date:20130130

Re: [Freeipa-users] Error Starting IPA after crash

2013-01-30 Thread Christian Hernandez

Just to update...

I let the logs be read and now I can start IPA without a problem!

Thanks for the help! :)


Thank you,

Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com 
www.4over.com 


On Wed, Jan 30, 2013 at 4:01 PM, Rich Megginson  wrote:

>  On 01/30/2013 04:46 PM, Christian Hernandez wrote:
>
>  Rich,
>
>  Correct, running 6.3
>
> [r...@ipa1.gln.4over.com db]# ps -ef|grep slapd
> dirsrv4899 1  7 14:25 ?00:05:34 /usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-4OVER-COM -i /var/run/dirsrv/slapd-4OVER-COM.pid -w
> /var/run/dirsrv/slapd-4OVER-COM.startpid
> root 30545  3522  0 15:41 pts/100:00:00 grep slapd
>
>  The output of the ls command is HUGE with...here is a suppresed output
>
> [r...@ipa1.gln.4over.com db]# ls -al /var/lib/dirsrv/slapd-4OVER-COM/db/
> | head -25
> total 1465384
> drwxrwx--- 3 dirsrv dirsrv73728 Jan 30 15:44 .
> drwxrwx--- 6 dirsrv dirsrv 4096 Jan 14 16:52 ..
> -rw--- 1 dirsrv dirsrv24576 Jan 30 15:42 __db.001
> -rw--- 1 dirsrv dirsrv  1728512 Jan 30 15:44 __db.002
> -rw--- 1 dirsrv dirsrv 10002432 Jan 30 15:44 __db.003
> -rw--- 1 dirsrv dirsrv  1081344 Jan 30 15:44 __db.004
> -rw--- 1 dirsrv dirsrv  8126464 Jan 30 15:44 __db.005
> -rw--- 1 dirsrv dirsrv90112 Jan 30 15:44 __db.006
> -rw--- 1 dirsrv dirsrv   49 Jan 30 15:42 DBVERSION
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309284
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309285
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309286
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309287
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309288
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309289
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309290
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309291
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309292
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309293
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309294
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309295
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309296
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309297
> -rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309298
>
>
>  I increased the "timeout" in the /etc/init.d/dirsrv to about 6 to
> see if it will try and recover.
>
>
> Sounds good.  If you have that many log files, it may take a while to
> recover.
>
>
>
>  Is there hope to recover this? Or should I just re-install the server
> and make it a replica (this used to be my "master" i.e. it was the first
> IPA server installed in our 3 server setup)?
>
>
> Try the increased timeout.
>
>
>
> Thank you,
>
> Christian Hernandez
>  1225 Los Angeles Street
> Glendale, CA 91204
> Phone: 877-782-2737 ext. 4566
> Fax: 818-265-3152
> christi...@4over.com 
> www.4over.com 
>
>
> On Wed, Jan 30, 2013 at 3:36 PM, Rich Megginson wrote:
>
>>   On 01/30/2013 03:41 PM, Christian Hernandez wrote:
>>
>>   Hello,
>>
>> I had a crash due to full disks. I cleared the offending directory
>> (backups and such).
>>
>>  But I cannot start IPA. I drilled it down to the DirSrv not starting.
>>
>>  Isolating the error I tried just starting the dirsrv
>>
>>  service dirsrv start
>>
>>  But I'm seeing this in the logs
>>
>>
>> [30/Jan/2013:13:51:40 -0800] - 389-Directory/1.2.10.2 B2012.194.51
>> starting up
>> [30/Jan/2013:13:51:40 -0800] - Detected Disorderly Shutdown last time
>> Directory Server was running, recovering database.
>> [30/Jan/2013:14:06:06 -0800] - Unable to start slapd because it is
>> already running as process 1543
>> [30/Jan/2013:14:06:06 -0800] - Shutting down due to possible conflicts
>> with other slapd processes
>> [30/Jan/2013:14:08:15 -0800] - Unable to start slapd because it is
>> already running as process 1543
>> [30/Jan/2013:14:08:15 -0800] - Shutting down due to possible conflicts
>> with other slapd processes
>> [30/Jan/2013:14:14:05 -0800] - 389-Directory/1.2.10.2 B2012.194.51
>> starting up
>> [30/Jan/2013:14:14:05 -0800] - Detected Disorderly Shutdown last time
>> Directory Server was running, recovering database.
>> [30/Jan/2013:14:14:05 -0800] - libdb: unable to join the environment
>>
>>  I have a replica that is running; so the "heat" is off - but is there
>> any way to get this started?
>>
>>
>>  I'm assuming you are running on EL6.3?
>>
>> ps -ef|grep slapd
>>
>> ls -al /var/lib/dirsrv/slapd-INST/db
>>
>>
>> Thank you,
>>
>> Christian Hernandez
>>
>>
>> ___
>> Freeipa-users mailing 
>> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
___
F

Re: [Freeipa-users] Error Starting IPA after crash

2013-01-30 Thread Rich Megginson


On 01/30/2013 04:46 PM, Christian Hernandez wrote:

Rich,

Correct, running 6.3

[r...@ipa1.gln.4over.com  db]# ps 
-ef|grep slapd
dirsrv4899 1  7 14:25 ?00:05:34 /usr/sbin/ns-slapd -D 
/etc/dirsrv/slapd-4OVER-COM -i /var/run/dirsrv/slapd-4OVER-COM.pid -w 
/var/run/dirsrv/slapd-4OVER-COM.startpid

root 30545  3522  0 15:41 pts/100:00:00 grep slapd

The output of the ls command is HUGE with...here is a suppresed output

[r...@ipa1.gln.4over.com  db]# ls -al 
/var/lib/dirsrv/slapd-4OVER-COM/db/ | head -25

total 1465384
drwxrwx--- 3 dirsrv dirsrv73728 Jan 30 15:44 .
drwxrwx--- 6 dirsrv dirsrv 4096 Jan 14 16:52 ..
-rw--- 1 dirsrv dirsrv24576 Jan 30 15:42 __db.001
-rw--- 1 dirsrv dirsrv  1728512 Jan 30 15:44 __db.002
-rw--- 1 dirsrv dirsrv 10002432 Jan 30 15:44 __db.003
-rw--- 1 dirsrv dirsrv  1081344 Jan 30 15:44 __db.004
-rw--- 1 dirsrv dirsrv  8126464 Jan 30 15:44 __db.005
-rw--- 1 dirsrv dirsrv90112 Jan 30 15:44 __db.006
-rw--- 1 dirsrv dirsrv   49 Jan 30 15:42 DBVERSION
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309284
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309285
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309286
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309287
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309288
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309289
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309290
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309291
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309292
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309293
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309294
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309295
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309296
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309297
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309298


