Am Titan via FreeIPA-users wrote: > I am shutting the servers because it's still a test environment and i do > require to shutdown from time to time. > I know such servers need to be always on, but i do believe that the sync > should pickup from where it stopped.
It will. Replication has a back-off mechanism which is probably what you're running into. The max time is 10 minutes so it should come back on its own. You can also kick an agreement using ipa-replica-manage force-sync without doing a full re-init. > > ipa-replica-manage list -v ipa-server1.ipa.example.com > ipa-server3.ipa.example.com: replica > last init status: Error (0) Total update succeeded > last init ended: 2021-01-21 13:54:40+00:00 > last update status: Error (0) Replica acquired successfully: Incremental > update succeeded > last update ended: 2021-01-21 13:54:42+00:00 > > replica seems ok after i force a initialisation, but only for short time. > > it will work after i execute the following: > ipa-replica-manage re-initialize --from ipa-server1.ipa.example.com > > Another annoying symptom is that after a very short time of the installation > (still no shutdown , or anything) the webpage of the replica i am unable to > login due to error: > "Your session has expired. Please log in again", and here nothing helps any > more. I'd suggest looking in /var/log/httpd/error_log for more details. And be sure that time is kept in sync between the servers and clients. rob > > Thx > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Thursday, 21 January 2021 15:01, Rob Crittenden <[email protected]> > wrote: > >> Am Titan via FreeIPA-users wrote: >> >>> Someone please? >>> Now I'm getting this on again new installed servers and I cannot move >>> forward without clearing that the serves are functioning correctly. >>> Another connection to replica issues: >>> [root@ipa-server1 ~]# ipa-replica-manage list -v ipa-server3.ipa.example.com >>> Failed to get data from 'ipa-server3.ipa.example.com': Insufficient access: >>> SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context >>> Invalid credentials >> >> You mention turning your servers off. What is the purpose of that? >> >> Also not that in your attempt to provide some reasoning for the commands >> you executed they were instead passed as options to those commands so >> the output is not what you expected: >> >> e.g. >> >> ipa topologysuffix-show # display all managed hosts and segments >> >> ================================================================= >> >> Suffix name: all >> ipa: ERROR: all: suffix not found >> >> I'd suggest running "ipa-replica-manage -v `hostname`" on each host to >> display the current replication status. >> >> rob > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
