[Freeipa-users] Replication failed
Dear All, Replication was working fine for the last 1 month and recently the replica server (ipa2) is having some hardware issue and it was down for a week. Replication is not working once the machine is up. Please help. [root@ipa etc]# service dirsrv status dirsrv PKI-IPA (pid 29954) is running... dirsrv DOMAIN-COM (pid 30023) is running... [root@ipa2 ~]# service dirsrv status dirsrv DOMAIN-COM (pid 1892) is running... [root@ipa2 ~]# [root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) ^C [root@ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) Regards Sanju Abraham Linux Admin =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this
Re: [Freeipa-users] Replication failed
On 07/04/15 13:13, Sanju A wrote: Dear All, Replication was working fine for the last 1 month and recently the replica server (ipa2) is having some hardware issue and it was down for a week. Replication is not working once the machine is up. Please help. [root@ipa etc]# service dirsrv status dirsrv PKI-IPA (pid 29954) is running... dirsrv DOMAIN-COM (pid 30023) is running... [root@ipa2 ~]# service dirsrv status dirsrv DOMAIN-COM (pid 1892) is running... [root@ipa2 ~]# [root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:40:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) ^C [root@ipa2 ~]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:21:58:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:58:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:01 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:01 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:21:59:25 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:21:59:25 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:00:13 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:00:13 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:22:01:49 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:22:01:49 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) Regards Sanju Abraham Linux Admin =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly
Re: [Freeipa-users] Replication failed
Dear Martin, Thanks for your help and the replication issue got resolved after syncing the time. But I am not able to login to the replica server web ui. Keep on getting Your session has expired. Please re-login.. Please find the logs. [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20287 secs). Current seqnum=1 [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20289 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20290 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20291 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20292 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20293 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20294 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20295 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20297 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20298 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20300 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20303 secs). Current seqnum=1 Regards Sanju Abraham Linux Admin From: Martin Basti mba...@redhat.com To: Sanju A sanj...@tcs.com, freeipa-users@redhat.com Date: 07-04-2015 16:53 Subject:Re: [Freeipa-users] Replication failed On 07/04/15 13:13, Sanju A wrote: Dear All, Replication was working fine for the last 1 month and recently the replica server (ipa2) is having some hardware issue and it was down for a week. Replication is not working once the machine is up. Please help. [root@ipa etc]# service dirsrv status dirsrv PKI-IPA (pid 29954) is running... dirsrv DOMAIN-COM (pid 30023) is running... [root@ipa2 ~]# service dirsrv status dirsrv DOMAIN-COM (pid 1892) is running... [root@ipa2 ~]# [root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:35:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:57 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:40:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could
Re: [Freeipa-users] Replication failed
Great! additional comments inline Martin On 07/04/15 13:56, Sanju A wrote: Dear Martin, Thanks for your help and the replication issue got resolved after syncing the time. But I am not able to login to the replica server web ui. Keep on getting Your session has expired. Please re-login.. Please find the logs. Does CLI command works on the server? What do you use, form based authentication or kerberos to login to webUI? Did you try to clean browser cache (or kdestroy)? You can find something useful in this thread, https://www.redhat.com/archives/freeipa-users/2015-April/msg00047.html [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20287 secs). Current seqnum=1 [07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20288 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20289 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20290 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20291 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20292 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20293 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20294 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20295 secs). Current seqnum=1 [07/Apr/2015:17:24:50 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20296 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20297 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20298 secs). Current seqnum=1 [07/Apr/2015:17:24:51 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20299 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20300 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:52 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20301 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20302 secs). Current seqnum=1 [07/Apr/2015:17:24:54 +051800] csngen_new_csn - Warning: too much time skew (-20303 secs). Current seqnum=1 From which log is this? Regards Sanju Abraham Linux Admin From: Martin Basti mba...@redhat.com To: Sanju A sanj...@tcs.com, freeipa-users@redhat.com Date: 07-04-2015 16:53 Subject: Re: [Freeipa-users] Replication failed On 07/04/15 13:13, Sanju A wrote: Dear All, Replication was working fine for the last 1 month and recently the replica server (ipa2) is having some hardware issue and it was down for a week. Replication is not working once the machine is up. Please help. [root@ipa etc]# service dirsrv status dirsrv PKI-IPA (pid 29954) is running... dirsrv DOMAIN-COM (pid 30023) is running... [root@ipa2 ~]# service dirsrv status dirsrv DOMAIN-COM (pid 1892) is running... [root@ipa2 ~]# [root@ipa etc]# tail -f /var/log/dirsrv/slapd-TCS-MOBILITY-COM/errors [07/Apr/2015:16:25:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:25:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:28:10 +051800] ipa_range_check_pre_op - [file ipa_range_check.c, line 235]: Missing entry to modify. [07/Apr/2015:16:30:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context) errno 0 (Success) [07/Apr/2015:16:30:50 +051800] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) [07/Apr/2015:16:35:50 +051800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 (Invalid credentials) (SASL(-13
