when I added another replica, all appeared to go smooth. But the new server
did not receive a dnarange.
I reviewed the man page and this indicated:
"New IPA masters do not automatically get a DNA range assignment. A range
assignment is
done only when a user or POSIX group is added on that master.”
no problemo. I added a user on the new replica, this new user appears on all
the servers when queried - but still my dna range shows “no range set”
grant@ef-idm03:~[20181206-8:25][#118]$ ipa-replica-manage list
ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission
denied: u'/var/log/ipa/cli.log'
ef-idm03.production.efilm.com: master
ef-idm02.production.efilm.com: master
ef-idm01.production.efilm.com: master
grant@ef-idm03:~[20181206-8:28][#119]$ ipa_check_consistency -d
PRODUCTION.EFILM.COM -W ********
FreeIPA servers: ef-idm01 ef-idm02 STATE
=================================================
Active Users 126 126 OK
Stage Users 7 7 OK
Preserved Users 0 0 OK
User Groups 22 22 OK
Hosts 158 158 OK
Host Groups 16 16 OK
HBAC Rules 5 5 OK
SUDO Rules 14 14 OK
DNS Zones ERROR ERROR OK
LDAP Conflicts NO NO OK
Ghost Replicas NO NO OK
Anonymous BIND YES YES OK
Replication Status ef-idm02 0 ef-idm01 0
ef-idm03 0
=================================================
grant@ef-idm03:~[20181206-8:36][#120]$ ipa-replica-manage dnarange-show
ipa: ERROR: Cannot open log file u'/var/log/ipa/cli.log': [Errno 13] Permission
denied: u'/var/log/ipa/cli.log'
ef-idm01.production.efilm.com: 457200144-457300499
ef-idm02.production.efilm.com: 457300502-457399999
ef-idm03.production.efilm.com: No range set
grant@ef-idm03:~[20181206-8:36][#121]$
should I manually add a range?
also, I had anticipated another column appearing in the consistency check.
and the web interface comes up blank - the page never loads
thanx
- grant
This e-mail and any attachments are intended only for use by the addressee(s)
named herein and may contain confidential information. If you are not the
intended recipient of this e-mail, you are hereby notified any dissemination,
distribution or copying of this email and any attachments is strictly
prohibited. If you receive this email in error, please immediately notify the
sender by return email and permanently delete the original, any copy and any
printout thereof. The integrity and security of e-mail cannot be guaranteed.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
