[Freeipa-users] ui login error and questions about replication
Tamas Papp
tompos at martos.bme.hu
Tue Nov 5 20:20:23 UTC 2013
On 11/05/2013 09:09 PM, Rob Crittenden wrote:
> Tamas Papp wrote:
>>
>> On 11/05/2013 03:58 PM, Rich Megginson wrote:
>>> On 11/05/2013 07:53 AM, Tamas Papp wrote:
>>>> On 11/05/2013 03:17 PM, Rich Megginson wrote:
>>>>> https://fedorahosted.org/389/ticket/47516
>>>>>
>>>>> This has been fixed upstream and in some releases - to allow
>>>>> replication to proceed despite excessive clock skew - what is your
>>>>> 389-ds-base version and platform?
>>>> What is the clock skewed? The date and time is the same on both
>>>> machines.
>>>
>>> VMs are notorious for having the clocks get out of sync - even
>>> temporarily.
>>
>> What do you mean by this?
>> I definitely see the same time on the machines.
>> Also I can see in the log, that the replication is resumed. There is no
>> messages about the broken replication after the resume message.
>
> You see the same time NOW. The logs were reflecting a difference at
> that time.
I saw the same, when the log messages appeared.
Is there a way to get the time it sees from the other side?
>> I tried this, but no joy. Still not good:/
>>
>> What I really don't understand, why I cannot login to ui (or to an
>> installed client machine) if the replication doesn't work.
>> Is it a normal behaviour?
>
> These issues are probably not related, unless perhaps the time skew is
> also throwing off the Kerberos tickets and/or session cache in the IPA
> framework.
>
> You didn't say how you were trying to log into the UI. Are you using
> Kerberos or the form-based authentication?
Latter.
There is no kerberos configured on my computer.
But I've also tried with ssh on a normal computer.
Both failed.
tamas
More information about the Freeipa-users
mailing list