On 05/19/2015 09:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.

Servers running for 6 days no issues. No new accounts or changes
(maybe a few users changing passwords) and again, 5 out of 16 servers
are no longer in sync.

I can test it easily by adding an account and then waiting a few
minutes, then run "ipa  user-show --all username" on all the servers,
and only a few of them have the account.  I have now waited 15
minutes, still no luck.

Oh well.. I guess I will go look at alternatives. I had such high
hopes for this tool. Thanks so much everyone for all your help in
trying to get things stable, but for whatever reason, there is a
random loss of sync among the servers and obviously this is not
acceptable.

regards
~J
A new error:

[ipa03.example.com] reports: Update failed! Status: [49  - LDAP error:
Invalid credentials]


can you see the update on ipa03.example.com ?
It is looking like the replica agreement from this host is failing to
bind to a replica. This could explain why the replica do not receive the
update (disabled account, password/certificate expiration, ...)
Again logs/config would help.

thierry




Hello,
maybe stupid question: Is time on all your replicas in sync? Usually when the time is not synced between KDC and client the ticket is rejected thus preventing login.

--
David Kupka

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to