subject:"\[Freeipa\-users\] Fwd\: ipa\-dnskeysyncd ipa \: ERROR Login to LDAP server failed\: \{'desc'\: 'Invalid credentials'\}"

Re: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Jeff Goddard

I cannot. I get:

dap_sasl_interactive_bind_s: Can't contact LDAP server (-1)


On Thu, Jan 5, 2017 at 9:08 AM, Martin Basti  wrote:

> Hello,
>
> could you check this link https://fedorahosted.org/bind-
> dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:
> bindtoLDAPserverfailed
>
> kinit prints nothing when it works, so it works in your case, can you
> after kinit as DNS service try to use ldapsearch -Y GSSAPI ?
>
>
> Martin
>
>
>
> On 05.01.2017 14:58, Jeff Goddard wrote:
>
>
> -- Forwarded message --
> From: Jeff Goddard 
> Date: Thu, Jan 5, 2017 at 8:57 AM
> Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
> server failed: {'desc': 'Invalid credentials'}
> To: Martin Basti 
>
>
>
>
> On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti  wrote:
>
>>
>>
>> On 04.01.2017 22:21, Jeff Goddard wrote:
>>
>> I don't want to hijack someone else's thread but I'm having what appears
>> to be the same problem and have not seen a solution presented yet.
>>
>> Here is the output of journalctl -xe after having tried to start named:
>>
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> loading configuration from '/etc/named.conf'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> reading built-in trusted keys from file '/etc/named.iscdlv.key'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> using default UDP/IPv4 port range: [1024, 65535]
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> using default UDP/IPv6 port range: [1024, 65535]
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv6 interfaces, port 53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv4 interface lo, 127.0.0.1#53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv4 interface ens32, 10.73.100.31#53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> generating session key for dynamic DNS
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> sizing zone task pool based on 6 zones
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> set up managed keys zone for view _default, file
>> '/var/named/dynamic/managed-keys.bind'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
>> 4.8.5 20150623 (Red Hat 4.8.5-11)
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> option 'serial_autoincrement' is not supported, ignoring
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 2
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 2
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 3
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> LDAP error: Invalid credentials: bind to LDAP server failed
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> couldn't establish connection in LDAP connection pool: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> dynamic database 'ipa' configuration failed: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> loading configuration: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> exiting (due to fatal error)
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
>> named-pkcs11.service: control process exited, code=exited status=1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed
>> to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
>> -- Subject: Unit named-pkcs11.service has failed
>> -- Defined-By: systemd
>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit named-pkcs11.service has failed.
>> --
>> -- The result is failed.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
>> named-pkcs11.service entered failed state.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
>> named-pkcs11.service failed.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
>> Unregistered Authentication Agent for

Re: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Martin Basti


Hello,

could you check this link 
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:bindtoLDAPserverfailed


kinit prints nothing when it works, so it works in your case, can you 
after kinit as DNS service try to use ldapsearch -Y GSSAPI ?



Martin



On 05.01.2017 14:58, Jeff Goddard wrote:


-- Forwarded message --
From: *Jeff Goddard* >
Date: Thu, Jan 5, 2017 at 8:57 AM
Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP 
server failed: {'desc': 'Invalid credentials'}

To: Martin Basti >




On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti > wrote:




On 04.01.2017 22:21, Jeff Goddard wrote:

I don't want to hijack someone else's thread but I'm having what
appears to be the same problem and have not seen a solution
presented yet.

Here is the output of journalctl -xe after having tried to start
named:

Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
loading configuration from '/etc/named.conf'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
reading built-in trusted keys from file '/etc/named.iscdlv.key'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
using default UDP/IPv4 port range: [1024, 65535]
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
using default UDP/IPv6 port range: [1024, 65535]
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
listening on IPv6 interfaces, port 53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
listening on IPv4 interface lo, 127.0.0.1#53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
listening on IPv4 interface ens32, 10.73.100.31#53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
generating session key for dynamic DNS
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
sizing zone task pool based on 6 zones
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
set up managed keys zone for view _default, file
'/var/named/dynamic/managed-keys.bind'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016,
compiler 4.8.5 20150623 (Red Hat 4.8.5-11)
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
option 'serial_autoincrement' is not supported, ignoring
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 ns-slapd[2596]:
GSSAPI server step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 ns-slapd[2596]:
GSSAPI server step 2
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
GSSAPI client step 2
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 ns-slapd[2596]:
GSSAPI server step 3
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
LDAP error: Invalid credentials: bind to LDAP server failed
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
couldn't establish connection in LDAP connection pool: permission
denied
Jan 04 15:48:42 id-management-2.internal.emerlyn.com
 named-pkcs11[3948]:
dynamic database 'ipa' configuration failed: permission denied
Jan 04 15:48:42

[Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2017-01-05 Thread Jeff Goddard

-- Forwarded message --
From: Jeff Goddard 
Date: Thu, Jan 5, 2017 at 8:57 AM
Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
server failed: {'desc': 'Invalid credentials'}
To: Martin Basti 




On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti  wrote:

>
>
> On 04.01.2017 22:21, Jeff Goddard wrote:
>
> I don't want to hijack someone else's thread but I'm having what appears
> to be the same problem and have not seen a solution presented yet.
>
> Here is the output of journalctl -xe after having tried to start named:
>
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration from '/etc/named.conf'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> reading built-in trusted keys from file '/etc/named.iscdlv.key'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv4 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv6 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv6 interfaces, port 53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface lo, 127.0.0.1#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface ens32, 10.73.100.31#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> generating session key for dynamic DNS
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> sizing zone task pool based on 6 zones
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> set up managed keys zone for view _default, file
> '/var/named/dynamic/managed-keys.bind'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
> 4.8.5 20150623 (Red Hat 4.8.5-11)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> option 'serial_autoincrement' is not supported, ignoring
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 3
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> LDAP error: Invalid credentials: bind to LDAP server failed
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> couldn't establish connection in LDAP connection pool: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> dynamic database 'ipa' configuration failed: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> exiting (due to fatal error)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service: control process exited, code=exited status=1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed
> to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
> -- Subject: Unit named-pkcs11.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit named-pkcs11.service has failed.
> --
> -- The result is failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
> named-pkcs11.service entered failed state.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
> Unregistered Authentication Agent for unix-process:3936:380486 (system bus
> name :1.59, object path /org/freedesktop/Policy
>
> Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep
> ipa-dnskeysyncdcat:
>
> [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
> base="dc=internal,dc=emerlyn,dc=com" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbpri
> ncipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias
> =ipa-dnskeysyncd/id-management-2.internal.emerlyn@internal.emerlyn.com
> )(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn@internal.emerlyn.com)))"

Re: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

Re: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

[Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

3 matches

Site Navigation

Mail list logo

Footer information