On 06/08/2015 10:18 AM, nat...@nathanpeters.com wrote:
Is it possible this is an old winsync agreement that is no longer
valid?
I have only ever made a single winsync agreement on this server that I
know of.  How would I tell if an agreement is no longer valid?


ldapsearch -xLLL -D "cn=directory manager" -W -b cn=config
objectclass=nsDSWindowsReplicationAgreement


The output of that command seems to indicate that the replication
agreement is valid and active?

[root@dc1 sbin]# ldapsearch -xLLL -D "cn=directory manager" -W -b
cn=config objectclass=nsDSWindowsReplicationAgreement
Enter LDAP Password:
dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
  \2Cdc\3Dnet,cn=mapping tree,cn=config
nsds7WindowsReplicaSubtree: OU=Staff,DC=office,DC=addomain,DC=net
nsds7DirectoryReplicaSubtree: cn=users,cn=accounts,dc=ipadomain,dc=net
cn: meToofficedc2.office.addomain.net
nsds7NewWinGroupSyncEnabled: false
objectClass: nsDSWindowsReplicationAgreement
objectClass: top
nsDS5ReplicaTransportInfo: TLS
description: me to officedc2.office.addomain.net
nsDS5ReplicaRoot: dc=ipadomain,dc=net
nsDS5ReplicaHost: officedc2.office.addomain.net
nsds5replicaTimeout: 120
nsDS5ReplicaBindDN: cn=freeipa syncuser,ou=Service
Account,dc=office,dc=addomain,dc=net
nsds7NewWinUserSyncEnabled: true
nsDS5ReplicaPort: 389
nsds7WindowsDomain: ipadomain.net
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
idnssoaserial
   entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicaBindMethod: simple
nsDS5ReplicaCredentials:
{AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
  RERBNEJDUmtOelUzTTJJNVlpMDBaV1EyTTJRMQ0KWXkwNU0yTm1aV05sTVMxbU5qRXpaak5oTlFBQ
  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQlo1VnlCSTY1Yzl5cl
  Z0cWlCc0hDdQ==}ReODwX5Q7vLGjmdGX57pmrLWKFF61dPc5SzPhk3RnIM=
nsds7DirsyncCookie::
TVNEUwMAAACTPfpcG5fQAQAAAAAAAAAAYAEAAKU8nAAAAAAAAAAAAAAAA
  AClPJwAAAAAAMUjuImqVZhBkOkdt24C0IsBAAAAAAAAAA4AAAAAAAAAY4GwFkVcvEmMMExrVon4d6
  13PwAAAAAADGzFNzznrESIxHzA74fbs0lWIQAAAAAAOnFoO5OE2E27lR/g4EcjQTLbIwAAAAAAuEm
  PWjYok0qGS0HM/+TDmK7FgAMAAAAA6PTFXvAdnkaJSIkZT1lS+4cAIQAAAAAA4qTQaC46/Ua4KXgP
  /ixNcerDRgAAAAAAWowbgYD1akibZ+sCul5C4dgsKwAAAAAAxSO4iapVmEGQ6R23bgLQi6U8nAAAA
  AAAogC6jFcyFUmhBp4B7FkaBWPPjAEAAAAAyhKMxsP0uUKGEnG2lsyA8eTUwgYAAAAA4n8Xx1bAlU
  mBUl3zhlZ9WBngDAAAAAAA71vM2ebFEkCJkBaLjB4CGU+4CQMAAAAAGfO+4ndZCkaVKnwZNlNsf90
  NDAAAAAAAgD6n+M2bcUGkOwo5gPLx7IOjAwAAAAAA
oneWaySync: fromWindows
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20150608161149Z
nsds5replicaLastUpdateEnd: 20150608161149Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental
upd
  ate started

This looks like incremental update is successful . . .

nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0

. . . but this indicates that the sync agreement has never been initialized, which would also correspond to the errors below. I'm really puzzled as to how sync could possibly work if it has never been initialized. And I'm also not sure how you could have created the sync agreement using the IPA command line tools without initializing the agreement. AFAIK, the only way to get rid of the errors is to reinitialize http://linux.die.net/man/1/ipa-replica-manage



However, my logs are still full of the following entry:

[08/Jun/2015:15:50:15 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:18 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:21 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:24 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:27 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:30 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:33 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:37 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:40 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.
[08/Jun/2015:15:50:43 +0000] NSMMReplicationPlugin - windows sync -
agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
no update vector. It has never been initialized.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to