Grant Janssen via FreeIPA-users wrote: > that was easy - THANX Florence. > > My ghost replica still doesn’t show in ipa_check_consistency. > Any ideas on that? > > grant@radius01:~[20221118-3:56][#97]$ ipa server-state $HOSTNAME > --state=enabled > ipa: WARNING: Automatic update of DNS system records failed. Please > re-run update of system records manually to get list of missing records. > -------------------------------------------------------- > Changed server state of "radius01.production.efilm.com > <http://radius01.production.efilm.com>". > -------------------------------------------------------- > grant@radius01:~[20221118-3:57][#98]$ sudo ipa-pkinit-manage status > PKINIT is disabled > The ipa-pkinit-manage command was successful > grant@radius01:~[20221118-3:58][#99]$ sudo ipa-pkinit-manage enable > Configuring Kerberos KDC (krb5kdc) > [1/1]: installing X509 Certificate for PKINIT > Done configuring Kerberos KDC (krb5kdc). > The ipa-pkinit-manage command was successful > grant@radius01:~[20221118-3:58][#100]$ ipa server-state $HOSTNAME > --state=hidden > ipa: WARNING: Automatic update of DNS system records failed. Please > re-run update of system records manually to get list of missing records. > -------------------------------------------------------- > Changed server state of "radius01.production.efilm.com > <http://radius01.production.efilm.com>". > -------------------------------------------------------- > grant@radius01:~[20221118-3:59][#101]$ ipa_check_consistency -d > PRODUCTION.EFILM.COM <http://PRODUCTION.EFILM.COM> -W ************** > FreeIPA servers: ef-idm01 ef-idm02 ef-idm03 ef-idm04 > STATE > ========================================================================= > Active Users 349 349 349 349 > OK > Stage Users 7 7 7 7 > OK > Preserved Users 5 5 5 5 > OK > User Groups 42 42 42 42 > OK > Hosts 423 423 423 423 > OK > Host Groups 23 23 23 23 > OK > HBAC Rules 9 9 9 9 > OK > SUDO Rules 35 35 35 35 > OK > DNS Zones ERROR ERROR ERROR ERROR > OK > LDAP Conflicts NO NO NO NO > OK > Ghost Replicas NO NO NO NO > OK > Anonymous BIND YES YES YES YES > OK > Replication Status ef-idm02 0 ef-idm03 0 ef-idm02 0 ef-idm01 0 > > ef-idm03 0 ef-idm01 0 ef-idm01 0 > > ef-idm04 0 > > radius01 0 > > ========================================================================= > grant@radius01:~[20221118-4:05][#102]$sudo ipa-pkinit-manage status > [sudo] password for grant: > PKINIT is enabled > The ipa-pkinit-manage command was successful > grant@radius01:~[20221118-4:06][#103]$ > > > When I add the _ldap._tcp and _ldaps._tcp SRV records for the radius > server, ipa_check_consistency shows the replication is good, but it > still doesn’t appear as a Ghost. > > grant@radius01:~[20221118-4:47][#106]$ipa_check_consistency -d > PRODUCTION.EFILM.COM <http://PRODUCTION.EFILM.COM> -W ************** > FreeIPA servers: ef-idm01 ef-idm02 ef-idm03 ef-idm04 > radius01 STATE > > ===================================================================================== > Active Users 349 349 349 349 > 349 OK > Stage Users 7 7 7 7 > 7 OK > Preserved Users 5 5 5 5 > 5 OK > User Groups 42 42 42 42 > 42 OK > Hosts 423 423 423 423 > 423 OK > Host Groups 23 23 23 23 > 23 OK > HBAC Rules 9 9 9 9 > 9 OK > SUDO Rules 35 35 35 35 > 35 OK > DNS Zones ERROR ERROR ERROR ERROR > ERROR OK > LDAP Conflicts NO NO NO NO > NO OK > Ghost Replicas NO NO NO NO > NO OK > Anonymous BIND YES YES YES YES > YES OK > Replication Status ef-idm02 0 ef-idm03 0 ef-idm02 0 ef-idm01 0 > ef-idm01 0 > ef-idm03 0 ef-idm01 0 ef-idm01 0 > > ef-idm04 0 > > radius01 0 > > > ===================================================================================== > grant@radius01:~[20221118-4:52][#107]$
We don't support the ipa_check_consistency script but in glancing at the code ghost != hidden. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
