5:16 a.m.
Hey,
Since I've setup a replica it gives errors like these:
[17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:36:56 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:36:56 +0200] slapi_ldap_bind - Error: could not perform interactive bind
for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[17/Oct/2017:11:36:56 +0200] NSMMReplicationPlugin - agmt="cn=meTorotte.ghs.nl"
(rotte:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error)
(SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Ticket expired))
[17/Oct/2017:11:36:59 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:36:59 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:36:59 +0200] slapi_ldap_bind - Error: could not perform interactive bind
for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[17/Oct/2017:11:37:05 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:37:05 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
[17/Oct/2017:11:37:05 +0200] slapi_ldap_bind - Error: could not perform interactive bind
for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[17/Oct/2017:11:37:18 +0200] NSMMReplicationPlugin - agmt="cn=meTorotte.ghs.nl"
(rotte:389): Replication bind with GSSAPI auth resumed
I'm looking for hints how to debug this. And of course it would be nice if someone
knows how to solve this.
Details about the installation.
Both servers: Ubuntu 16.04, freeipa version 4.3.1-0ubuntu1
The original master is rotte.ghs.nl and my replica is linge.ghs.nl. The above log is on
the replica (linge).
Perhaps the following is valuable information, perhaps not. The installation failed at
first
due to a timeout problem. I've changed the Python to increase the time, and after
that
the replica installation succeeded. I'm able to connect to it (LDAP and web UI), and
new
information entered in the master was replicated correctly.
But now I see some clients having Kerberos ticket problems, most likely because
they use the replica, which is not valid anymore.
Should I abandon the replica and reinstall it, and if so, how should I do that (safely)?
--
Kees Bakker