On 05/19/2015 09:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.

Servers running for 6 days no issues. No new accounts or changes
(maybe a few users changing passwords) and again, 5 out of 16 servers
are no longer in sync.

I can test it easily by adding an account and then waiting a few
minutes, then run "ipa  user-show --all username" on all the servers,
and only a few of them have the account.  I have now waited 15
minutes, still no luck.

Oh well.. I guess I will go look at alternatives. I had such high
hopes for this tool. Thanks so much everyone for all your help in
trying to get things stable, but for whatever reason, there is a
random loss of sync among the servers and obviously this is not

A new error:

[ipa03.example.com] reports: Update failed! Status: [49  - LDAP error:
Invalid credentials]

can you see the update on ipa03.example.com ?
It is looking like the replica agreement from this host is failing to
bind to a replica. This could explain why the replica do not receive the
update (disabled account, password/certificate expiration, ...)
Again logs/config would help.


maybe stupid question: Is time on all your replicas in sync? Usually when the time is not synced between KDC and client the ticket is rejected thus preventing login.

David Kupka

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to