that was easy - THANX Florence. My ghost replica still doesn’t show in ipa_check_consistency. Any ideas on that?
grant@radius01:~[20221118-3:56][#97]$ ipa server-state $HOSTNAME --state=enabled ipa: WARNING: Automatic update of DNS system records failed. Please re-run update of system records manually to get list of missing records. -------------------------------------------------------- Changed server state of "radius01.production.efilm.com<http://radius01.production.efilm.com>". -------------------------------------------------------- grant@radius01:~[20221118-3:57][#98]$ sudo ipa-pkinit-manage status PKINIT is disabled The ipa-pkinit-manage command was successful grant@radius01:~[20221118-3:58][#99]$ sudo ipa-pkinit-manage enable Configuring Kerberos KDC (krb5kdc) [1/1]: installing X509 Certificate for PKINIT Done configuring Kerberos KDC (krb5kdc). The ipa-pkinit-manage command was successful grant@radius01:~[20221118-3:58][#100]$ ipa server-state $HOSTNAME --state=hidden ipa: WARNING: Automatic update of DNS system records failed. Please re-run update of system records manually to get list of missing records. -------------------------------------------------------- Changed server state of "radius01.production.efilm.com<http://radius01.production.efilm.com>". -------------------------------------------------------- grant@radius01:~[20221118-3:59][#101]$ ipa_check_consistency -d PRODUCTION.EFILM.COM<http://PRODUCTION.EFILM.COM> -W ************** FreeIPA servers: ef-idm01 ef-idm02 ef-idm03 ef-idm04 STATE ========================================================================= Active Users 349 349 349 349 OK Stage Users 7 7 7 7 OK Preserved Users 5 5 5 5 OK User Groups 42 42 42 42 OK Hosts 423 423 423 423 OK Host Groups 23 23 23 23 OK HBAC Rules 9 9 9 9 OK SUDO Rules 35 35 35 35 OK DNS Zones ERROR ERROR ERROR ERROR OK LDAP Conflicts NO NO NO NO OK Ghost Replicas NO NO NO NO OK Anonymous BIND YES YES YES YES OK Replication Status ef-idm02 0 ef-idm03 0 ef-idm02 0 ef-idm01 0 ef-idm03 0 ef-idm01 0 ef-idm01 0 ef-idm04 0 radius01 0 ========================================================================= grant@radius01:~[20221118-4:05][#102]$ sudo ipa-pkinit-manage status [sudo] password for grant: PKINIT is enabled The ipa-pkinit-manage command was successful grant@radius01:~[20221118-4:06][#103]$ When I add the _ldap._tcp and _ldaps._tcp SRV records for the radius server, ipa_check_consistency shows the replication is good, but it still doesn’t appear as a Ghost. grant@radius01:~[20221118-4:47][#106]$ ipa_check_consistency -d PRODUCTION.EFILM.COM<http://PRODUCTION.EFILM.COM> -W ************** FreeIPA servers: ef-idm01 ef-idm02 ef-idm03 ef-idm04 radius01 STATE ===================================================================================== Active Users 349 349 349 349 349 OK Stage Users 7 7 7 7 7 OK Preserved Users 5 5 5 5 5 OK User Groups 42 42 42 42 42 OK Hosts 423 423 423 423 423 OK Host Groups 23 23 23 23 23 OK HBAC Rules 9 9 9 9 9 OK SUDO Rules 35 35 35 35 35 OK DNS Zones ERROR ERROR ERROR ERROR ERROR OK LDAP Conflicts NO NO NO NO NO OK Ghost Replicas NO NO NO NO NO OK Anonymous BIND YES YES YES YES YES OK Replication Status ef-idm02 0 ef-idm03 0 ef-idm02 0 ef-idm01 0 ef-idm01 0 ef-idm03 0 ef-idm01 0 ef-idm01 0 ef-idm04 0 radius01 0 ===================================================================================== grant@radius01:~[20221118-4:52][#107]$ thanx - grant
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue