[Freeipa-users] Re: ipa.service "fails" to start

Zarko D via FreeIPA-users Mon, 29 Oct 2018 23:41:10 -0700

From what I experience, during " killing ntpd, going back a few days, restart 
krb5kdc, dirsrv, httpd and the CA then certmonger", service 
ipa-dnskeysyncd.service is failing.



Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : DEBUG    Kerberos 
principal: ipa-dnskeysyncd/ca-ldap04.domain.com
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : DEBUG    Initializing 
principal ipa-dnskeysyncd/ca-ldap04.domain.com using keytab 
/etc/ipa/dnssec/ipa-dnskeysyncd.keytab
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : DEBUG    using ccache 
/tmp/ipa-dnskeysyncd.ccache
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : DEBUG    Attempt 1/5: 
success
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : DEBUG    LDAP URL: 
ldapi://%2Fvar%2Frun%2Fslapd-US-ORACLE-COM.socket/cn%3Ddns%2Cdc%3Dus%2Cdc%3Doracle%2Cdc%3Dcom??sub?%28%7C%28objectClass%3DidnsZone%29%28objectClass%3DidnsSecKey%29%28objectClass%3Dipk11PublicKey%29%29
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : INFO     LDAP bind...
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa         : ERROR    Login to LDAP 
server failed: {'desc': 'Invalid credentials'}
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: Traceback (most recent call last):
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: File 
"/usr/libexec/ipa/ipa-dnskeysyncd", line 90, in <module>
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: 
ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in 
sasl_interactive_bind_s
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: res = 
self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in 
_apply_method_s
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: return func(self,*args,**kwargs)
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in 
sasl_interactive_bind_s
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: return 
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: result = func(*args,**kwargs)
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: INVALID_CREDENTIALS: {'desc': 
'Invalid credentials'}
Aug 10 10:19:18 ca-ldap04 systemd: ipa-dnskeysyncd.service: main process 
exited, code=exited, status=1/FAILURE
Aug 10 10:19:18 ca-ldap04 systemd: Unit ipa-dnskeysyncd.service entered failed 
state.
Aug 10 10:19:18 ca-ldap04 systemd: ipa-dnskeysyncd.service failed.


And other logs like : 

Aug 10 10:17:38 ca-ldap04 ns-slapd: [10/Aug/2018:10:17:38.973963675 -0700] 
csngen_new_csn - Warning: too much time skew (-6959333 secs). Current seqnum=47
Aug 10 10:17:53 ca-ldap04 named-pkcs11[2514]: GSSAPI Error: Unspecified GSS 
failure.  Minor code may provide more information (Ticket not yet valid)
Aug 10 10:17:53 ca-ldap04 named-pkcs11[2514]: LDAP error: Local error: 
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: ipa.service "fails" to start

Reply via email to