On 7/23/19 12:27 PM, Harald Dunkel via FreeIPA-users wrote:
PS: Attached is slapd's errors file as well. Please note the
Kerberos errors:
:
[23/Jul/2019:11:42:23.714599643 +0200] - ERR - set_krb5_creds - Could
not get initial credentials for principal
[ldap/ipa0.example.de(a)EXAMPLE.DE] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
requested realm)
Hi,
This error means that kerberos server is not running on ipa0 when 389-ds
server starts. What is the output of ipactl status on ipa0? You can
restart the services with ipactl start --ignore-service-failures
(otherwise failure of a single IPA service will stop the whole stack).
flo
[23/Jul/2019:11:42:23.746685708 +0200] - ERR - schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[23/Jul/2019:11:42:23.750736864 +0200] - ERR - slapi_ldap_bind - Error:
could not send startTLS request: error -11 (Connect error)
[23/Jul/2019:11:42:23.766240272 +0200] - ERR - NSMMReplicationPlugin -
bind_and_check_pwp -
agmt="cn=masterAgreement1-ipa1.example.de-pki-tomcat" (ipa1:389) -
Replication bind with SIMPLE auth failed: LDAP error -11 (Connect error)
(error:14090086:SSL routines:ssl3_get_server_certifica
:
Regards
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...