Re: [Freeipa-users] SASL(-13) authentication failure

Sat, 07 Feb 2015 07:11:27 -0800 

On 02/07/2015 02:22 AM, Bryan Pearson wrote:
Okay, sorry for the messages. The original issue has been resolved, one of the servers time was off. 


I am now having a problem similar to this: 
https://bugzilla.redhat.com/show_bug.cgi?id=953653. My logs indicate 
all the same issues.
With IPA 3.0.0 and Centos 6.6 is this still a viable solution to the 
problem?

Please start a new thread for a different question.

It seems that we were not able to reproduce it so it might be that the 
issue still there.

One of the problems can be the mismatch of the buffer sizes. See the bug.



Bryan


On Sat, Feb 7, 2015 at 12:17 AM, Bryan Pearson <[email protected] 
<mailto:[email protected]>> wrote:


    I did a bit more digging into the issue, and realized that the
    ruv-id of ipa2 is different on only one of the servers of the 3. I
    am imaging I will need to run clean-ruv on inconsistent node.

    Bryan

    On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson
    <[email protected] <mailto:[email protected]>> wrote:

        Hello,

        My IPA servers are currently saying:

        "Failed to get data from 'hostname.lan': Invalid credentials
        SASL(-13): authentication failure: GSSAPI Failure:
        gss_accept_sec_context"

        tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors

        [06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind
        - Error: could not perform interactive bind for id [] mech
        [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13):
        authentication failure: GSSAPI Failure:
        gss_accept_sec_context) errno 0 (Success)
        [06/Feb/2015:21:42:41 -0500] slapi_ldap_bind - Error: could
        not perform interactive bind for id [] mech [GSSAPI]: error 49
        (Invalid credentials)

        We have 3 master replicas in operation. ipa2, ipa3, ipa4 and
        ipa1 we are decommissioning. After losing the CA on 2 nodes,
        we promoted ipa3 to master, and created a replica file, scped
        it to ipa4, installed it, and on ipa4 created ipa2. Because of
        design, 3 and 2 cant communicate with each other.

        I just stopped dirsrv and pki-ca on ipa1, so its possible it
        is creating issues.

        I cant determine where the credentials or how to get them
        changed as all the nodes are now having similar issues
        replicating.

        Bryan








--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project





















					Reply via email to