On 11/15/2016 03:45 PM, Tamer Ataol wrote:
Hi,
I am trying to make ipa-client-install work on Ubuntu 14.04.5.
Everything works except it doesn't get ldap users from IPA Master. I dig
issue a little bit and found out that ipaclient-install.log under
/var/log/ directory uses wrong timestamp. Ubuntu's date is correct, it
is set to Istanbul time. But in the log file UTC is used. 3 hours behind
the servers time. I am thinking this issue is the cause of not getting
the ldap users from the FreeIPA Master. IPA client cannot synchronize
with the master because it uses UTC. I couldn't find any other issue.
What can make FreeIPA Client use a different time than the server's?
Java and Python gives Istanbul time in the server. So they are correct.
Also I restarted rsyslogd. Nothing changed.
Another thing I want to mention is that I installed Ubuntu form netboot
image and installed ubuntu-desktop, freeipa-client and ssh on top of
that. And Ubuntu is set to Turkish. Strangely when I install Ubuntu from
Live CD in English this issue never happens and FreeIPA Client works
perfectly. But I need to use netboot and Turkish as I need to install
many computers for Turkish users.
Thanks.
IIRC the IPA logs always have UTC timestamps because it makes debugging
issues across different timezones easier. Also the timestamp format used
in the logging module should not influence the client function.
If you suspect that timesync is an issue you need to compare the client
and server time directly, not based on logs. If your master has NTP
running and is configured as NTP server (that should be always the case
unless you gave '--no-ntp' option during master install), the client
will use it as a source of time.
I would inspect ipaclient-install logs for errors and also look into
https://fedorahosted.org/sssd/wiki/Troubleshooting because user lookup
on the client is mainly done by sssd unless configured otherwise.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
