New replica looks to be fully joined. I can add users, and I have verified by log examination that the new replica is actually the server adding the user.
I cannot detect any issues, BUT the 3rd replica does not appear as a column when I execute the ipa_check_consistency script. grant@ef-idm03:~[20181219-11:35][#103]$ ipa-replica-manage list ef-idm03.production.efilm.com: master ef-idm02.production.efilm.com: master ef-idm01.production.efilm.com: master grant@ef-idm03:~[20181219-11:35][#104]$ ipa_check_consistency -d PRODUCTION.EFILM.COM -W ******** FreeIPA servers: ef-idm01 ef-idm02 STATE ================================================= Active Users 129 129 OK Stage Users 7 7 OK Preserved Users 0 0 OK User Groups 22 22 OK Hosts 158 158 OK Host Groups 16 16 OK HBAC Rules 5 5 OK SUDO Rules 14 14 OK DNS Zones ERROR ERROR OK LDAP Conflicts NO NO OK Ghost Replicas NO NO OK Anonymous BIND YES YES OK Replication Status ef-idm02 0 ef-idm01 0 ef-idm03 0 ================================================= grant@ef-idm03:~[20181219-11:35][#105]$ ipa user_find | grep entries Number of entries returned 129 grant@ef-idm03:~[20181219-11:35][#106]$ ipa group_find | grep entries Number of entries returned 22 grant@ef-idm03:~[20181219-11:35][#107]$ ipa host_find | grep entries Number of entries returned 155 grant@ef-idm03:~[20181219-11:36][#108]$ ipa hostgroup_find | grep entries Number of entries returned 16 grant@ef-idm03:~[20181219-11:36][#109]$ ipa hbacrule-find | grep entries Number of entries returned 5 grant@ef-idm03:~[20181219-11:37][#110]$ ipa sudorule-find | grep entries Number of entries returned 14 grant@ef-idm03:~[20181219-11:37][#111]$ what does this indicate? thanx - grant This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org