[Freeipa-users] ipa sync agreement to AD DC is taking a very long time
janice.psyop
janice.psyop at gmail.com
Tue Oct 15 03:26:27 UTC 2013
Hi,
I've been setting up an IPA server (centos 6.4) with AD trust (2008R2
domain) following the FC18 freeipa guide.
Everything has gone smoothly until I ran the ipa-replica-manage connect
command to the AD DC and it seems to be running (no errors on std out and
ps says it is still running), but it has been running for six hours! We do
have ~2000 user entries, but I didn't think it would take this long to
sync up.
The command I ran was this (see below) and the screen now just displays
repeating "Update in progress". I'm very tempted to kill it in case
something is going horribly wrong (with the AD user accounts...)
/usr/sbin/ipa-replica-manage connect --winsync
--passsync=MySecretPass
--binddn=CN=myipasyncuser,CN=Users,DC=domain,DC=com
--bindpw=MySecretPass
--cacert=/etc/openldap/cacerts/DC-CA.cer
-v dc.domain.com
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Is there any way to check the progress of this in case it is in fact hung
up? The last few entries in the ipa/default.log is from six hours ago:
2013-10-14T21:32:45Z 2706 MainThread ipa INFO Added new
sync agreement, waiting for it to become ready . . .
2013-10-14T21:32:46Z 2706 MainThread ipa INFO Replication
Update in progress: FALSE: status: 0 Replica acquired successfully:
Incremental update started: start: 0: end: 0
2013-10-14T21:32:46Z 2706 MainThread ipa INFO Agreement
is ready, starting replication . . .
thanks much,
-J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131014/579ec93d/attachment.htm>
More information about the Freeipa-users
mailing list