Please keep relies on the list. barry...@gmail.com wrote: > I saw the error beloe and errpr log is it related ? > > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (Credentials cache > file '/tmp/krb5cc_492' not found)) errno 0 (Success) > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not perform > interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
I believe this is fairly normal on a new startup. It has to start somewhere. The expired ticket errors below are unexpected since there are so many of them. Is your KDC running? ipactl status rob > > > 2014-07-02 14:15 GMT+08:00 <barry...@gmail.com <mailto:barry...@gmail.com>>: > > > this is the error log i found at 2.abc.com <http://2.abc.com> > > [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:31 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could not > perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) > [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin - > agmt="cn=meTo1.abc.com <http://meTo1.abc.com>" (central:389): > Replication bind with GSSAPI auth failed: LDAP error -2 (Local > error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS > failure. Minor code may provide more information (Ticket expired)) > [30/Jun/2014:12:51:34 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:35 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could not > perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) > [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:40 +0800] slapd_ldap_sasl_interactive_bind - > Error: could not perform interactive bind for id [] mech [GSSAPI]: > LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Ticket expired)) errno 0 (Success) > [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could not > perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) > > > 2014-07-02 12:32 GMT+08:00 <barry...@gmail.com > <mailto:barry...@gmail.com>>: > > yes on node 1 it is happening only node2 fail connect > > ipa-replica-manage list 2.abc.com <http://2.abc.com> > Directory Manager password: > > 1.abc.com <http://1.abc.com>: replica > > > > 2014-06-30 20:59 GMT+08:00 Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>>: > > Barry wrote: > > Hi: > > > > Server 1 and Sever 2 is cluster master master orginally , > but server 2 > > fail to connect server1 ,. > > > > ipa-replica-manage list shown Can't contact LDAP server > > > > But as server1 it is ok master server1 master server2 , > > > > It seem affect if update on server 1 then it syn to > server2 no problem > > but sometimes if modfy in server2 if fail to update server1. > > > > Any idea to rebuild mutual relationship.? > > The first step is to diagnose what is wrong. I've already > suggested a > few things, > > https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html > > rob > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project