dan.finkelst...@high5games.com wrote:
Our FreeIPA master was working fine for about a day and then, apropos of
nothing, the LDAP component started to crash with nary an error message.
Obviously, with it down we can log into the WebUI nor can we query the
status of the components or retrieve data.
In /var/log/dirsrv/slapd-EXAMPLE-COM/errors we see:
[15/Jun/2016:18:50:28 -0400] NSMMReplicationPlugin -
agmt="cn=meToipa-replica.example.com" (ipa-replica:389): Replication
bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
(SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context)
[15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 2 (No such file or directory)
[15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[15/Jun/2016:18:50:28 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[15/Jun/2016:18:50:28 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[15/Jun/2016:18:50:30 -0400] schema-compat-plugin - warning: no entries
set up under cn=computers, cn=compat,dc=h5c,dc=local
[15/Jun/2016:18:50:30 -0400] schema-compat-plugin - Finished plugin
initialization.
[15/Jun/2016:18:50:34 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context) errno 0 (Success)
[15/Jun/2016:18:50:34 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error 49
(Invalid credentials)
It appears not to have been replicating for at least a day with our 4
other replicas, none of which have the data we'd entered into this master.
Is there a way we can bring ldap back to life?
What makes you think it is crashed other than these messages?
What does `ipactl status` show?
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
