On 12/19/18 8:39 PM, Grant Janssen via FreeIPA-users wrote:
New replica looks to be fully joined. I can add users, and I have
verified by log examination
that the new replica is actually the server adding the user.
I cannot detect any issues, BUT the 3rd replica does not appear as a column when I
execute the
ipa_check_consistency script.
grant@ef-idm03:~[20181219-11:35][#103]$ ipa-replica-manage list
ef-idm03.production.efilm.com: master
ef-idm02.production.efilm.com: master
ef-idm01.production.efilm.com: master
grant@ef-idm03:~[20181219-11:35][#104]$ ipa_check_consistency -d
PRODUCTION.EFILM.COM -W
********
FreeIPA servers: ef-idm01 ef-idm02 STATE
=================================================
Active Users 129 129 OK
Stage Users 7 7 OK
Preserved Users 0 0 OK
User Groups 22 22 OK
Hosts 158 158 OK
Host Groups 16 16 OK
HBAC Rules 5 5 OK
SUDO Rules 14 14 OK
DNS Zones ERROR ERROR OK
LDAP Conflicts NO NO OK
Ghost Replicas NO NO OK
Anonymous BIND YES YES OK
Replication Status ef-idm02 0 ef-idm01 0
ef-idm03 0
=================================================
grant@ef-idm03:~[20181219-11:35][#105]$ ipa user_find | grep entries
Number of entries returned 129
grant@ef-idm03:~[20181219-11:35][#106]$ ipa group_find | grep entries
Number of entries returned 22
grant@ef-idm03:~[20181219-11:35][#107]$ ipa host_find | grep entries
Number of entries returned 155
grant@ef-idm03:~[20181219-11:36][#108]$ ipa hostgroup_find | grep entries
Number of entries returned 16
grant@ef-idm03:~[20181219-11:36][#109]$ ipa hbacrule-find | grep entries
Number of entries returned 5
grant@ef-idm03:~[20181219-11:37][#110]$ ipa sudorule-find | grep entries
Number of entries returned 14
grant@ef-idm03:~[20181219-11:37][#111]$
what does this indicate?
Hi,
(disclaimer: I am not familiar with ipa-check-consistency)
I had a quick look at the code for ipa_check_consistency. If the list of
servers is not provided in the command line, they are found in the DNS
with the records for _ldap._tcp of the domain.
Can you check the output of
# dig +short -t SRV _ldap._tcp.$domain.
flo
thanx
- grant
This e-mail and any attachments are intended only for use by the addressee(s) named
herein and may contain confidential information. If you are not the intended recipient of
this e-mail, you are hereby notified any dissemination, distribution or copying of this
email and any attachments is strictly prohibited. If you receive this email in error,
please immediately notify the sender by return email and permanently delete the original,
any copy and any printout thereof. The integrity and security of e-mail cannot be
guaranteed.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...