Okay, sorry for the messages. The original issue has been resolved, one of the servers time was off.
I am now having a problem similar to this: https://bugzilla.redhat.com/show_bug.cgi?id=953653. My logs indicate all the same issues. With IPA 3.0.0 and Centos 6.6 is this still a viable solution to the problem? Bryan On Sat, Feb 7, 2015 at 12:17 AM, Bryan Pearson <[email protected]> wrote: > I did a bit more digging into the issue, and realized that the ruv-id of > ipa2 is different on only one of the servers of the 3. I am imaging I will > need to run clean-ruv on inconsistent node. > > Bryan > > On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson <[email protected]> > wrote: > >> Hello, >> >> My IPA servers are currently saying: >> >> "Failed to get data from 'hostname.lan': Invalid credentials SASL(-13): >> authentication failure: GSSAPI Failure: gss_accept_sec_context" >> >> tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors >> >> [06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind - Error: >> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 49 >> (Invalid credentials) (SASL(-13): authentication failure: GSSAPI Failure: >> gss_accept_sec_context) errno 0 (Success) >> [06/Feb/2015:21:42:41 -0500] slapi_ldap_bind - Error: could not perform >> interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) >> >> We have 3 master replicas in operation. ipa2, ipa3, ipa4 and ipa1 we are >> decommissioning. After losing the CA on 2 nodes, we promoted ipa3 to >> master, and created a replica file, scped it to ipa4, installed it, and on >> ipa4 created ipa2. Because of design, 3 and 2 cant communicate with each >> other. >> >> I just stopped dirsrv and pki-ca on ipa1, so its possible it is creating >> issues. >> >> I cant determine where the credentials or how to get them changed as all >> the nodes are now having similar issues replicating. >> >> Bryan >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