I increased the "timeout" in the /etc/init.d/dirsrv to about 6 to 
see if it will try and recover.


Sounds good.  If you have that many log files, it may take a while to 
recover.




Is there hope to recover this? Or should I just re-install the server 
and make it a replica (this used to be my "master" i.e. it was the 
first IPA server installed in our 3 server setup)?


Try the increased timeout.



Thank you,

Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com  
>
www.4over.com  >



On Wed, Jan 30, 2013 at 3:36 PM, Rich Megginson > wrote:


On 01/30/2013 03:41 PM, Christian Hernandez wrote:

Hello,

I had a crash due to full disks. I cleared the offending
directory (backups and such).

But I cannot start IPA. I drilled it down to the DirSrv not
starting.

Isolating the error I tried just starting the dirsrv

service dirsrv start

But I'm seeing this in the logs


[30/Jan/2013:13:51:40 -0800] - 389-Directory/1.2.10.2
 B2012.194.51 starting up
[30/Jan/2013:13:51:40 -0800] - Detected Disorderly Shutdown last
time Directory Server was running, recovering database.
[30/Jan/2013:14:06:06 -0800] - Unable to start slapd because it
is already running as process 1543
[30/Jan/2013:14:06:06 -0800] - Shutting down due to possible
conflicts with other slapd processes
[30/Jan/2013:14:08:15 -0800] - Unable to start slapd because it
is already running as process 1543
[30/Jan/2013:14:08:15 -0800] - Shutting down due to possible
conflicts with other slapd processes
[30/Jan/2013:14:14:05 -0800] - 389-Directory/1.2.10.2
 B2012.194.51 starting up
[30/Jan/2013:14:14:05 -0800] - Detected Disorderly Shutdown last
time Directory Server was running, recovering database.
[30/Jan/2013:14:14:05 -0800] - libdb: unable to join the environment

I have a replica that is running; so the "heat" is off - but is
there any way to get this started?


I'm assuming you are running on EL6.3?

ps -ef|grep slapd

ls -al /var/lib/dirsrv/slapd-INST/db


Thank you,

Christian Hernandez


___
Freeipa-users mailing list
Freeipa-users@redhat.com  
https://www.redhat.com/mailman/listinfo/freeipa-users





___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Error Starting IPA after crash

2013-01-30 Thread Christian Hernandez

Rich,

Correct, running 6.3

[r...@ipa1.gln.4over.com db]# ps -ef|grep slapd
dirsrv4899 1  7 14:25 ?00:05:34 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-4OVER-COM -i /var/run/dirsrv/slapd-4OVER-COM.pid -w
/var/run/dirsrv/slapd-4OVER-COM.startpid
root 30545  3522  0 15:41 pts/100:00:00 grep slapd

The output of the ls command is HUGE with...here is a suppresed output

[r...@ipa1.gln.4over.com db]# ls -al /var/lib/dirsrv/slapd-4OVER-COM/db/ |
head -25
total 1465384
drwxrwx--- 3 dirsrv dirsrv73728 Jan 30 15:44 .
drwxrwx--- 6 dirsrv dirsrv 4096 Jan 14 16:52 ..
-rw--- 1 dirsrv dirsrv24576 Jan 30 15:42 __db.001
-rw--- 1 dirsrv dirsrv  1728512 Jan 30 15:44 __db.002
-rw--- 1 dirsrv dirsrv 10002432 Jan 30 15:44 __db.003
-rw--- 1 dirsrv dirsrv  1081344 Jan 30 15:44 __db.004
-rw--- 1 dirsrv dirsrv  8126464 Jan 30 15:44 __db.005
-rw--- 1 dirsrv dirsrv90112 Jan 30 15:44 __db.006
-rw--- 1 dirsrv dirsrv   49 Jan 30 15:42 DBVERSION
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309284
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309285
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309286
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309287
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309288
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309289
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309290
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309291
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309292
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309293
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309294
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309295
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309296
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309297
-rw--- 1 dirsrv dirsrv 10485760 Jan 30 15:43 log.309298


I increased the "timeout" in the /etc/init.d/dirsrv to about 6 to see
if it will try and recover.

Is there hope to recover this? Or should I just re-install the server and
make it a replica (this used to be my "master" i.e. it was the first IPA
server installed in our 3 server setup)?

