Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Jeff Goddard
I guess my issue it totally different then as the files I have contain the correct values. I'll resubmit a new email with the correct subject line so as to start fresh. Thanks, Jeff On Thu, Jan 5, 2017 at 7:22 AM, Brian J. Murrell wrote: > On Wed, 2017-01-04 at 16:21

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Brian J. Murrell
On Wed, 2017-01-04 at 16:21 -0500, Jeff Goddard wrote: > I don't want to hijack someone else's thread but I'm having what > appears to > be the same problem and have not seen a solution presented yet. The problem and solution were presented. These two messages basically embody the problem I had:

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Jeff Goddard
Running the command displays no output. Here is the config file output: # This file is sourced by dirsrv upon startup to set # the default environment for all directory server instances. # To set instance specific defaults, use the file in the same # directory called dirsrv-instance where

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Martin Basti
On 04.01.2017 22:21, Jeff Goddard wrote: I don't want to hijack someone else's thread but I'm having what appears to be the same problem and have not seen a solution presented yet. Here is the output of journalctl -xe after having tried to start named: Jan 04 15:48:42

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-04 Thread Jeff Goddard
I don't want to hijack someone else's thread but I'm having what appears to be the same problem and have not seen a solution presented yet. Here is the output of journalctl -xe after having tried to start named: Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]: loading

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-30 Thread Brian J. Murrell
[ Sent just to the list. Hopefully Martin is on it. ] On Thu, 2016-12-22 at 10:06 +0100, Martin Babinsky wrote: > > Hi Brian, Hi Martin, > DS should use /etc/sysconfig/dirsrv to set its KRB5_KTNAME env > variable  > to /etc/dirsrv/ds.keytab. Ah-ha! This was the problem. When I upgraded

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-22 Thread Simo Sorce
On Thu, 2016-12-22 at 08:24 +0100, Petr Spacek wrote: > On 21.12.2016 21:36, Brian J. Murrell wrote: > > Some additional information. I can't seem to use the CLI either. > > Perhaps that is expected: > > > > # kinit admin > > Password for ad...@example.com: > > > > # klist > > Ticket cache:

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-22 Thread Martin Babinsky
On 12/21/2016 07:22 PM, Brian J. Murrell wrote: On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote: Okay, I believe that this is the problem: On 21.12.2016 15:53, Brian J. Murrell wrote: [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 connection from local to

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Petr Spacek
On 21.12.2016 21:36, Brian J. Murrell wrote: > Some additional information. I can't seem to use the CLI either. > Perhaps that is expected: > > # kinit admin > Password for ad...@example.com: > > # klist > Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m > Default principal:

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Brian J. Murrell
Some additional information. I can't seem to use the CLI either. Perhaps that is expected: # kinit admin Password for ad...@example.com: # klist Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m Default principal: ad...@example.com Valid starting ExpiresService principal

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Brian J. Murrell
On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote: > Okay, I believe that this is the problem: > > On 21.12.2016 15:53, Brian J. Murrell wrote: > > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 > > connection from local to /var/run/slapd-EXAMPLE.COM.socket > > ... > >

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Petr Spacek
Okay, I believe that this is the problem: On 21.12.2016 15:53, Brian J. Murrell wrote: > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 connection > from local to /var/run/slapd-EXAMPLE.COM.socket ... > [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn=""

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Brian J. Murrell
On Wed, 2016-12-21 at 15:04 +0100, Petr Spacek wrote: > > I'm really curious what you will find out :-) It seems to be like this, over and over again: [21/Dec/2016:09:39:02.124732240 -0500] conn=77025 fd=107 slot=107 connection from 10.75.22.1 to 10.75.22.247 [21/Dec/2016:09:39:02.125630906

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-21 Thread Brian J. Murrell
On Wed, 2016-12-21 at 08:24 +0100, Petr Spacek wrote: > > You can try to add line > KRB5_TRACE=/dev/stdout > to > /etc/sysconfig/ipa-dnskeysyncd [27472] 1482320667.240500: Retrieving ipa-dnskeysyncd/server.example@example.com from FILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab (vno 0, enctype

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-20 Thread Petr Spacek
On 20.12.2016 12:41, Brian J. Murrell wrote: > On Tue, 2016-12-20 at 11:55 +0100, Martin Basti wrote: >> >> So there are actually no issues with credentials, it needs more >> debugging, in past we have similar case but we haven't found the >> root >> cause why it doesn't have the right

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-20 Thread Brian J. Murrell
On Tue, 2016-12-20 at 11:55 +0100, Martin Basti wrote: > > So there are actually no issues with credentials, it needs more  > debugging, in past we have similar case but we haven't found the > root  > cause why it doesn't have the right credentials after kinit. So, to be clear, all I did was

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-20 Thread Martin Basti
On 19.12.2016 21:24, Brian J. Murrell wrote: On Mon, 2016-12-19 at 17:26 +0100, Martin Basti wrote: On 19.12.2016 13:19, Brian J. Murrell wrote: On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: Hello, could you recheck with SElinux in permissive mode? Yeah, still happens even after

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Brian J. Murrell
On Mon, 2016-12-19 at 17:26 +0100, Martin Basti wrote: > > On 19.12.2016 13:19, Brian J. Murrell wrote: > > On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: > > > Hello, > > > > > > could you recheck with SElinux in permissive mode? > > > > Yeah, still happens even after doing: > > > > #

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Martin Basti
On 19.12.2016 13:19, Brian J. Murrell wrote: On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: Hello, could you recheck with SElinux in permissive mode? Yeah, still happens even after doing: # setenforce 0 Cheers, b. could you please kinit as service? kinit -kt

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Brian J. Murrell
On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: > > Hello, > > could you recheck with SElinux in permissive mode? Yeah, still happens even after doing: # setenforce 0 Cheers, b. signature.asc Description: This is a digitally signed message part -- Manage your subscription for the

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Martin Basti
On 17.12.2016 19:30, Brian J. Murrell wrote: On Fri, 2016-12-16 at 22:53 -0500, Brian J. Murrell wrote: Hi, After upgrading to EL 7.3 which included an upgrade of IPA from 4.2.0- 15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting: 22:01:00 ipa-dnskeysyncd ipa : INFO LDAP

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-17 Thread Brian J. Murrell
On Fri, 2016-12-16 at 22:53 -0500, Brian J. Murrell wrote: > Hi, > > After upgrading to EL 7.3 which included an upgrade of IPA from > 4.2.0- > 15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting:  > > 22:01:00 ipa-dnskeysyncd ipa : INFO LDAP bind... > 22:01:00 ipa-dnskeysyncd