FYI.. 160: [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from 192.168.156.89 to 192.168.156.89 163: [04/Jul/2014:12:35:30 +0800] conn=936207 op=-1 fd=73 closed - B1
There is not abt binding but i unsure how to fix .. 2014-07-09 2:01 GMT+08:00 Rich Megginson <rmegg...@redhat.com>: > On 07/08/2014 02:16 AM, barry...@gmail.com wrote: > > Resent as size limit. > > > Here u are server1 's access log seem one side broken > > the problem is how to make it replicate again. > > At server 1 > > it is ok master server1 master server2 > > > Another side server 2 contains 2 ip replication. > > ipa-replica-manage list shown Can't contact LDAP server > > I dont know why but the prolematic server is sever 2 not server 1 > > log of server2 > [08/Jul/2014:16:02:40 +0800] conn=3299731 fd=69 slot=69 connection from > 192.168.15.89 (server1) to 192.168.15.88(server2) > [08/Jul/2014:16:02:40 +0800] conn=3299731 op=-1 fd=69 closed - B1 > [08/Jul/2014:16:02:40 +0800] conn=3299732 fd=69 slot=69 connection from > 192.168.15.89 to 192.168.15.88 > [08/Jul/2014:16:02:40 +0800] conn=3299732 op=-1 fd=69 closed - B1 > [08/Jul/2014:16:02:41 +0800] conn=3299733 fd=69 slot=69 connection from > 192.168.15.89 to 192.168.15.88 > [08/Jul/2014:16:02:41 +0800] conn=3299733 op=-1 fd=69 closed - B1 > > > You never answered my question below. "Are you sure that this connection > is a replication session? Can you post all of the operations from the > access log from conn=936207?" > > In the future, please avoid spamming the list with large log files. In > general, it's better to provide excerpts from the log files showing the > problem, paste them to fpaste.org, and post the link to the mailing > list. If for some reason you need to post a large file, please use a file > sharing service and post the link to the file. > > Can you take a look at your errors log from server 1 and server 2 and see > if there are any relevant errors? > > If I had to guess, I would say that there is some sort of network error > between server 1 and server 2 that causes the excessive closed - B1. > Perhaps there will be more information in the errors log. > > > > > > 2014-07-07 22:21 GMT+08:00 Rich Megginson <rmegg...@redhat.com>: > >> On 07/04/2014 03:28 AM, barry...@gmail.com wrote: >> >> FOUND something strange that server 1 replicate to itself rather than >> server2 >> >> Server1 access log > Wrong >> [04/Jul/2014:12:35:30 +0800] conn=936207 fd=73 slot=73 connection from >> 192.168.15.89( server1 ) to 192.168.15.89 (server1) >> >> >> Are you sure that this connection is a replication session? Can you >> post all of the operations from the access log from conn=936207? >> >> >> >> >> Server 2 access log > OK >> [04/Jul/2014:12:35:30 +0800] conn=936208 fd=74 slot=74 connection from >> 192.168.15.89(server2) to 192.168.15.88 (server2) >> >> >> 2014-07-04 9:25 GMT+08:00 <barry...@gmail.com>: >> >>> Just sure now one side flow is broken, if u update server1 , it 100% >>> work server2 will upgrade. >>> but if u update server2 there is chance non-syn e.g it create username >>> in server1 with posfix grp >ok >>> but in server2 it only created posfix grp but no username /attribute it >>> occur serveral times. I have to use command line grp del ...etc. to force >>> del them and recreate them.,. >>> >>> Result below: >>> >>> server2.abc.com: replica >>> last init status: None >>> last init ended: None >>> last update status: 0 Replica acquired successfully: Incremental >>> update succeeded >>> last update ended: 2014-07-04 00:33:18+00:00 >>> >>> Directory Manager password: >>> >>> server1.abc.com: replica >>> last init status: 0 Total update succeeded >>> last init ended: 2014-06-20 10:07:02+00:00 >>> last update status: 0 Replica acquired successfully: Incremental >>> update succeeded >>> last update ended: 2014-07-04 01:14:19+00:00 >>> >>> >>> >>> [root@(LIVE)server2 ~]$ ipactl status >>> Directory Service: RUNNING >>> KDC Service: RUNNING >>> KPASSWD Service: RUNNING >>> MEMCACHE Service: RUNNING >>> HTTP Service: RUNNING >>> >>> >>> 2014-07-04 1:34 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>: >>> >>> barry...@gmail.com wrote: >>>> > Yes they are running. Server 1 can syn to server2 but error at server >>>> 2 >>>> > like this. >>>> >>>> How do you know server 1 is syncing with server 2? >>>> >>>> On server 1 I'd run: >>>> >>>> ipa-replica-manage list -v `hostname` >>>> >>>> This will show the replication status. >>>> >>>> And what does ipactl status show on server 2? >>>> >>>> rob >>>> >>>> > >>>> > 2014/7/3 下午10:14 於 "Rob Crittenden" <rcrit...@redhat.com >>>> > <mailto:rcrit...@redhat.com>> 寫道: >>>> > >>>> > Please keep relies on the list. >>>> > >>>> > barry...