Grant Janssen via FreeIPA-users wrote: > when I added another replica, all appeared to go smooth. But the new server > did not receive a dnarange. > I reviewed the man page and this indicated: > "New IPA masters do not automatically get a DNA range assignment. A range > assignment is > done only when a user or POSIX group is added on that master.” > > no problemo. I added a user on the new replica, this new user appears on all > the servers when queried - but still my dna range shows “no range set” > > grant@ef-idm03:~[20181206-8:25][#118]$ ipa-replica-manage list > ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] > Permission denied: u'/var/log/ipa/cli.log' > ef-idm03.production.efilm.com: master > ef-idm02.production.efilm.com: master > ef-idm01.production.efilm.com: master > grant@ef-idm03:~[20181206-8:28][#119]$ ipa_check_consistency -d > PRODUCTION.EFILM.COM -W ******** > FreeIPA servers: ef-idm01 ef-idm02 STATE > ================================================= > Active Users 126 126 OK > Stage Users 7 7 OK > Preserved Users 0 0 OK > User Groups 22 22 OK > Hosts 158 158 OK > Host Groups 16 16 OK > HBAC Rules 5 5 OK > SUDO Rules 14 14 OK > DNS Zones ERROR ERROR OK > LDAP Conflicts NO NO OK > Ghost Replicas NO NO OK > Anonymous BIND YES YES OK > Replication Status ef-idm02 0 ef-idm01 0 > ef-idm03 0 > ================================================= > grant@ef-idm03:~[20181206-8:36][#120]$ ipa-replica-manage dnarange-show > ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] > Permission denied: u'/var/log/ipa/cli.log' > ef-idm01.production.efilm.com: 457200144-457300499 > ef-idm02.production.efilm.com: 457300502-457399999 > ef-idm03.production.efilm.com: No range set > grant@ef-idm03:~[20181206-8:36][#121]$ > > should I manually add a range?
You might want to look at the actual config to see if it is a tooling issue: $ ldapsearch -x -D 'cn=Directory Manager' -W -b "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" This is a per-master setting. rob > also, I had anticipated another column appearing in the consistency check. > > and the web interface comes up blank - the page never loads > > thanx > > - grant > > This e-mail and any attachments are intended only for use by the addressee(s) > named herein and may contain confidential information. If you are not the > intended recipient of this e-mail, you are hereby notified any dissemination, > distribution or copying of this email and any attachments is strictly > prohibited. If you receive this email in error, please immediately notify the > sender by return email and permanently delete the original, any copy and any > printout thereof. The integrity and security of e-mail cannot be guaranteed. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
