On 10/15/2013 01:22 AM, Alexander Bokovoy wrote:
On Mon, 14 Oct 2013, janice.psyop wrote:

Hi,

I've been setting up an IPA server (centos 6.4) with AD trust (2008R2
domain) following the FC18 freeipa guide.
AD trusts is different from AD sync agreement.

What you describe below is use of passsync/winsync (AD sync), not AD
trusts. Just to make sure we are on the same level here.

Everything has gone smoothly until I ran the ipa-replica-manage connect
command to the AD DC and it seems to be running (no errors on std out and ps says it is still running), but it has been running for six hours! We do
have ~2000 user entries,  but I didn't think it would take this long to
sync up.

The command I ran was this (see below) and the screen now just displays
repeating "Update in progress".  I'm very tempted to kill it in case
something is going horribly wrong (with the AD user accounts...)

/usr/sbin/ipa-replica-manage connect --winsync
--passsync=MySecretPass
--binddn=CN=myipasyncuser,CN=Users,DC=domain,DC=com
--bindpw=MySecretPass
--cacert=/etc/openldap/cacerts/DC-CA.cer
-v dc.domain.com


Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress


Is there any way to check the progress of this in case it is in fact hung
up?  The last few entries in the ipa/default.log is from six hours ago:


2013-10-14T21:32:45Z    2706    MainThread      ipa     INFO Added new
sync agreement, waiting for it to become ready . . .
2013-10-14T21:32:46Z    2706    MainThread      ipa     INFO Replication
Update in progress: FALSE: status: 0 Replica acquired successfully:
Incremental update started: start: 0: end: 0
2013-10-14T21:32:46Z    2706    MainThread      ipa     INFO Agreement
is ready, starting replication . . .
Try to change some user data on AD side, it would trigger update of the
IPA side.

Take a look at the 389 errors log - /var/log/dirsrv/slapd-YOUR-DOMAIN/errors - anything in there? If not, then you can turn on replication/sync error logging http://port389.org/wiki/FAQ#Troubleshooting

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to