Hi Rob,
I have run your tool and found it to report some issues. I wonder if you could help me
figure out what they are. Our problem is that we often have staff who loose their groups
and this has been happening for 3 years. sss_cache -u username sometimes fixes it. Any
advise greatly welcome. Note that I have removed our send are master
“vmpdr-linuxidm......”
Really ken to solve this but no expert.
Centos 7.8 server and clients
ipa-server-4.6.6
The "Unexpected SRV entry in DNS" warnings mean that some servers are
defined in the IPA domain with services that IPA provides but those
servers aren't IPA servers.
Similarly, "Expected SRV record missing", a SRV record is missing for an
IPA service for one or more IPA servers.
"expected ipa-ca IPAddr missing" means that the IPA server at
10.126.18.129 is not in the ipa-ca CNAME (and also caught with the count
of ipa-ca records).
The final errors are due to your installation still using domain level
0. You can ignore these if you don't want to or can't update domain
levels.
[
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key": "_ntp._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "57735f69-6d98-4ae1-9f0a-dd848bbfa1f7",
"duration": "0.024868",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_kerberos._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "3b789068-16ff-4684-bb5e-3add8a62b2b8",
"duration": "0.025853",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kerberos._tcp.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "bab58235-1a9b-48bc-9b4c-b0e75b91d619",
"duration": "0.027710",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kerberos._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "44a47316-ba13-4226-9625-2f29f369cdd4",
"duration": "0.027825",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "313a97f5-9f05-4465-a50f-27996c22c306",
"duration": "0.028995",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kerberos._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "d00274ff-12a9-465f-957e-392c4edd7e5a",
"duration": "0.030514",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kerberos-master._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "0e50f8e7-6321-429a-b84e-3a88922ec07b",
"duration": "0.031876",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kpasswd._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "011bf574-e7ea-4f5d-8bf6-f5ecdd722ecd",
"duration": "0.033430",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kpasswd._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "d00839d9-6e83-481d-9685-8eaca6caea14",
"duration": "0.034777",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "8bff3eb5-521d-4029-b368-c1b4cd39047c",
"duration": "0.036379",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key": "_ldap._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "2091880e-5777-4854-abb4-bc14c032b1af",
"duration": "0.037861",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_ldap._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "8f9862fa-45a0-4bdd-b561-93a6a15ac7f1",
"duration": "0.038836",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Unexpected SRV entry in DNS",
"key":
"_kerberos-master._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
},
"uuid": "cfd7b896-da90-4ac4-9b08-eccdbafeca30",
"duration": "0.040348",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "3c38ad1e-96a5-41fd-a161-56dde9601896",
"duration": "0.041473",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "Expected SRV record missing",
"key":
"_kerberos._udp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
},
"uuid": "fd6a163f-a338-4ff0-a2f2-9fb00064ab93",
"duration": "0.042447",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"msg": "expected ipa-ca IPAddr missing",
"key": "10.126.18.129"
},
"uuid": "59581cec-e08f-4e67-aed1-697698d66e92",
"duration": "0.044304",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.idns",
"kw": {
"expected": 1,
"count": 2,
"msg": "Got {count} ipa-ca A records, expected {expected}"
},
"uuid": "6852b70e-b366-44a3-bc1f-6bde42f79209",
"duration": "0.044392",
"when": "20200820104327Z",
"check": "IPADNSSystemRecordsCheck",
"result": "WARNING"
},
{
"source": "ipahealthcheck.ipa.topology",
"kw": {
"msg": "topologysuffix-verify domain failed, Topology management requires
minimum domain level 1 "
},
"uuid": "e5386d69-3028-4c71-8a93-87de8e954682",
"duration": "0.002170",
"when": "20200820104332Z",
"check": "IPATopologyDomainCheck",
"result": "ERROR"
},
{
"source": "ipahealthcheck.ipa.topology",
"kw": {
"msg": "topologysuffix-verify domain failed, Topology management requires
minimum domain level 1 "
},
"uuid": "c50ccc80-d031-4a52-a097-43b6b09c46c6",
"duration": "0.005159",
"when": "20200820104332Z",
"check": "IPATopologyDomainCheck",
"result": "ERROR"
}
]
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...