Chris Welsh via FreeIPA-users wrote: > Hi Rob, > > I have run your tool and found it to report some issues. I wonder if you > could help me figure out what they are. Our problem is that we often have > staff who loose their groups and this has been happening for 3 years. > sss_cache -u username sometimes fixes it. Any advise greatly welcome. Note > that I have removed our send are master “vmpdr-linuxidm......” > > Really ken to solve this but no expert. > Centos 7.8 server and clients > ipa-server-4.6.6
The "Unexpected SRV entry in DNS" warnings mean that some servers are defined in the IPA domain with services that IPA provides but those servers aren't IPA servers. Similarly, "Expected SRV record missing", a SRV record is missing for an IPA service for one or more IPA servers. "expected ipa-ca IPAddr missing" means that the IPA server at 10.126.18.129 is not in the ipa-ca CNAME (and also caught with the count of ipa-ca records). The final errors are due to your installation still using domain level 0. You can ignore these if you don't want to or can't update domain levels. https://www.freeipa.org/page/Domain_Levels rob > > > [ > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_ntp._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "57735f69-6d98-4ae1-9f0a-dd848bbfa1f7", > "duration": "0.024868", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": > "_kerberos._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "3b789068-16ff-4684-bb5e-3add8a62b2b8", > "duration": "0.025853", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kerberos._tcp.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "bab58235-1a9b-48bc-9b4c-b0e75b91d619", > "duration": "0.027710", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kerberos._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "44a47316-ba13-4226-9625-2f29f369cdd4", > "duration": "0.027825", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": > "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "313a97f5-9f05-4465-a50f-27996c22c306", > "duration": "0.028995", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kerberos._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "d00274ff-12a9-465f-957e-392c4edd7e5a", > "duration": "0.030514", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kerberos-master._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "0e50f8e7-6321-429a-b84e-3a88922ec07b", > "duration": "0.031876", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kpasswd._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "011bf574-e7ea-4f5d-8bf6-f5ecdd722ecd", > "duration": "0.033430", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kpasswd._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "d00839d9-6e83-481d-9685-8eaca6caea14", > "duration": "0.034777", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": > "_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "8bff3eb5-521d-4029-b368-c1b4cd39047c", > "duration": "0.036379", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_ldap._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "2091880e-5777-4854-abb4-bc14c032b1af", > "duration": "0.037861", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": "_ldap._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "8f9862fa-45a0-4bdd-b561-93a6a15ac7f1", > "duration": "0.038836", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Unexpected SRV entry in DNS", > "key": "_kerberos-master._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au." > }, > "uuid": "cfd7b896-da90-4ac4-9b08-eccdbafeca30", > "duration": "0.040348", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": > "_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "3c38ad1e-96a5-41fd-a161-56dde9601896", > "duration": "0.041473", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "Expected SRV record missing", > "key": > "_kerberos._udp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au." > }, > "uuid": "fd6a163f-a338-4ff0-a2f2-9fb00064ab93", > "duration": "0.042447", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "msg": "expected ipa-ca IPAddr missing", > "key": "10.126.18.129" > }, > "uuid": "59581cec-e08f-4e67-aed1-697698d66e92", > "duration": "0.044304", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.idns", > "kw": { > "expected": 1, > "count": 2, > "msg": "Got {count} ipa-ca A records, expected {expected}" > }, > "uuid": "6852b70e-b366-44a3-bc1f-6bde42f79209", > "duration": "0.044392", > "when": "20200820104327Z", > "check": "IPADNSSystemRecordsCheck", > "result": "WARNING" > }, > { > "source": "ipahealthcheck.ipa.topology", > "kw": { > "msg": "topologysuffix-verify domain failed, Topology management requires > minimum domain level 1 " > }, > "uuid": "e5386d69-3028-4c71-8a93-87de8e954682", > "duration": "0.002170", > "when": "20200820104332Z", > "check": "IPATopologyDomainCheck", > "result": "ERROR" > }, > { > "source": "ipahealthcheck.ipa.topology", > "kw": { > "msg": "topologysuffix-verify domain failed, Topology management requires > minimum domain level 1 " > }, > "uuid": "c50ccc80-d031-4a52-a097-43b6b09c46c6", > "duration": "0.005159", > "when": "20200820104332Z", > "check": "IPATopologyDomainCheck", > "result": "ERROR" > } > ] > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
