The only other message before that is suspcious:
set_krb5_creds - Could not get initial credentials for principal ... in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
I might get more when I get to work, but I think that’s all the errors I found. The resume
message is not there. I saw your commit 5 years ago on this issue.
On Mar 23, 2018, at 6:48 AM, Mark Reynolds
<mreynolds(a)redhat.com> wrote:
On 03/23/2018 12:07 AM, Sergei Gerasenko wrote:
> The error I’m basically getting is:
>
> [23/Mar/2018:03:23:29.461074995 +0000] - ERR - NSMMReplicationPlugin -
bind_and_check_pwp - agmt=“cn=HOST1-to-HOST2" (ipa203:389) - Replication bind with
GSSAPI auth failed: LDAP error 49 (Invalid credentials) ()
>
> Any ideas?
GSSAPI authentication is failing. Wrong principle name in agreement?
KDC issue? I don't know, but that's what the error means. It could also
be a red herring as it typically does recover (it logs something like
"auth resumed"). We need to see more logging from the errors log.
>
>> On Mar 22, 2018, at 5:05 PM, Sergei Gerasenko <gerases(a)gmail.com> wrote:
>>
>> Hi guys,
>>
>> I ran into a rather significant problem. I needed to rebuild two nodes in my
topology and re-include them under the same hostnames. What I’m seeing now is that the
replication to these new nodes is broken. Replication from them seems to work. I suspect
that we have some stale metadata somewhere in the topology whereby the old nodes are still
present somewhere in the agreements under other ids?
>>
>> What’s the best way to troubleshoot this?
>>
>> Thanks again,
>> Sergei
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
<mailto:389-users-leave@lists.fedoraproject.org>