Hi all: Orginal config server <> server02 , either server can add user and syn
Now server < server02 ,GSSAPI show as below ..ANY idea? THX [05/May/2016:17:29:03 +0800] - 389-Directory/1.2.11.25 B2013.325.1951 starting up [05/May/2016:17:29:03 +0800] - WARNING: userRoot: entry cache size 10485760B is less than db size 17113088B; We recommend to increase the entry cache size nsslapd-cachememsize. [05/May/2016:17:29:03 +0800] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [05/May/2016:17:29:03 +0800] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [05/May/2016:17:29:03 +0800] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES [05/May/2016:17:29:03 +0800] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [05/May/2016:17:29:03 +0800] attrcrypt - All prepared ciphers are not available. Please disable attribute encryption. [05/May/2016:17:29:03 +0800] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=ABC,dc=com [05/May/2016:17:29:07 +0800] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=ABC,dc=com [05/May/2016:17:29:07 +0800] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=ABC,dc=com [05/May/2016:17:29:07 +0800] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=ABC,dc=com--no CoS Templates found, which should be added before the CoS Definition. [05/May/2016:17:29:07 +0800] set_krb5_creds - Could not get initial credentials for principal [ldap/server.abc....@abc.com] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [05/May/2016:17:29:07 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_492' not found)) errno 0 (Success) [05/May/2016:17:29:07 +0800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) [05/May/2016:17:29:07 +0800] NSMMReplicationPlugin - agmt="cn= meToserver02.ABC.com" (server02:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_492' not found)) [05/May/2016:17:29:07 +0800] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=ABC,dc=com--no CoS Templates found, which should be added before the CoS Definition. [05/May/2016:17:29:07 +0800] - slapd started. Listening on All Interfaces port 389 for LDAP requests [05/May/2016:17:29:07 +0800] - Listening on All Interfaces port 636 for LDAPS requests [05/May/2016:17:29:07 +0800] - Listening on /var/run/slapd-ABC-COM.socket for LDAPI requests [05/May/2016:17:29:11 +0800] NSMMReplicationPlugin - agmt="cn= meToserver02.ABC.com" (server02:389): Replication bind with GSSAPI auth resumed [05/May/2016:17:29:11 +0800] NSMMReplicationPlugin - agmt="cn= meToserver02.ABC.com" (server02:389): Missing data encountered [05/May/2016:17:29:11 +0800] NSMMReplicationPlugin - agmt="cn= meToserver02.ABC.com" (server02:389): Incremental update failed and requires administrator action
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project