Managed to fix it: had to stop dirsrv@IPA-RDMEDIA-COM and put the server's hostname on the line with nsslapd-localhost
Then run ipa-replica-manage re-initialize --from other-master.ipa.rdmedia.com On 19 August 2016 at 12:14, Tiemen Ruiten <[email protected]> wrote: > I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors, > looks definitely like an issue with dirsrv. > > On 19 August 2016 at 11:43, Tiemen Ruiten <[email protected]> wrote: > >> I see I didn't use the right terminology: all four of my FreeIPA servers >> are masters. >> >> On 19 August 2016 at 11:36, Tiemen Ruiten <[email protected]> wrote: >> >>> Hello, >>> >>> I need some help getting one of my replica's to work. Assistance would >>> be much appreciated. >>> >>> After the iSCSI volumes of two replicas of were briefly unavailable, on >>> one of them DNS and LDAP stopped working and replication seems to have >>> stopped. The ipa service failed with a message that an upgrade was >>> required, so I ran ipa-server-upgrade, but it failed due to an empty >>> dse.ldif. >>> >>> Then I probably made a mistake by copying a dse.ldif from another >>> replica and trying to run the upgrade. It worked more or less, but DNS >>> still didn't work. >>> >>> Next I replaced it with an older backup file (from Aug 4) ran the >>> upgrade command again and after some fiddling all services started >>> normally, except ipa-dnskeysyncd: >>> >>> journalctl -u ipa-dnskeysyncd >>> >>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: >>> ipa-dnskeysyncd.service holdoff time over, scheduling restart. >>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key >>> daemon. >>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key >>> daemon... >>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa: >>> WARNING: session memcached servers not running >>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa >>> : INFO LDAP bind... >>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client >>> step 1 >>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client >>> step 1 >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa >>> : ERROR Login to LDAP server failed: {'info': 'SASL(-1): generic >>> failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide >>> more information (No key table entry found matching >>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> Traceback (most recent call last): >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module> >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI) >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in >>> sasl_interactive_bind_s >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res = >>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_ >>> s,*args,**kwargs) >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in >>> _apply_method_s >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> return func(self,*args,**kwargs) >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in >>> sasl_interactive_bind_s >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req >>> uestControlTuples(serverctrls),RequestControlTuples(clientct >>> rls),sasl_flags) >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File >>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in >>> _ldap_call >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> result = func(*args,**kwargs) >>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: >>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error: >>> Unspecified GSS failure. Minor code may provide more information (No key >>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', >>> 'desc': 'Invalid credentials'} >>> >>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from. >>> DNS and logins to the webinterface on this host are still not working. >>> >>> What can I do to get this replica in working order again? >>> >>> -- >>> Tiemen Ruiten >>> Systems Engineer >>> R&D Media >>> >> >> >> >> -- >> Tiemen Ruiten >> Systems Engineer >> R&D Media >> > > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