Thank you,

Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com 
www.4over.com 


On Wed, Jan 30, 2013 at 3:36 PM, Rich Megginson  wrote:

>  On 01/30/2013 03:41 PM, Christian Hernandez wrote:
>
>   Hello,
>
> I had a crash due to full disks. I cleared the offending directory
> (backups and such).
>
>  But I cannot start IPA. I drilled it down to the DirSrv not starting.
>
>  Isolating the error I tried just starting the dirsrv
>
>  service dirsrv start
>
>  But I'm seeing this in the logs
>
>
> [30/Jan/2013:13:51:40 -0800] - 389-Directory/1.2.10.2 B2012.194.51
> starting up
> [30/Jan/2013:13:51:40 -0800] - Detected Disorderly Shutdown last time
> Directory Server was running, recovering database.
> [30/Jan/2013:14:06:06 -0800] - Unable to start slapd because it is already
> running as process 1543
> [30/Jan/2013:14:06:06 -0800] - Shutting down due to possible conflicts
> with other slapd processes
> [30/Jan/2013:14:08:15 -0800] - Unable to start slapd because it is already
> running as process 1543
> [30/Jan/2013:14:08:15 -0800] - Shutting down due to possible conflicts
> with other slapd processes
> [30/Jan/2013:14:14:05 -0800] - 389-Directory/1.2.10.2 B2012.194.51
> starting up
> [30/Jan/2013:14:14:05 -0800] - Detected Disorderly Shutdown last time
> Directory Server was running, recovering database.
> [30/Jan/2013:14:14:05 -0800] - libdb: unable to join the environment
>
>  I have a replica that is running; so the "heat" is off - but is there
> any way to get this started?
>
>
> I'm assuming you are running on EL6.3?
>
> ps -ef|grep slapd
>
> ls -al /var/lib/dirsrv/slapd-INST/db
>
>
> Thank you,
>
> Christian Hernandez
>
>
> ___
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Error Starting IPA after crash

2013-01-30 Thread Rich Megginson


On 01/30/2013 03:41 PM, Christian Hernandez wrote:

Hello,

I had a crash due to full disks. I cleared the offending directory 
(backups and such).


But I cannot start IPA. I drilled it down to the DirSrv not starting.

Isolating the error I tried just starting the dirsrv

service dirsrv start

But I'm seeing this in the logs


[30/Jan/2013:13:51:40 -0800] - 389-Directory/1.2.10.2 
 B2012.194.51 starting up
[30/Jan/2013:13:51:40 -0800] - Detected Disorderly Shutdown last time 
Directory Server was running, recovering database.
[30/Jan/2013:14:06:06 -0800] - Unable to start slapd because it is 
already running as process 1543
[30/Jan/2013:14:06:06 -0800] - Shutting down due to possible conflicts 
with other slapd processes
[30/Jan/2013:14:08:15 -0800] - Unable to start slapd because it is 
already running as process 1543
[30/Jan/2013:14:08:15 -0800] - Shutting down due to possible conflicts 
with other slapd processes
[30/Jan/2013:14:14:05 -0800] - 389-Directory/1.2.10.2 
 B2012.194.51 starting up
[30/Jan/2013:14:14:05 -0800] - Detected Disorderly Shutdown last time 
Directory Server was running, recovering database.

[30/Jan/2013:14:14:05 -0800] - libdb: unable to join the environment

I have a replica that is running; so the "heat" is off - but is there 
any way to get this started?


I'm assuming you are running on EL6.3?

ps -ef|grep slapd

ls -al /var/lib/dirsrv/slapd-INST/db


Thank you,

Christian Hernandez


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Error Starting IPA after crash

2013-01-30 Thread Christian Hernandez

Hello,

I had a crash due to full disks. I cleared the offending directory (backups
and such).

But I cannot start IPA. I drilled it down to the DirSrv not starting.

Isolating the error I tried just starting the dirsrv

service dirsrv start

But I'm seeing this in the logs


[30/Jan/2013:13:51:40 -0800] - 389-Directory/1.2.10.2 B2012.194.51 starting
up
[30/Jan/2013:13:51:40 -0800] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[30/Jan/2013:14:06:06 -0800] - Unable to start slapd because it is already
running as process 1543
[30/Jan/2013:14:06:06 -0800] - Shutting down due to possible conflicts with
other slapd processes
[30/Jan/2013:14:08:15 -0800] - Unable to start slapd because it is already
running as process 1543
[30/Jan/2013:14:08:15 -0800] - Shutting down due to possible conflicts with
other slapd processes
[30/Jan/2013:14:14:05 -0800] - 389-Directory/1.2.10.2 B2012.194.51 starting
up
[30/Jan/2013:14:14:05 -0800] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[30/Jan/2013:14:14:05 -0800] - libdb: unable to join the environment

I have a replica that is running; so the "heat" is off - but is there any
way to get this started?

Thank you,

Christian Hernandez
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread Jakub Hrozek

