUDBURRITO-COM... [ OK ]
PKI-IPA... [ OK ]
Sounds like DS did not start under the CA. Please check the DS logs in
the PKI instance.
ns-slapd appears to be starting fine. I can even start it manually, but
`ipactl status` still shows the error:
Below is the result of me starting it manually (directly running ns-slapd):
# ps ax|grep slapd
15540 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid -w
/var/run/dirsrv/slapd-PKI-IPA.startpid
15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
/var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
# netstat -tpnl | grep slapd
tcp0 0 :::636
:::*LISTEN 15586/ns-slapd
tcp0 0 :::7389
:::*LISTEN 15540/ns-slapd
tcp0 0 :::7390
:::*LISTEN 15540/ns-slapd
tcp0 0 :::389
:::*LISTEN 15586/ns-slapd
# ipactl status
Directory Service: RUNNING
Unknown error when retrieving list of services from LDAP: {'info':
'SASL(-4): no mechanism available: ', 'desc': 'Unknown authentication
method'}
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
