Schweiss, Chip via FreeIPA-users wrote:
I'm building out a multisite installation. For unknown reasons,
the
'admin' user password needs to be reset each time I join a new FreeIPA
replica.
It seems to happen a minute or two after the ipa-replica-install
completes. Attempts to kinit immediately afterward usually works.
Here's my ipa-replica install command I'm using:
ipa-replica-install -n {domain} -r {realm} -d \
--server={existing_ipa_server} \
--setup-adtrust --add-agents --mkhomedir \
--ntp-pool={my_ntp_pool} \
-p $otp
How do I track down the cause of this?
I don't know how this can happen and don't recall having see it before.
To track it down you'd need to enable the audit log in 389-ds on all
servers, including any newly created replica and wait for it to be
reset. That will show you at least what machine did so. The actual MOD
is probably not super interesting but who knows.
rob