[Freeipa-users] replication again :-(
David Kupka
dkupka at redhat.com
Tue May 19 08:21:31 UTC 2015
On 05/19/2015 09:04 AM, thierry bordaz wrote:
> On 05/19/2015 03:42 AM, Janelle wrote:
>> On 5/18/15 6:23 PM, Janelle wrote:
>>> Once again, replication/sync has been lost. I really wish the product
>>> was more stable, it is so much potential and yet.
>>>
>>> Servers running for 6 days no issues. No new accounts or changes
>>> (maybe a few users changing passwords) and again, 5 out of 16 servers
>>> are no longer in sync.
>>>
>>> I can test it easily by adding an account and then waiting a few
>>> minutes, then run "ipa user-show --all username" on all the servers,
>>> and only a few of them have the account. I have now waited 15
>>> minutes, still no luck.
>>>
>>> Oh well.. I guess I will go look at alternatives. I had such high
>>> hopes for this tool. Thanks so much everyone for all your help in
>>> trying to get things stable, but for whatever reason, there is a
>>> random loss of sync among the servers and obviously this is not
>>> acceptable.
>>>
>>> regards
>>> ~J
>> A new error:
>>
>> [ipa03.example.com] reports: Update failed! Status: [49 - LDAP error:
>> Invalid credentials]
>>
>>
> can you see the update on ipa03.example.com ?
> It is looking like the replica agreement from this host is failing to
> bind to a replica. This could explain why the replica do not receive the
> update (disabled account, password/certificate expiration, ...)
> Again logs/config would help.
>
> thierry
>
>
>
Hello,
maybe stupid question: Is time on all your replicas in sync? Usually
when the time is not synced between KDC and client the ticket is
rejected thus preventing login.
--
David Kupka
More information about the Freeipa-users
mailing list