On Wed, Jan 30, 2013 at 12:02:30PM -0500, free...@stormcloud9.net wrote:
> 
> On 2013/30/01 11:59, Dmitri Pal wrote:
> > On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
> >> On 2013/30/01 09:37, Martin Kosek wrote:
> >>> On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
>  On 2013/30/01 09:19, Martin Kosek wrote:
> > On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
> >> On 2013/30/01 03:33, Martin Kosek wrote:
> >>> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
>  On 01/29/2013 07:49 PM, Dmitri Pal wrote:
> > On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
> >> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after 
> >> using the
> >> `ipa-replica-install` script to configure the replica server, the 
> >> service
> >> will not start. Whenever I try it throws "SASL(-4): no mechanism 
> >> available"
> >> during start.
> >>
> >> Any ideas?
> >>
> >> Full output:
> >>
> >> # /etc/init.d/ipa start
> >> Starting Directory Service
> >> Starting dirsrv:
> >> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> >> PKI-IPA... [  OK  ]
> >> Failed to read data from Directory Service: Unknown error when 
> >> retrieving
> >> list of services from LDAP: {'info': 'SASL(-4): no mechanism 
> >> available: ',
> >> 'desc': 'Unknown authentication method'}
> >> Shutting down
> >> Shutting down dirsrv:
> >> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> >> PKI-IPA... [  OK  ]
> > Sounds like DS did not start under the CA. Please check the DS logs 
> > in the
> > PKI instance.
>  ns-slapd appears to be starting fine. I can even start it manually, 
>  but `ipactl
>  status` still shows the error:
>  Below is the result of me starting it manually (directly running 
>  ns-slapd):
> 
>  # ps ax|grep slapd
>  15540 ?Sl 0:00 /usr/sbin/ns-slapd -D 
>  /etc/dirsrv/slapd-PKI-IPA -i
>  /var/run/dirsrv/slapd-PKI-IPA.pid -w 
>  /var/run/dirsrv/slapd-PKI-IPA.startpid
>  15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
>  /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
>  /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
>  /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
>  # netstat -tpnl | grep slapd
>  tcp0  0 :::636  :::* 
>    
>  LISTEN  15586/ns-slapd 
>  tcp0  0 :::7389 :::* 
>    
>  LISTEN  15540/ns-slapd 
>  tcp0  0 :::7390 :::* 
>    
>  LISTEN  15540/ns-slapd 
>  tcp0  0 :::389  :::* 
>    
>  LISTEN  15586/ns-slapd 
>  # ipactl status
>  Directory Service: RUNNING
>  Unknown error when retrieving list of services from LDAP: {'info': 
>  'SASL(-4):
>  no mechanism available: ', 'desc': 'Unknown authentication method'}
> 
> >>> Hello,
> >>>
> >>> OK, it seems that ipactl could not bind to your Directory Server. 
> >>> This script
> >>> uses a "ldap_uri" configuration option value from 
> >>> /etc/ipa/default.conf to
> >>> connect to Directory Server via EXTERNAL auth.
> >>>
> >>> You can verify yourself if that bind works or not with the following 
> >>> ldapsearch
> >>> (just replace $LDAP_URI_VALUE with your setting):
> >>>
> >>> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
> >>> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
> >>>
> >>> I assume it will report the same error as ipactl. We need to verify 
> >>> that the
> >>> referred LDAP URI is indeed right and functional.
> >>>
> >>> Martin
> >> The system had no /etc/ipa/default.conf
> >> I copied the one from the master server, changed the `host=` and
> >> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
> >> status`, along with everything else, is working perfectly.
> >> Should that file have been created during the `ipa-replica-install`
> >> process? I don't see anything in the documentation about having to copy
> >> and edit it manually.
> >>
> >> Thanks
> >>
> >> -Patrick
> >>
> > Yeah, this should have been created during ipa-replica-install.
> >
> > Can you please check /var/log/ipareplica-install.log and check if
> > ipa-client-install (wh

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread freeipa


On 2013/30/01 11:59, Dmitri Pal wrote:
> On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
>> On 2013/30/01 09:37, Martin Kosek wrote:
>>> On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
 On 2013/30/01 09:19, Martin Kosek wrote:
> On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
>> On 2013/30/01 03:33, Martin Kosek wrote:
>>> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
 On 01/29/2013 07:49 PM, Dmitri Pal wrote:
> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
>> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after 
>> using the
>> `ipa-replica-install` script to configure the replica server, the 
>> service
>> will not start. Whenever I try it throws "SASL(-4): no mechanism 
>> available"
>> during start.
>>
>> Any ideas?
>>
>> Full output:
>>
>> # /etc/init.d/ipa start
>> Starting Directory Service
>> Starting dirsrv:
>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>> PKI-IPA... [  OK  ]
>> Failed to read data from Directory Service: Unknown error when 
>> retrieving
>> list of services from LDAP: {'info': 'SASL(-4): no mechanism 
>> available: ',
>> 'desc': 'Unknown authentication method'}
>> Shutting down
>> Shutting down dirsrv:
>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>> PKI-IPA... [  OK  ]
> Sounds like DS did not start under the CA. Please check the DS logs 
> in the
> PKI instance.
 ns-slapd appears to be starting fine. I can even start it manually, 
 but `ipactl
 status` still shows the error:
 Below is the result of me starting it manually (directly running 
 ns-slapd):

 # ps ax|grep slapd
 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D 
 /etc/dirsrv/slapd-PKI-IPA -i
 /var/run/dirsrv/slapd-PKI-IPA.pid -w 
 /var/run/dirsrv/slapd-PKI-IPA.startpid
 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
 /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
 /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
 /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
 # netstat -tpnl | grep slapd
 tcp0  0 :::636  :::*   
 
 LISTEN  15586/ns-slapd 
 tcp0  0 :::7389 :::*   
 
 LISTEN  15540/ns-slapd 
 tcp0  0 :::7390 :::*   
 
 LISTEN  15540/ns-slapd 
 tcp0  0 :::389  :::*   
 
 LISTEN  15586/ns-slapd 
 # ipactl status
 Directory Service: RUNNING
 Unknown error when retrieving list of services from LDAP: {'info': 
 'SASL(-4):
 no mechanism available: ', 'desc': 'Unknown authentication method'}

>>> Hello,
>>>
>>> OK, it seems that ipactl could not bind to your Directory Server. This 
>>> script
>>> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf 
>>> to
>>> connect to Directory Server via EXTERNAL auth.
>>>
>>> You can verify yourself if that bind works or not with the following 
>>> ldapsearch
>>> (just replace $LDAP_URI_VALUE with your setting):
>>>
>>> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
>>> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>>>
>>> I assume it will report the same error as ipactl. We need to verify 
>>> that the
>>> referred LDAP URI is indeed right and functional.
>>>
>>> Martin
>> The system had no /etc/ipa/default.conf
>> I copied the one from the master server, changed the `host=` and
>> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
>> status`, along with everything else, is working perfectly.
>> Should that file have been created during the `ipa-replica-install`
>> process? I don't see anything in the documentation about having to copy
>> and edit it manually.
>>
>> Thanks
>>
>> -Patrick
>>
> Yeah, this should have been created during ipa-replica-install.
>
> Can you please check /var/log/ipareplica-install.log and check if
> ipa-client-install (which is run as part of ipa-replica-install) 
> succeeded? I
> have a suspicion you hit a bug I was fixing recently.
>
> Martin
 No, the client install failed:
 2013-01-29T23:24:05Z DEBUG stderr=
 2013-01-29T23:24:05Z DEBUG Restarting the web server
 2013-01-29T2

