[Freeipa-users] ui login error and questions about replication
Tamas Papp
tompos at martos.bme.hu
Tue Nov 5 12:32:36 UTC 2013
hi,
The systems are uptodate F19 KVM guests.
I'm trying to login the web ui with no success:
"Your session has expired. Please re-login.
To login with Kerberos, please make sure you have valid tickets
(obtainable via kinit) and configured
<http://ipa31.bph.cxn/ipa/config/unauthorized.html> the browser
correctly, then click Login.
To login with username and password, enter them in the fields below then
click Login."
Then after a while something happens and it starts working.
In logs:
On the "primary" node:
[05/Nov/2013:12:19:06 +0100] NSMMReplicationPlugin -
agmt="cn=meToipa12.bpo.cxn" (ipa12:389): Replication bind with GSSAPI
auth resumed
On the "secondary" node:
[05/Nov/2013:12:31:25 +0100] csngen_new_csn - Warning: too much time
skew (-1658 secs). Current seqnum=3
[05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much time
skew (-811 secs). Current seqnum=a
[05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much time
skew (-812 secs). Current seqnum=1
[05/Nov/2013:12:45:35 +0100] csngen_new_csn - Warning: too much time
skew (-811 secs). Current seqnum=1
[05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much time
skew (-800 secs). Current seqnum=4
[05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much time
skew (-801 secs). Current seqnum=1
[05/Nov/2013:12:45:49 +0100] csngen_new_csn - Warning: too much time
skew (-800 secs). Current seqnum=1
Date shows up the same system time on both machines:
Tue Nov 5 12:59:29 CET 2013
I called as primary the machine that was installed initially and
secondary is the one that was deployed by replication.
Finally, I have some questions:)
1. How can this happen, what's the problem? Is it something about the
design, I screwed up something, or maybe the virtualization layer..?
How can I avoid it and if it happens, how can I fix it immediately?
2. What is the difference between 'primary' and 'secondary'. What does
happen, if the primary machine gets destroyed?
4. How many "master" can I use?
5. If I have a network like this:
A1______B1
A2 B2
A2 and B1,2 are replicated from A1
If the connection gets lost between A and B site, are B1 and 2 (and
A1,2) replicated fine?
6. If a client is installed with ipa-client-install using A1 and A1 gets
lost, does the client know, where it needs to connect (failover..)?
7. Can I install slave (read-only) replicas so clients access them only
for queries and for changes (like pw change) they access master servers?
Thanks,
tamas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131105/a5a3f2a5/attachment.htm>
More information about the Freeipa-users
mailing list