I did actually use a local dse.ldif in the end, but I forgot to stop dirsrv while replacing it, so maybe the nsslapd-localhost line got updated by the running dirsrv?
On 19 August 2016 at 15:59, Petr Spacek <[email protected]> wrote: > On 19.8.2016 15:26, Tiemen Ruiten wrote: > > Managed to fix it: had to stop dirsrv@IPA-RDMEDIA-COM and put the > server's > > hostname on the line with nsslapd-localhost > > Uh, this is quite brutal. There might be some other server-specific > options. > > If you can dig up older dse.ldif from the same server, I would rather > restore > that version. You never know what will silently break. > > Petr^2 Spacek > > > > > Then run ipa-replica-manage re-initialize --from > > other-master.ipa.rdmedia.com > > > > On 19 August 2016 at 12:14, Tiemen Ruiten <[email protected]> wrote: > > > >> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors, > >> looks definitely like an issue with dirsrv. > >> > >> On 19 August 2016 at 11:43, Tiemen Ruiten <[email protected]> wrote: > >> > >>> I see I didn't use the right terminology: all four of my FreeIPA > servers > >>> are masters. > >>> > >>> On 19 August 2016 at 11:36, Tiemen Ruiten <[email protected]> > wrote: > >>> > >>>> Hello, > >>>> > >>>> I need some help getting one of my replica's to work. Assistance would > >>>> be much appreciated. > >>>> > >>>> After the iSCSI volumes of two replicas of were briefly unavailable, > on > >>>> one of them DNS and LDAP stopped working and replication seems to have > >>>> stopped. The ipa service failed with a message that an upgrade was > >>>> required, so I ran ipa-server-upgrade, but it failed due to an empty > >>>> dse.ldif. > >>>> > >>>> Then I probably made a mistake by copying a dse.ldif from another > >>>> replica and trying to run the upgrade. It worked more or less, but DNS > >>>> still didn't work. > >>>> > >>>> Next I replaced it with an older backup file (from Aug 4) ran the > >>>> upgrade command again and after some fiddling all services started > >>>> normally, except ipa-dnskeysyncd: > >>>> > >>>> journalctl -u ipa-dnskeysyncd > >>>> > >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: > >>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart. > >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA > key > >>>> daemon. > >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA > key > >>>> daemon... > >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > ipa: > >>>> WARNING: session memcached servers not running > >>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa > >>>> : INFO LDAP bind... > >>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI > client > >>>> step 1 > >>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI > client > >>>> step 1 > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa > >>>> : ERROR Login to LDAP server failed: {'info': 'SASL(-1): > generic > >>>> failure: GSSAPI Error: Unspecified GSS failure. Minor code may > provide > >>>> more information (No key table entry found matching > >>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'} > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> Traceback (most recent call last): > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > File > >>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module> > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI) > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > File > >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in > >>>> sasl_interactive_bind_s > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > res = > >>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_ > >>>> s,*args,**kwargs) > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > File > >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in > >>>> _apply_method_s > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> return func(self,*args,**kwargs) > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > File > >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in > >>>> sasl_interactive_bind_s > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req > >>>> uestControlTuples(serverctrls),RequestControlTuples(clientct > >>>> rls),sasl_flags) > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > File > >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in > >>>> _ldap_call > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> result = func(*args,**kwargs) > >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: > >>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI > Error: > >>>> Unspecified GSS failure. Minor code may provide more information (No > key > >>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', > >>>> 'desc': 'Invalid credentials'} > >>>> > >>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif > from. > >>>> DNS and logins to the webinterface on this host are still not working. > >>>> > >>>> What can I do to get this replica in working order again? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