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread Dmitri Pal

On 01/30/2013 11:43 AM, free...@stormcloud9.net wrote:
> On 2013/30/01 09:37, Martin Kosek wrote:
>> On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
>>> On 2013/30/01 09:19, Martin Kosek wrote:
 On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
> On 2013/30/01 03:33, Martin Kosek wrote:
>> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
>>> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
 On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after 
> using the
> `ipa-replica-install` script to configure the replica server, the 
> service
> will not start. Whenever I try it throws "SASL(-4): no mechanism 
> available"
> during start.
>
> Any ideas?
>
> Full output:
>
> # /etc/init.d/ipa start
> Starting Directory Service
> Starting dirsrv:
> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> PKI-IPA... [  OK  ]
> Failed to read data from Directory Service: Unknown error when 
> retrieving
> list of services from LDAP: {'info': 'SASL(-4): no mechanism 
> available: ',
> 'desc': 'Unknown authentication method'}
> Shutting down
> Shutting down dirsrv:
> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> PKI-IPA... [  OK  ]
 Sounds like DS did not start under the CA. Please check the DS logs in 
 the
 PKI instance.
>>> ns-slapd appears to be starting fine. I can even start it manually, but 
>>> `ipactl
>>> status` still shows the error:
>>> Below is the result of me starting it manually (directly running 
>>> ns-slapd):
>>>
>>> # ps ax|grep slapd
>>> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D 
>>> /etc/dirsrv/slapd-PKI-IPA -i
>>> /var/run/dirsrv/slapd-PKI-IPA.pid -w 
>>> /var/run/dirsrv/slapd-PKI-IPA.startpid
>>> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
>>> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
>>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
>>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
>>> # netstat -tpnl | grep slapd
>>> tcp0  0 :::636  :::*
>>>
>>> LISTEN  15586/ns-slapd 
>>> tcp0  0 :::7389 :::*
>>>
>>> LISTEN  15540/ns-slapd 
>>> tcp0  0 :::7390 :::*
>>>
>>> LISTEN  15540/ns-slapd 
>>> tcp0  0 :::389  :::*
>>>
>>> LISTEN  15586/ns-slapd 
>>> # ipactl status
>>> Directory Service: RUNNING
>>> Unknown error when retrieving list of services from LDAP: {'info': 
>>> 'SASL(-4):
>>> no mechanism available: ', 'desc': 'Unknown authentication method'}
>>>
>> Hello,
>>
>> OK, it seems that ipactl could not bind to your Directory Server. This 
>> script
>> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf 
>> to
>> connect to Directory Server via EXTERNAL auth.
>>
>> You can verify yourself if that bind works or not with the following 
>> ldapsearch
>> (just replace $LDAP_URI_VALUE with your setting):
>>
>> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
>> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>>
>> I assume it will report the same error as ipactl. We need to verify that 
>> the
>> referred LDAP URI is indeed right and functional.
>>
>> Martin
> The system had no /etc/ipa/default.conf
> I copied the one from the master server, changed the `host=` and
> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
> status`, along with everything else, is working perfectly.
> Should that file have been created during the `ipa-replica-install`
> process? I don't see anything in the documentation about having to copy
> and edit it manually.
>
> Thanks
>
> -Patrick
>
 Yeah, this should have been created during ipa-replica-install.

 Can you please check /var/log/ipareplica-install.log and check if
 ipa-client-install (which is run as part of ipa-replica-install) 
 succeeded? I
 have a suspicion you hit a bug I was fixing recently.

 Martin
>>> No, the client install failed:
>>> 2013-01-29T23:24:05Z DEBUG stderr=
>>> 2013-01-29T23:24:05Z DEBUG Restarting the web server
>>> 2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
>>> 2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd:  [  OK  ]
>>> Starting httpd:

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread freeipa


On 2013/30/01 09:37, Martin Kosek wrote:
> On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
>> On 2013/30/01 09:19, Martin Kosek wrote:
>>> On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
 On 2013/30/01 03:33, Martin Kosek wrote:
> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
>> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
>>> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
 Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after 
 using the
 `ipa-replica-install` script to configure the replica server, the 
 service
 will not start. Whenever I try it throws "SASL(-4): no mechanism 
 available"
 during start.

 Any ideas?

 Full output:

 # /etc/init.d/ipa start
 Starting Directory Service
 Starting dirsrv:
 CLIFF-CLOUDBURRITO-COM...  [  OK  ]
 PKI-IPA... [  OK  ]
 Failed to read data from Directory Service: Unknown error when 
 retrieving
 list of services from LDAP: {'info': 'SASL(-4): no mechanism 
 available: ',
 'desc': 'Unknown authentication method'}
 Shutting down
 Shutting down dirsrv:
 CLIFF-CLOUDBURRITO-COM...  [  OK  ]
 PKI-IPA... [  OK  ]
>>> Sounds like DS did not start under the CA. Please check the DS logs in 
>>> the
>>> PKI instance.
>> ns-slapd appears to be starting fine. I can even start it manually, but 
>> `ipactl
>> status` still shows the error:
>> Below is the result of me starting it manually (directly running 
>> ns-slapd):
>>
>> # ps ax|grep slapd
>> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D 
>> /etc/dirsrv/slapd-PKI-IPA -i
>> /var/run/dirsrv/slapd-PKI-IPA.pid -w 
>> /var/run/dirsrv/slapd-PKI-IPA.startpid
>> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
>> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
>> # netstat -tpnl | grep slapd
>> tcp0  0 :::636  :::* 
>>   
>> LISTEN  15586/ns-slapd 
>> tcp0  0 :::7389 :::* 
>>   
>> LISTEN  15540/ns-slapd 
>> tcp0  0 :::7390 :::* 
>>   
>> LISTEN  15540/ns-slapd 
>> tcp0  0 :::389  :::* 
>>   
>> LISTEN  15586/ns-slapd 
>> # ipactl status
>> Directory Service: RUNNING
>> Unknown error when retrieving list of services from LDAP: {'info': 
>> 'SASL(-4):
>> no mechanism available: ', 'desc': 'Unknown authentication method'}
>>
> Hello,
>
> OK, it seems that ipactl could not bind to your Directory Server. This 
> script
> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
> connect to Directory Server via EXTERNAL auth.
>
> You can verify yourself if that bind works or not with the following 
> ldapsearch
> (just replace $LDAP_URI_VALUE with your setting):
>
> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>
> I assume it will report the same error as ipactl. We need to verify that 
> the
> referred LDAP URI is indeed right and functional.
>
> Martin
 The system had no /etc/ipa/default.conf
 I copied the one from the master server, changed the `host=` and
 `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
 status`, along with everything else, is working perfectly.
 Should that file have been created during the `ipa-replica-install`
 process? I don't see anything in the documentation about having to copy
 and edit it manually.

