On 11/05/2013 03:58 PM, Rich Megginson wrote:
> On 11/05/2013 07:53 AM, Tamas Papp wrote:
>> On 11/05/2013 03:17 PM, Rich Megginson wrote:
>>> https://fedorahosted.org/389/ticket/47516
>>>
>>> This has been fixed upstream and in some releases - to allow
>>> replication to proceed despite excessive clock skew - what is your
>>> 389-ds-base version and platform?
>> What is the clock skewed? The date and time is the same on both
>> machines.
>
> VMs are notorious for having the clocks get out of sync - even
> temporarily.

What do you mean by this?
I definitely see the same time on the machines.
Also I can see in the log, that the replication is resumed. There is no
messages about the broken replication after the resume message.

>>
>> freeipa-admintools-3.3.2-1.fc19.x86_64
>> freeipa-client-3.3.2-1.fc19.x86_64
>> freeipa-python-3.3.2-1.fc19.x86_64
>> freeipa-server-3.3.2-1.fc19.x86_64
>> libipa_hbac-1.11.1-4.fc19.x86_64
>> libipa_hbac-python-1.11.1-4.fc19.x86_64
>> sssd-ipa-1.11.1-4.fc19.x86_64
>> 389-ds-base-libs-1.3.1.12-1.fc19.x86_64
>> 389-ds-base-1.3.1.12-1.fc19.x86_64
>>
>> Linux ipa31.bph.cxn 3.11.6-201.fc19.x86_64 #1 SMP Sat Nov 2 14:09:09 UTC
>> 2013 x86_64 x86_64 x86_64 GNU/Linux
>> Fedora 19.
>>
>>
>> How can I fix it?
>
> ldapmodify -x -D "cn=directory manager" -W <<EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-ignore-time-skew
> nsslapd-ignore-time-skew: on
> EOF
>
> Do this on all of your servers.

I tried this, but no joy. Still not good:/

What I really  don't understand, why I cannot login to ui (or to an
installed client machine) if the replication doesn't work.
Is it a normal behaviour?


Thanks,
tamas

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to