when I added another replica, all appeared to go smooth. But the new server did not receive a dnarange. I reviewed the man page and this indicated: "New IPA masters do not automatically get a DNA range assignment. A range assignment is done only when a user or POSIX group is added on that master.”
no problemo. I added a user on the new replica, this new user appears on all the servers when queried - but still my dna range shows “no range set” grant@ef-idm03:~[20181206-8:25][#118]$ ipa-replica-manage list ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission denied: u'/var/log/ipa/cli.log' ef-idm03.production.efilm.com: master ef-idm02.production.efilm.com: master ef-idm01.production.efilm.com: master grant@ef-idm03:~[20181206-8:28][#119]$ ipa_check_consistency -d PRODUCTION.EFILM.COM -W ******** FreeIPA servers: ef-idm01 ef-idm02 STATE ================================================= Active Users 126 126 OK Stage Users 7 7 OK Preserved Users 0 0 OK User Groups 22 22 OK Hosts 158 158 OK Host Groups 16 16 OK HBAC Rules 5 5 OK SUDO Rules 14 14 OK DNS Zones ERROR ERROR OK LDAP Conflicts NO NO OK Ghost Replicas NO NO OK Anonymous BIND YES YES OK Replication Status ef-idm02 0 ef-idm01 0 ef-idm03 0 ================================================= grant@ef-idm03:~[20181206-8:36][#120]$ ipa-replica-manage dnarange-show ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission denied: u'/var/log/ipa/cli.log' ef-idm01.production.efilm.com: 457200144-457300499 ef-idm02.production.efilm.com: 457300502-457399999 ef-idm03.production.efilm.com: No range set grant@ef-idm03:~[20181206-8:36][#121]$ should I manually add a range? also, I had anticipated another column appearing in the consistency check. and the web interface comes up blank - the page never loads thanx - grant This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org