Re: [Freeipa-users] ipactl start fails for no apparent reason
On Wed, Apr 01, 2015 at 01:20:44PM +0200, Martin Babinsky wrote: On 04/01/2015 10:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out)
[Freeipa-users] ipactl start fails for no apparent reason
Hi List I've just tried to restart my IPA services after recently adding a new replica (0 configuration changes on the IPA server otherwise!), but ipactl fails when starting up named: --- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details. Failed to start named Service Shutting down Aborting ipactl --- I then manual start named service and try again, but then smb service fails: --- [root@lolpr-xyz-mstr ~]# ipactl start Existing service file detected! Assuming stale, cleaning and proceeding Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed. See 'systemctl status smb.service' and 'journalctl -xn' for details. Failed to start smb Service Shutting down Aborting ipactl --- systemctl status shows the following output for smb.service: --- [root@lolpr-xyz-mstr ~]# systemctl -l status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:21:10 AST; 1min 14s ago Process: 4662 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 4662 (code=exited, status=1/FAILURE) Status: Starting process... CGroup: /system.slice/smb.service Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI client step 1 Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/lolpr-xyz-mstr@XYZ.LOCAL not found in Kerberos database) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211028, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: Failed to get base DN. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211210, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. Apr 01 09:21:12 lolpr-xyz-mstr.xyz.local systemd[1]: Stopped Samba SMB Daemon. --- I manually try to start the smb service as follows, but can't (Of course the directory service is not up, so there's a little catch22 there and this many not mean much): --- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# systemctl status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:50:38 AST; 57s ago Process: 8089 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 8089 (code=exited, status=1/FAILURE) Status: Starting process... Apr 01 09:50:36 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:37.573772, 0] ipa_sam.c:4128(bind_callback_cleanup) Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574722, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: Failed to get base DN. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574903, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# --- Please could someone advise me on how to drill deeper into debugging this issue to get ipactl to start ? NOTES: - This server is successfully in a Trust relationship with ActiveDirectory. - There are a number of replicas established which have been working fine til this morning - Another replica was added around the time of the failure using the same steps as usual (not sure how this could be
Re: [Freeipa-users] ipactl start fails for no apparent reason
Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:11:02:09 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtospr-idm-slve.idm.local (kwtospr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:11:02:09 +0300]
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:11:02:09 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtospr-idm-slve.idm.local (kwtospr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't
Re: [Freeipa-users] ipactl start fails for no apparent reason
Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]:
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 07:52 AM, Traiano Welcome wrote: Hi Dmitri On Wed, Apr 1, 2015 at 2:23 PM, Dmitri Pal d...@redhat.com wrote: On 04/01/2015 04:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300]
Re: [Freeipa-users] ipactl start fails for no apparent reason
Hi Dmitri On Wed, Apr 1, 2015 at 3:06 PM, Dmitri Pal d...@redhat.com wrote: On 04/01/2015 07:52 AM, Traiano Welcome wrote: Hi Dmitri On Wed, Apr 1, 2015 at 2:23 PM, Dmitri Pal d...@redhat.com wrote: On 04/01/2015 04:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform
Re: [Freeipa-users] ipactl start fails for no apparent reason
On Wed, Apr 1, 2015 at 2:20 PM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 10:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out)
Re: [Freeipa-users] ipactl start fails for no apparent reason
On 04/01/2015 10:14 AM, Traiano Welcome wrote: Hi Martin Thanks for the response. Check results inline: On Wed, Apr 1, 2015 at 10:37 AM, Martin Babinsky mbabi...@redhat.com wrote: On 04/01/2015 09:20 AM, Traiano Welcome wrote: Some information from the dirsrv error log (sanitized: XYZ = realm): [01/Apr/2015:11:01:49 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:11:01:49 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=idm,dc=local [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:11:01:49 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=idm,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:11:01:49 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:11:01:49 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:11:01:49 +0300] - Listening on /var/run/slapd-IDM-LOCAL.socket for LDAPI requests [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/kwtpr-idm-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meTokwtard-idm-slve.idm.local (kwtard-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:49 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:11:01:49 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:11:01:49 +0300] NSMMReplicationPlugin - agmt=cn=meToindpr-idm-slve.idm.local (indpr-idm-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:11:01:50 +0300] - slapd shutting down - signaling operation threads [01/Apr/2015:11:01:50 +0300] - slapd shutting down - waiting for 27 threads to terminate [01/Apr/2015:11:01:50 +0300] - slapd shutting down - closing down internal subsystems and plugins [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (6)... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online... [01/Apr/2015:11:01:58 +0300] NSMMReplicationPlugin - CleanAllRUV Task: Server shutting down. Process will resume at server startup [01/Apr/2015:11:02:09 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 110 (Connection timed out) [01/Apr/2015:11:02:09 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP
Re: [Freeipa-users] ipactl start fails for no apparent reason
Traiano Welcome wrote: Hi Dmitri This is a freshly generated DS log (sanitized: XYZ = realm): 389-Directory/1.3.1.6 B2014.160.2139 lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL) [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=xyz,dc=local [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 2 (No such file or directory) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololard-xyz-slve.xyz.local (lolard-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololospr-xyz-slve.xyz.local (lolospr-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:15:19:02 +0300] - Listening on /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololpr-xyz-slve.xyz.local (lolpr-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1):
Re: [Freeipa-users] ipactl start fails for no apparent reason
Dude. You rock :-) That was it !! All the entries were the wrong way round (not sure how I missed that ... time for a visit to the optometrists) Beer is in the mail! And thanks to all @redhat for an excellent piece of software and for all the help today! On Wed, Apr 1, 2015 at 4:40 PM, Rob Crittenden rcrit...@redhat.com wrote: Traiano Welcome wrote: Hi Dmitri This is a freshly generated DS log (sanitized: XYZ = realm): 389-Directory/1.3.1.6 B2014.160.2139 lolpr-xyz-mstr.xyz.local:636 (/etc/dirsrv/slapd-XYZ-LOCAL) [01/Apr/2015:15:19:01 +0300] - 389-Directory/1.3.1.6 B2014.160.2139 starting up [01/Apr/2015:15:19:01 +0300] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=xyz,dc=local [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - CleanAllRUV Task: cleanAllRUV task found, resuming the cleaning of rid(6)... [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=masterAgreement1-lolospr-xyz-slve.xyz.local-pki-tomcat (lolospr-xyz-slve:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=xyz,dc=local--no CoS Templates found, which should be added before the CoS Definition. [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 2 (No such file or directory) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololard-xyz-slve.xyz.local (lolard-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololospr-xyz-slve.xyz.local (lolospr-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [01/Apr/2015:15:19:02 +0300] - slapd started. Listening on All Interfaces port 389 for LDAP requests [01/Apr/2015:15:19:02 +0300] - Listening on All Interfaces port 636 for LDAPS requests [01/Apr/2015:15:19:02 +0300] - Listening on /var/run/slapd-XYZ-LOCAL.socket for LDAPI requests [01/Apr/2015:15:19:02 +0300] set_krb5_creds - Could not get initial credentials for principal [ldap/lolpr-xyz-mstr@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found) [01/Apr/2015:15:19:02 +0300] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success) [01/Apr/2015:15:19:02 +0300] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [01/Apr/2015:15:19:02 +0300] NSMMReplicationPlugin - agmt=cn=meTololpr-xyz-slve.xyz.local (lolpr-xyz-slve:389): Replication bind with GSSAPI auth failed: LDAP error -2