Great!
additional comments inline
Martin
On 07/04/15 13:56, Sanju A wrote:
Dear Martin,
Thanks for your help and the replication issue got resolved after
syncing the time. But I am not able to login to the replica server web
ui. Keep on getting "Your session has expired. Please re-login.".
Please find the logs.
Does CLI command works on the server?
What do you use, form based authentication or kerberos to login to webUI?
Did you try to clean browser cache (or kdestroy)?
You can find something useful in this thread,
https://www.redhat.com/archives/freeipa-users/2015-April/msg00047.html
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time
skew (-20287 secs). Current seqnum=1
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20288 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20289 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20290 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20291 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20292 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20293 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20294 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20295 secs). Current seqnum=1
[07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20296 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20297 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20298 secs). Current seqnum=1
[07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20299 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20300 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20301 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20302 secs). Current seqnum=1
[07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time
skew (-20303 secs). Current seqnum=1
From which log is this?
Regards
Sanju Abraham
Linux Admin
From: Martin Basti <mba...@redhat.com>
To: Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
Date: 07-04-2015 16:53
Subject: Re: [Freeipa-users] Replication failed
------------------------------------------------------------------------
On 07/04/15 13:13, Sanju A wrote:
Dear All,
Replication was working fine for the last 1 month and recently the
replica server (ipa2) is having some hardware issue and it was down
for a week.
Replication is not working once the machine is up. Please help.
[root@ipa etc]# service dirsrv status
dirsrv PKI-IPA (pid 29954) is running...
dirsrv DOMAIN-COM (pid 30023) is running...
[root@ipa2 ~]# service dirsrv status
dirsrv DOMAIN-COM (pid 1892) is running...
[root@ipa2 ~]#
[root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
[07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c, line 235]: Missing entry to modify.
[07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file
ipa_range_check.c, line 235]: Missing entry to modify.
[07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
^C
[root@ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors
[07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
[07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind -
Error: could not perform interactive bind for id [] mech [GSSAPI]:
LDAP error 49 (Invalid credentials) (SASL(-13): authentication
failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success)
[07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid
credentials)
Regards
Sanju Abraham
Linux Admin
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Hello,
do you have synchronized time on both servers?
Martin
--
Martin Basti
--
Martin Basti
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
