I have recently added a replica to my existing setup. Everything seems to work
except for 2 issues that I have noted:
#1 IPA health check generates a warning from the replica only (master is ok)
similar to this:
{
"source": "ipahealthcheck.ipa.trust",
"check": "IPATrustCatalogCheck",
"result": "WARNING",
"uuid": "my_uuid",
"when": "20191121135331Z",
"duration": "2.128808",
"kw": {
"key": "my_key",
"error": "returned nothing",
"msg": "Look up of {key} {error}"
}
},
#2 id some_user
returns:
id: 'some_user': no such user
I have also noted that:
ipa trust-fetch-domains "gsil.smil"
return an error - Fetching domains from trusted forest failed
ipa trustdomain-find is able to find the domain
ipa idrange-find returns the same set of results for both the master and the
replica
ipa-replica-manage dnarange-show
shows that the dna ranges are not overlapping (my understanding is this is a
good thing)
My environment:
Rocky 8.7
FreeIPA 4.9.10
Master: gsil-ipa01
Replica: gsil-ipa02
Both master and replica are configured with server roles: AD trust agent, AD
trust controller, CA server, DNS server, KRA server.
Are issues #1 and #2 related? ie- fix one and the other will work as expected?
I am still reviewing possible solutions for why ldap lookup using the id
command is not working. But maybe it will never work unless I fix the
healthcheck issue...
Your input is greatly appreciated!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
