Hello there,
Something went wrong after recent yum update (CentOS 7)
The current version is 4.6.8-5.el7.centos.9
I have two FreeIPA replicas and one Active Directory agreement (winsync)
Here what i'm getting from cn=replica....cn=mapping tree,cn=config
nsds5replicaLastUpdateStart: 19700101000000Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
This is for both agreements, however winsync is still alive somehow.
Replication to the second FreeIPA node no longer works, and
when trying to re-initialize, here's what i'm getting:
ipa-replica-manage re-initialize --from=<node0> --verbose
Traceback (most recent call last):
File "/sbin/ipa-replica-manage", line 1624, in <module>
main(options, args)
File "/sbin/ipa-replica-manage", line 1567, in main
options.nolookup)
File "/sbin/ipa-replica-manage", line 1220, in re_initialize
repl.initialize_replication(agreement.dn, repl.conn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 1358, in initialize_replication
conn.modify_s(dn, mod)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 792,
in modify_s
return self.conn.modify_s(dn, modlist)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 357,
in modify_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 458,
in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 462,
in result2
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469,
in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476,
in result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
_ldap_call
result = func(*args,**kwargs)
TYPE_OR_VALUE_EXISTS: {'desc': 'Type or value exists'}
Unexpected error: {'desc': 'Type or value exists'}
I feel that the exception is related to time set to 19700101000000Z or some
other cn=config parameter.
Another suspicious thing which may be related is:
Running on node0:
ipa-replica-manage list -v <node1>
Failed to get data from 'node1': Insufficient access: SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Server krbtgt/<something unknown here> not found in
Kerberos database)
Any advice on how to fix without rebuilding everything ?
Thank you