Dear All,
Running a FreeIPA cluster, the master has fallen over and refuses to get back up:
Failed to read data from service file: Unknown error when retrieving list of services from LDAP: Insufficient access: SASL(-4): no mechanism available: (Unknown authentication method)
I was wondering where the best place for logs is to get myself out of this hole, as it's the "super master" i'd rather not have to delete it, promote another, etc etc.
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.ukmailto:callum@well.ox.ac.uk
Callum Smith via FreeIPA-users wrote:
Dear All,
Running a FreeIPA cluster, the master has fallen over and refuses to get back up:
Failed to read data from service file: Unknown error when retrieving list of services from LDAP: Insufficient access: SASL(-4): no mechanism available: (Unknown authentication method)
I was wondering where the best place for logs is to get myself out of this hole, as it's the "super master" i'd rather not have to delete it, promote another, etc etc.
Look in /var/log/dirsrv/slapd-REALM/access and errors
/var/log/krb5kdc.log
Also see what changed that caused things to blow up (yum logs, disk space, etc.).
rob
Dear Rob,
Thanks for the fast reply, I think there's something really wrong with the hostname that's configured for the box (that'll teach me for using Ansible), and it's trying to auth locally when it's not running yet.
krb5kdc.log
Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.144: CLIENT_NOT_FOUND: host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UKmailto:host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UK for krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UKmailto:krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UK, Client not found in Kerberos database Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): closing down fd 11 Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 10.141.248.2: CLIENT_NOT_FOUND: host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UKmailto:host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UK for krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UKmailto:krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UK, Client not found in Kerberos database
(ipa-b.cloud.in.bmrc... doesnt exist and shouldn't - so there's a problem there too).
slapd/access [01/Nov/2018:19:46:33.586518662 +0000] conn=1 fd=64 slot=64 connection from ::1 to ::1 [01/Nov/2018:19:46:33.587225369 +0000] conn=2 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1 [01/Nov/2018:19:46:33.587501315 +0000] conn=1 op=-1 fd=64 closed - B1 [01/Nov/2018:19:46:33.592352645 +0000] conn=2 op=-1 fd=65 closed - B1 [01/Nov/2018:19:46:33.593372333 +0000] conn=3 fd=64 slot=64 connection from ::1 to ::1 [01/Nov/2018:19:46:33.593766162 +0000] conn=4 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1 [01/Nov/2018:19:46:33.593898023 +0000] conn=3 op=-1 fd=64 closed - B1 [01/Nov/2018:19:46:33.599951489 +0000] conn=5 fd=66 slot=66 connection from ::1 to ::1 [01/Nov/2018:19:46:33.600104933 +0000] conn=4 op=-1 fd=65 closed - B1 [01/Nov/2018:19:46:33.603688533 +0000] conn=5 op=-1 fd=66 closed error 125 (Operation canceled) - A1
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.ukmailto:callum@well.ox.ac.uk
On 1 Nov 2018, at 19:11, Rob Crittenden <rcritten@redhat.commailto:rcritten@redhat.com> wrote:
/var/log/dirsrv/slapd-REALM/access
Callum Smith via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Dear Rob,
Thanks for the fast reply, I think there's something really wrong with the hostname that's configured for the box (that'll teach me for using Ansible), and it's trying to auth locally when it's not running yet.
krb5kdc.log
Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.144: CLIENT_NOT_FOUND: host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UKmailto:host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UK for krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UKmailto:krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UK, Client not found in Kerberos database Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): closing down fd 11 Nov 01 18:18:59 ipa-a.in.bmrc.ox.ac.uk krb5kdc[11212](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 10.141.248.2: CLIENT_NOT_FOUND: host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UKmailto:host/ipa-b.cloud.in.bmrc.ox.ac.uk@IN.BMRC.OX.AC.UK for krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UKmailto:krbtgt/IN.BMRC.OX.AC.UK@IN.BMRC.OX.AC.UK, Client not found in Kerberos database
(ipa-b.cloud.in.bmrc... doesnt exist and shouldn't - so there's a problem there too).
Agree, this looks like a hostname/DNS problem then. Please post back if fixing that doesn't solve the issue.
Thanks, --Robbie
freeipa-users@lists.fedorahosted.org