<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-text-html" lang="x-unicode">
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);">hi,</p>
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);">The systems are uptodate
F19 KVM guests.<br>
</p>
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);"><br>
I'm trying to login the web ui with no success:<br>
</p>
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);">"Your session has
expired. Please re-login.</p>
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);">To login with Kerberos,
please make sure you have valid tickets (obtainable via kinit)
and<span class="Apple-converted-space"> </span><a
href="http://ipa31.bph.cxn/ipa/config/unauthorized.html"
style="text-decoration: none; color: rgb(29, 133, 213);
font-weight: normal; text-transform: none;">configured</a><span
class="Apple-converted-space"> </span>the browser correctly,
then click Login.</p>
<p style="color: rgb(34, 34, 34); font-family: 'Liberation Sans',
Arial, Sans, sans-serif; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(249, 249, 249);">To login with username
and password, enter them in the fields below then click Login."</p>
<br>
Then after a while something happens and it starts working.<br>
<br>
In logs:<br>
<br>
On the "primary" node:<br>
<br>
[05/Nov/2013:12:19:06 +0100] NSMMReplicationPlugin -
agmt="cn=meToipa12.bpo.cxn" (ipa12:389): Replication bind with
GSSAPI auth resumed<br>
<br>
<br>
On the "secondary" node:<br>
<br>
[05/Nov/2013:12:31:25 +0100] csngen_new_csn - Warning: too much
time skew (-1658 secs). Current seqnum=3<br>
[05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much
time skew (-811 secs). Current seqnum=a<br>
[05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much
time skew (-812 secs). Current seqnum=1<br>
[05/Nov/2013:12:45:35 +0100] csngen_new_csn - Warning: too much
time skew (-811 secs). Current seqnum=1<br>
[05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much
time skew (-800 secs). Current seqnum=4<br>
[05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much
time skew (-801 secs). Current seqnum=1<br>
[05/Nov/2013:12:45:49 +0100] csngen_new_csn - Warning: too much
time skew (-800 secs). Current seqnum=1<br>
<br>
<br>
Date shows up the same system time on both machines:<br>
<br>
Tue Nov 5 12:59:29 CET 2013<br>
<br>
I called as primary the machine that was installed initially and
secondary is the one that was deployed by replication.<br>
<br>
<br>
<br>
Finally, I have some questions:)<br>
<br>
1. How can this happen, what's the problem? Is it something about
the design, I screwed up something, or maybe the virtualization
layer..?<br>
How can I avoid it and if it happens, how can I fix it
immediately?<br>
<br>
<br>
2. What is the difference between 'primary' and 'secondary'. What
does happen, if the primary machine gets destroyed?<br>
<br>
<br>
4. How many "master" can I use?<br>
<br>
<br>
5. If I have a network like this:<br>
<br>
A1______B1<br>
A2 B2<br>
<br>
A2 and B1,2 are replicated from A1<br>
<br>
If the connection gets lost between A and B site, are B1 and 2
(and A1,2) replicated fine?<br>
<br>
<br>
6. If a client is installed with ipa-client-install using A1 and
A1 gets lost, does the client know, where it needs to connect
(failover..)?<br>
<br>
<br>
7. Can I install slave (read-only) replicas so clients access them
only for queries and for changes (like pw change) they access
master servers?<br>
<br>
<br>
<br>
Thanks,<br>
tamas<br class="Apple-interchange-newline">
</div>
</body>
</html>