 Thanks

 -Patrick

>>> Yeah, this should have been created during ipa-replica-install.
>>>
>>> Can you please check /var/log/ipareplica-install.log and check if
>>> ipa-client-install (which is run as part of ipa-replica-install) succeeded? 
>>> I
>>> have a suspicion you hit a bug I was fixing recently.
>>>
>>> Martin
>> No, the client install failed:
>> 2013-01-29T23:24:05Z DEBUG stderr=
>> 2013-01-29T23:24:05Z DEBUG Restarting the web server
>> 2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
>> 2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd:  [  OK  ]
>> Starting httpd:[  OK  ]
>>
>> 2013-01-29T23:24:06Z DEBUG stderr=
>> 2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
>> --unattended --domain cl

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread freeipa


On 2013/30/01 09:19, Martin Kosek wrote:
> On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
>> On 2013/30/01 03:33, Martin Kosek wrote:
>>> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
 On 01/29/2013 07:49 PM, Dmitri Pal wrote:
> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
>> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using 
>> the
>> `ipa-replica-install` script to configure the replica server, the service
>> will not start. Whenever I try it throws "SASL(-4): no mechanism 
>> available"
>> during start.
>>
>> Any ideas?
>>
>> Full output:
>>
>> # /etc/init.d/ipa start
>> Starting Directory Service
>> Starting dirsrv:
>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>> PKI-IPA... [  OK  ]
>> Failed to read data from Directory Service: Unknown error when retrieving
>> list of services from LDAP: {'info': 'SASL(-4): no mechanism available: 
>> ',
>> 'desc': 'Unknown authentication method'}
>> Shutting down
>> Shutting down dirsrv:
>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>> PKI-IPA... [  OK  ]
> Sounds like DS did not start under the CA. Please check the DS logs in the
> PKI instance.
 ns-slapd appears to be starting fine. I can even start it manually, but 
 `ipactl
 status` still shows the error:
 Below is the result of me starting it manually (directly running ns-slapd):

 # ps ax|grep slapd
 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA 
 -i
 /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
 /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
 /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
 /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
 # netstat -tpnl | grep slapd
 tcp0  0 :::636  :::*   
 LISTEN  15586/ns-slapd 
 tcp0  0 :::7389 :::*   
 LISTEN  15540/ns-slapd 
 tcp0  0 :::7390 :::*   
 LISTEN  15540/ns-slapd 
 tcp0  0 :::389  :::*   
 LISTEN  15586/ns-slapd 
 # ipactl status
 Directory Service: RUNNING
 Unknown error when retrieving list of services from LDAP: {'info': 
 'SASL(-4):
 no mechanism available: ', 'desc': 'Unknown authentication method'}

>>> Hello,
>>>
>>> OK, it seems that ipactl could not bind to your Directory Server. This 
>>> script
>>> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
>>> connect to Directory Server via EXTERNAL auth.
>>>
>>> You can verify yourself if that bind works or not with the following 
>>> ldapsearch
>>> (just replace $LDAP_URI_VALUE with your setting):
>>>
>>> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
>>> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>>>
>>> I assume it will report the same error as ipactl. We need to verify that the
>>> referred LDAP URI is indeed right and functional.
>>>
>>> Martin
>> The system had no /etc/ipa/default.conf
>> I copied the one from the master server, changed the `host=` and
>> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
>> status`, along with everything else, is working perfectly.
>> Should that file have been created during the `ipa-replica-install`
>> process? I don't see anything in the documentation about having to copy
>> and edit it manually.
>>
>> Thanks
>>
>> -Patrick
>>
> Yeah, this should have been created during ipa-replica-install.
>
> Can you please check /var/log/ipareplica-install.log and check if
> ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
> have a suspicion you hit a bug I was fixing recently.
>
> Martin
No, the client install failed:
2013-01-29T23:24:05Z DEBUG stderr=
2013-01-29T23:24:05Z DEBUG Restarting the web server
2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd:  [  OK  ]
Starting httpd:[  OK  ]

2013-01-29T23:24:06Z DEBUG stderr=
2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain cliff.cloudburrito.com --server
i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
CLIFF.CLOUDBURRITO.COM
2013-01-29T23:24:20Z DEBUG stdout=Discovery was successful!
Hostname: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
Realm: CLIFF.CLOUDBURRITO.COM
DNS Domain: cliff.cloudburrito.com
IPA Server: i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com
BaseDN: dc=cliff,dc=cloudburrito,dc=co

