[Freeipa-users] Wrong timestamp on ipaclient-install.log file and authentication problem
Martin Babinsky
mbabinsk at redhat.com
Tue Nov 15 15:58:26 UTC 2016
On 11/15/2016 03:45 PM, Tamer Ataol wrote:
> Hi,
>
> I am trying to make ipa-client-install work on Ubuntu 14.04.5.
> Everything works except it doesn't get ldap users from IPA Master. I dig
> issue a little bit and found out that ipaclient-install.log under
> /var/log/ directory uses wrong timestamp. Ubuntu's date is correct, it
> is set to Istanbul time. But in the log file UTC is used. 3 hours behind
> the servers time. I am thinking this issue is the cause of not getting
> the ldap users from the FreeIPA Master. IPA client cannot synchronize
> with the master because it uses UTC. I couldn't find any other issue.
>
> What can make FreeIPA Client use a different time than the server's?
> Java and Python gives Istanbul time in the server. So they are correct.
> Also I restarted rsyslogd. Nothing changed.
>
> Another thing I want to mention is that I installed Ubuntu form netboot
> image and installed ubuntu-desktop, freeipa-client and ssh on top of
> that. And Ubuntu is set to Turkish. Strangely when I install Ubuntu from
> Live CD in English this issue never happens and FreeIPA Client works
> perfectly. But I need to use netboot and Turkish as I need to install
> many computers for Turkish users.
>
> Thanks.
>
>
>
IIRC the IPA logs always have UTC timestamps because it makes debugging
issues across different timezones easier. Also the timestamp format used
in the logging module should not influence the client function.
If you suspect that timesync is an issue you need to compare the client
and server time directly, not based on logs. If your master has NTP
running and is configured as NTP server (that should be always the case
unless you gave '--no-ntp' option during master install), the client
will use it as a source of time.
I would inspect ipaclient-install logs for errors and also look into
https://fedorahosted.org/sssd/wiki/Troubleshooting because user lookup
on the client is mainly done by sssd unless configured otherwise.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list