[Freeipa-users] replication again :-(
Janelle
janellenicole80 at gmail.com
Tue May 19 13:53:21 UTC 2015
On 5/19/15 1:21 AM, David Kupka wrote:
> On 05/19/2015 09:04 AM, thierry bordaz wrote:
>> On 05/19/2015 03:42 AM, Janelle wrote:
>>> On 5/18/15 6:23 PM, Janelle wrote:
>>>> Once again, replication/sync has been lost. I really wish the product
>>>> was more stable, it is so much potential and yet.
>>>>
>>>> Servers running for 6 days no issues. No new accounts or changes
>>>> (maybe a few users changing passwords) and again, 5 out of 16 servers
>>>> are no longer in sync.
>>>>
>>>> I can test it easily by adding an account and then waiting a few
>>>> minutes, then run "ipa user-show --all username" on all the servers,
>>>> and only a few of them have the account. I have now waited 15
>>>> minutes, still no luck.
>>>>
>>>> Oh well.. I guess I will go look at alternatives. I had such high
>>>> hopes for this tool. Thanks so much everyone for all your help in
>>>> trying to get things stable, but for whatever reason, there is a
>>>> random loss of sync among the servers and obviously this is not
>>>> acceptable.
>>>>
>>>> regards
>>>> ~J
>>> A new error:
>>>
>>> [ipa03.example.com] reports: Update failed! Status: [49 - LDAP error:
>>> Invalid credentials]
>>>
>>>
>> can you see the update on ipa03.example.com ?
>> It is looking like the replica agreement from this host is failing to
>> bind to a replica. This could explain why the replica do not receive the
>> update (disabled account, password/certificate expiration, ...)
>> Again logs/config would help.
>>
>> thierry
>>
>>
>>
>
> Hello,
> maybe stupid question: Is time on all your replicas in sync? Usually
> when the time is not synced between KDC and client the ticket is
> rejected thus preventing login.
>
within .5 seconds each other at most.
More information about the Freeipa-users
mailing list