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread Martin Kosek

On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
> 
> On 2013/30/01 09:19, Martin Kosek wrote:
>> On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
>>> On 2013/30/01 03:33, Martin Kosek wrote:
 On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
>> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
>>> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after 
>>> using the
>>> `ipa-replica-install` script to configure the replica server, the 
>>> service
>>> will not start. Whenever I try it throws "SASL(-4): no mechanism 
>>> available"
>>> during start.
>>>
>>> Any ideas?
>>>
>>> Full output:
>>>
>>> # /etc/init.d/ipa start
>>> Starting Directory Service
>>> Starting dirsrv:
>>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>>> PKI-IPA... [  OK  ]
>>> Failed to read data from Directory Service: Unknown error when 
>>> retrieving
>>> list of services from LDAP: {'info': 'SASL(-4): no mechanism available: 
>>> ',
>>> 'desc': 'Unknown authentication method'}
>>> Shutting down
>>> Shutting down dirsrv:
>>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>>> PKI-IPA... [  OK  ]
>> Sounds like DS did not start under the CA. Please check the DS logs in 
>> the
>> PKI instance.
> ns-slapd appears to be starting fine. I can even start it manually, but 
> `ipactl
> status` still shows the error:
> Below is the result of me starting it manually (directly running 
> ns-slapd):
>
> # ps ax|grep slapd
> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D 
> /etc/dirsrv/slapd-PKI-IPA -i
> /var/run/dirsrv/slapd-PKI-IPA.pid -w 
> /var/run/dirsrv/slapd-PKI-IPA.startpid
> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
> # netstat -tpnl | grep slapd
> tcp0  0 :::636  :::*  
>  
> LISTEN  15586/ns-slapd 
> tcp0  0 :::7389 :::*  
>  
> LISTEN  15540/ns-slapd 
> tcp0  0 :::7390 :::*  
>  
> LISTEN  15540/ns-slapd 
> tcp0  0 :::389  :::*  
>  
> LISTEN  15586/ns-slapd 
> # ipactl status
> Directory Service: RUNNING
> Unknown error when retrieving list of services from LDAP: {'info': 
> 'SASL(-4):
> no mechanism available: ', 'desc': 'Unknown authentication method'}
>
 Hello,

 OK, it seems that ipactl could not bind to your Directory Server. This 
 script
 uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
 connect to Directory Server via EXTERNAL auth.

 You can verify yourself if that bind works or not with the following 
 ldapsearch
 (just replace $LDAP_URI_VALUE with your setting):

 # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
 "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"

 I assume it will report the same error as ipactl. We need to verify that 
 the
 referred LDAP URI is indeed right and functional.

 Martin
>>> The system had no /etc/ipa/default.conf
>>> I copied the one from the master server, changed the `host=` and
>>> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
>>> status`, along with everything else, is working perfectly.
>>> Should that file have been created during the `ipa-replica-install`
>>> process? I don't see anything in the documentation about having to copy
>>> and edit it manually.
>>>
>>> Thanks
>>>
>>> -Patrick
>>>
>> Yeah, this should have been created during ipa-replica-install.
>>
>> Can you please check /var/log/ipareplica-install.log and check if
>> ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
>> have a suspicion you hit a bug I was fixing recently.
>>
>> Martin
> No, the client install failed:
> 2013-01-29T23:24:05Z DEBUG stderr=
> 2013-01-29T23:24:05Z DEBUG Restarting the web server
> 2013-01-29T23:24:06Z DEBUG args=/sbin/service httpd restart
> 2013-01-29T23:24:06Z DEBUG stdout=Stopping httpd:  [  OK  ]
> Starting httpd:[  OK  ]
> 
> 2013-01-29T23:24:06Z DEBUG stderr=
> 2013-01-29T23:24:20Z DEBUG args=/usr/sbin/ipa-client-install --on-master
> --unattended --domain cliff.cloudburrito.com --server
> i-d26b7f8b.ipa-server.us-west-1.cliff.cloudburrito.com --realm
> CLIFF.CLOUDBURRITO.COM
> 2013-01-29T23:24:20Z DEBUG stdout=Discov

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread Martin Kosek

On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
> On 2013/30/01 03:33, Martin Kosek wrote:
>> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
>>> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
 On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using 
> the
> `ipa-replica-install` script to configure the replica server, the service
> will not start. Whenever I try it throws "SASL(-4): no mechanism 
> available"
> during start.
>
> Any ideas?
>
> Full output:
>
> # /etc/init.d/ipa start
> Starting Directory Service
> Starting dirsrv:
> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> PKI-IPA... [  OK  ]
> Failed to read data from Directory Service: Unknown error when retrieving
> list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
> 'desc': 'Unknown authentication method'}
> Shutting down
> Shutting down dirsrv:
> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
> PKI-IPA... [  OK  ]
 Sounds like DS did not start under the CA. Please check the DS logs in the
 PKI instance.
>>> ns-slapd appears to be starting fine. I can even start it manually, but 
>>> `ipactl
>>> status` still shows the error:
>>> Below is the result of me starting it manually (directly running ns-slapd):
>>>
>>> # ps ax|grep slapd
>>> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA 
>>> -i
>>> /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
>>> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
>>> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
>>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
>>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
>>> # netstat -tpnl | grep slapd
>>> tcp0  0 :::636  :::*   
>>> LISTEN  15586/ns-slapd 
>>> tcp0  0 :::7389 :::*   
>>> LISTEN  15540/ns-slapd 
>>> tcp0  0 :::7390 :::*   
>>> LISTEN  15540/ns-slapd 
>>> tcp0  0 :::389  :::*   
>>> LISTEN  15586/ns-slapd 
>>> # ipactl status
>>> Directory Service: RUNNING
>>> Unknown error when retrieving list of services from LDAP: {'info': 
>>> 'SASL(-4):
>>> no mechanism available: ', 'desc': 'Unknown authentication method'}
>>>
>>
>> Hello,
>>
>> OK, it seems that ipactl could not bind to your Directory Server. This script
>> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
>> connect to Directory Server via EXTERNAL auth.
>>
>> You can verify yourself if that bind works or not with the following 
>> ldapsearch
>> (just replace $LDAP_URI_VALUE with your setting):
>>
>> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
>> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>>
>> I assume it will report the same error as ipactl. We need to verify that the
>> referred LDAP URI is indeed right and functional.
>>
>> Martin
> 
> The system had no /etc/ipa/default.conf
> I copied the one from the master server, changed the `host=` and
> `xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
> status`, along with everything else, is working perfectly.
> Should that file have been created during the `ipa-replica-install`
> process? I don't see anything in the documentation about having to copy
> and edit it manually.
> 
> Thanks
> 
> -Patrick
> 

Yeah, this should have been created during ipa-replica-install.

