I'm seeing this in /var/log/messages periodically:
systemd: Starting IPA key daemon...
ipa-dnskeysyncd: ipa : INFO LDAP bind...
ipa-dnskeysyncd: ipa : ERROR Login to LDAP server failed:
{'desc': 'Invalid credentials'}
ipa-dnskeysyncd: Traceback (most recent call last):
ipa-dnskeysyncd: File "/usr/libexec/ipa/ipa-dnskeysyncd", line 94, in
<module>
ipa-dnskeysyncd: ldap_connection.sasl_interactive_bind_s("",
ipaldap.SASL_GSSAPI)
ipa-dnskeysyncd: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
sasl_interactive_bind_s
ipa-dnskeysyncd: res =
self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
ipa-dnskeysyncd: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
_apply_method_s
ipa-dnskeysyncd: return func(self,*args,**kwargs)
ipa-dnskeysyncd: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
sasl_interactive_bind_s
ipa-dnskeysyncd: return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
ipa-dnskeysyncd: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
_ldap_call
ipa-dnskeysyncd: result = func(*args,**kwargs)
ipa-dnskeysyncd: INVALID_CREDENTIALS:{'desc': 'Invalid credentials'}
systemd: ipa-dnskeysyncd.service: main process exited, code=exited,
status=1/FAILURE
systemd: Unit ipa-dnskeysyncd.service entered failed state
systemd: ipa-dnskeysyncd.service failed.
Also, my main server is now spitting this into /var/log/messages on a
regular basis:
GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (Credential cache is empty)
Our whole development group is essential down while this is going on. No
one can log on, DNS resolution isn't working at all, Kerberos tickets
aren't working the way they should, and the IPA web UI isn't letting me
log in via Kerberos _or_ with the admin account and its password (which
_does_ work to grab the admin Kerberos ticket).
I'm very confused.
Bret