We have been running FreeIPA 3.0 with a replica host for months now and
love it.  I discovered what I *believe* is an anomaly pertaining to the
sync'ing between the replica host and the server.  We have our maximum
failures set to three (3).  We also have each ipa-client configured to
point to the server then the replica in the /etc/sssd/sssd.conf file.  If I
open up a terminal window to the server and replica, and execute a "watch
-n 1 'ipa user-status test'" I can see the status of the user "test" on a
one second boundary.  Now, if I connect to the server and purposely fail
the password, I get a failure on both the server and replica.  If I try it
again and authenticate correctly, the failures clear to zero on the server
but the replica still displays the failures and does not clear.  There may
be more conditions where things do not sync across, but this is the first I
have discovered.  If I modify the attributes of a user or host on the
server, the modification reflects almost immediately on the replica.  Like
I stated, this is the first sync'ing issue I have discovered.

Thanks in advance,

Freeipa-users mailing list

Reply via email to