Can you please check /var/log/ipareplica-install.log and check if
ipa-client-install (which is run as part of ipa-replica-install) succeeded? I
have a suspicion you hit a bug I was fixing recently.

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread freeipa


On 2013/30/01 03:33, Martin Kosek wrote:
> On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
>> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
>>> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
 Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using 
 the
 `ipa-replica-install` script to configure the replica server, the service
 will not start. Whenever I try it throws "SASL(-4): no mechanism available"
 during start.

 Any ideas?

 Full output:

 # /etc/init.d/ipa start
 Starting Directory Service
 Starting dirsrv:
 CLIFF-CLOUDBURRITO-COM...  [  OK  ]
 PKI-IPA... [  OK  ]
 Failed to read data from Directory Service: Unknown error when retrieving
 list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
 'desc': 'Unknown authentication method'}
 Shutting down
 Shutting down dirsrv:
 CLIFF-CLOUDBURRITO-COM...  [  OK  ]
 PKI-IPA... [  OK  ]
>>> Sounds like DS did not start under the CA. Please check the DS logs in the
>>> PKI instance.
>> ns-slapd appears to be starting fine. I can even start it manually, but 
>> `ipactl
>> status` still shows the error:
>> Below is the result of me starting it manually (directly running ns-slapd):
>>
>> # ps ax|grep slapd
>> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i
>> /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
>> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
>> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
>> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
>> # netstat -tpnl | grep slapd
>> tcp0  0 :::636  :::*   
>> LISTEN  15586/ns-slapd 
>> tcp0  0 :::7389 :::*   
>> LISTEN  15540/ns-slapd 
>> tcp0  0 :::7390 :::*   
>> LISTEN  15540/ns-slapd 
>> tcp0  0 :::389  :::*   
>> LISTEN  15586/ns-slapd 
>> # ipactl status
>> Directory Service: RUNNING
>> Unknown error when retrieving list of services from LDAP: {'info': 'SASL(-4):
>> no mechanism available: ', 'desc': 'Unknown authentication method'}
>>
>
> Hello,
>
> OK, it seems that ipactl could not bind to your Directory Server. This script
> uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
> connect to Directory Server via EXTERNAL auth.
>
> You can verify yourself if that bind works or not with the following 
> ldapsearch
> (just replace $LDAP_URI_VALUE with your setting):
>
> # ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
> "cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"
>
> I assume it will report the same error as ipactl. We need to verify that the
> referred LDAP URI is indeed right and functional.
>
> Martin

The system had no /etc/ipa/default.conf
I copied the one from the master server, changed the `host=` and
`xmlrpc_uri=` parameters to reflect the replica server, and now `ipactl
status`, along with everything else, is working perfectly.
Should that file have been created during the `ipa-replica-install`
process? I don't see anything in the documentation about having to copy
and edit it manually.

Thanks

-Patrick

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to start replica server after setting up replication

2013-01-30 Thread Martin Kosek

On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
> On 01/29/2013 07:49 PM, Dmitri Pal wrote:
>> On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
>>> Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using the
>>> `ipa-replica-install` script to configure the replica server, the service
>>> will not start. Whenever I try it throws "SASL(-4): no mechanism available"
>>> during start.
>>>
>>> Any ideas?
>>>
>>> Full output:
>>>
>>> # /etc/init.d/ipa start
>>> Starting Directory Service
>>> Starting dirsrv:
>>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>>> PKI-IPA... [  OK  ]
>>> Failed to read data from Directory Service: Unknown error when retrieving
>>> list of services from LDAP: {'info': 'SASL(-4): no mechanism available: ',
>>> 'desc': 'Unknown authentication method'}
>>> Shutting down
>>> Shutting down dirsrv:
>>> CLIFF-CLOUDBURRITO-COM...  [  OK  ]
>>> PKI-IPA... [  OK  ]
>>
>> Sounds like DS did not start under the CA. Please check the DS logs in the
>> PKI instance.
> 
> ns-slapd appears to be starting fine. I can even start it manually, but 
> `ipactl
> status` still shows the error:
> Below is the result of me starting it manually (directly running ns-slapd):
> 
> # ps ax|grep slapd
> 15540 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i
> /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid
> 15586 ?Sl 0:00 /usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM -i
> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.pid -w
> /var/run/dirsrv/slapd-CLIFF-CLOUDBURRITO-COM.startpid
> # netstat -tpnl | grep slapd
> tcp0  0 :::636  :::*   
> LISTEN  15586/ns-slapd 
> tcp0  0 :::7389 :::*   
> LISTEN  15540/ns-slapd 
> tcp0  0 :::7390 :::*   
> LISTEN  15540/ns-slapd 
> tcp0  0 :::389  :::*   
> LISTEN  15586/ns-slapd 
> # ipactl status
> Directory Service: RUNNING
> Unknown error when retrieving list of services from LDAP: {'info': 'SASL(-4):
> no mechanism available: ', 'desc': 'Unknown authentication method'}
> 


Hello,

OK, it seems that ipactl could not bind to your Directory Server. This script
uses a "ldap_uri" configuration option value from /etc/ipa/default.conf to
connect to Directory Server via EXTERNAL auth.

You can verify yourself if that bind works or not with the following ldapsearch
(just replace $LDAP_URI_VALUE with your setting):

# ldapsearch -Y EXTERNAL -H $LDAP_URI_VALUE -b
"cn=masters,cn=ipa,cn=etc,dc=cliff,dc=cloudburrito,dc=com"

I assume it will report the same error as ipactl. We need to verify that the
referred LDAP URI is indeed right and functional.

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Error Starting IPA after crash

Re: [Freeipa-users] Error Starting IPA after crash

Re: [Freeipa-users] Error Starting IPA after crash

Re: [Freeipa-users] Error Starting IPA after crash

[Freeipa-users] Error Starting IPA after crash

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

Re: [Freeipa-users] Unable to start replica server after setting up replication

14 matches

Site Navigation

Mail list logo

Footer information