@gmail.com <mailto:barry...@gmail.com> wrote: >>>> > > I saw the error beloe and errpr log is it related ? >>>> > > >>>> > > 29/Jun/2014:02:00:58 +0800] slapd_ldap_sasl_interactive_bind - >>>> Error: >>>> > > could not perform interactive bind for id [] mech [GSSAPI]: >>>> LDAP error >>>> > > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: >>>> Unspecified >>>> > > GSS failure. Minor code may provide more information >>>> (Credentials >>>> > cache >>>> > > file '/tmp/krb5cc_492' not found)) errno 0 (Success) >>>> > > [29/Jun/2014:02:00:58 +0800] slapi_ldap_bind - Error: could not >>>> > perform >>>> > > interactive bind for id [] mech [GSSAPI]: error -2 (Local error) >>>> > >>>> > I believe this is fairly normal on a new startup. It has to start >>>> > somewhere. The expired ticket errors below are unexpected since >>>> there >>>> > are so many of them. Is your KDC running? >>>> > >>>> > ipactl status >>>> > >>>> > rob >>>> > >>>> > > >>>> > > >>>> > > 2014-07-02 14:15 GMT+08:00 <barry...@gmail.com >>>> > <mailto:barry...@gmail.com> <mailto:barry...@gmail.com >>>> > <mailto:barry...@gmail.com>>>: >>>> > > >>>> > > >>>> > > this is the error log i found at 2.abc.com < >>>> http://2.abc.com> >>>> > <http://2.abc.com> >>>> > > >>>> > > [30/Jun/2014:12:51:31 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:31 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:31 +0800] slapi_ldap_bind - Error: could >>>> not >>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2 >>>> > (Local error) >>>> > > [30/Jun/2014:12:51:31 +0800] NSMMReplicationPlugin - >>>> > > agmt="cn=meTo1.abc.com <http://meTo1.abc.com> >>>> > <http://meTo1.abc.com>" (central:389): >>>> > > Replication bind with GSSAPI auth failed: LDAP error -2 >>>> (Local >>>> > > error) (SASL(-1): generic failure: GSSAPI Error: >>>> Unspecified GSS >>>> > > failure. Minor code may provide more information (Ticket >>>> > expired)) >>>> > > [30/Jun/2014:12:51:34 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:35 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:35 +0800] slapi_ldap_bind - Error: could >>>> not >>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2 >>>> > (Local error) >>>> > > [30/Jun/2014:12:51:40 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:40 +0800] >>>> slapd_ldap_sasl_interactive_bind - >>>> > > Error: could not perform interactive bind for id [] mech >>>> [GSSAPI]: >>>> > > LDAP error -2 (Local error) (SASL(-1): generic failure: >>>> GSSAPI >>>> > > Error: Unspecified GSS failure. Minor code may provide more >>>> > > information (Ticket expired)) errno 0 (Success) >>>> > > [30/Jun/2014:12:51:40 +0800] slapi_ldap_bind - Error: could >>>> not >>>> > > perform interactive bind for id [] mech [GSSAPI]: error -2 >>>> > (Local error) >>>> > > >>>> > > >>>> > > 2014-07-02 12:32 GMT+08:00 <barry...@gmail.com >>>> > <mailto:barry...@gmail.com> >>>> > > <mailto:barry...@gmail.com <mailto:barry...@gmail.com>>>: >>>> > > >>>> > > yes on node 1 it is happening only node2 fail connect >>>> > > >>>> > > ipa-replica-manage list 2.abc.com <http://2.abc.com> >>>> > <http://2.abc.com> >>>> > > Directory Manager password: >>>> > > >>>> > > 1.abc.com <http://1.abc.com> <http://1.abc.com>: >>>> replica >>>> > > >>>> > > >>>> > > >>>> > > 2014-06-30 20:59 GMT+08:00 Rob Crittenden >>>> > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> >>>> > > <mailto:rcrit...@redhat.com <mailto: >>>> rcrit...@redhat.com>>>: >>>> > > >>>> > > Barry wrote: >>>> > > > Hi: >>>> > > > >>>> > > > Server 1 and Sever 2 is cluster master master >>>> > orginally , >>>> > > but server 2 >>>> > > > fail to connect server1 ,. >>>> > > > >>>> > > > ipa-replica-manage list shown Can't contact LDAP >>>> server >>>> > > > >>>> > > > But as server1 it is ok master server1 master >>>> server2 , >>>> > > > >>>> > > > It seem affect if update on server 1 then it syn >>>> to >>>> > > server2 no problem >>>> > > > but sometimes if modfy in server2 if fail to >>>> update >>>> > server1. >>>> > > > >>>> > > > Any idea to rebuild mutual relationship.? >>>> > > >>>> > > The first step is to diagnose what is wrong. I've >>>> already >>>> > > suggested a >>>> > > few things, >>>> > > >>>> > >>>> https://www.redhat.com/archives/freeipa-users/2014-June/msg00105.html >>>> > > >>>> > > rob >>>> > > >>>> > > -- >>>> > > Manage your subscription for the Freeipa-users >>>> mailing >>>> > list: >>>> > > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> > > Go To http://freeipa.org for more info on the >>>> project >>>> > > >>>> > > >>>> > > >>>> > > >>>> > >>>> >>>> >>> >> >> >> >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project