subject:"\[Freeipa\-users\] Re\: new replica does not post properly in ipa_check

[Freeipa-users] Re: new replica does not post properly in ipa_check_consistency

2018-12-20 Thread Grant Janssen via FreeIPA-users

I never thought to dissect the ipa_check_consistency script.
I wasn’t going to add the SRV record until everything tested perfectly - didn’t 
want authorizations going
to server that wasn’t functioning.

added the SRV record.  now THAT was an easy fix.

grant@ef-idm03:~[20181219-11:37][#111]$ ipa_check_consistency -d 
PRODUCTION.EFILM.COM -W 
FreeIPA servers:ef-idm01ef-idm02ef-idm03STATE
=
Active Users129 129 129 OK
Stage Users 7   7   7   OK
Preserved Users 0   0   0   OK
User Groups 22  22  22  OK
Hosts   158 158 158 OK
Host Groups 16  16  16  OK
HBAC Rules  5   5   5   OK
SUDO Rules  14  14  14  OK
DNS Zones   ERROR   ERROR   ERROR   OK
LDAP Conflicts  NO  NO  NO  OK
Ghost Replicas  NO  NO  NO  OK
Anonymous BIND  YES YES YES OK
Replication Status  ef-idm02 0  ef-idm01 0  ef-idm01 0
ef-idm03 0
=
grant@ef-idm03:~[20181220-5:42][#112]$

thanx
& merry christmas

- grant


This e-mail and any attachments are intended only for use by the addressee(s) 
named herein and may contain confidential information. If you are not the 
intended recipient of this e-mail, you are hereby notified any dissemination, 
distribution or copying of this email and any attachments is strictly 
prohibited. If you receive this email in error, please immediately notify the 
sender by return email and permanently delete the original, any copy and any 
printout thereof. The integrity and security of e-mail cannot be guaranteed.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: new replica does not post properly in ipa_check_consistency

2018-12-20 Thread Florence Blanc-Renaud via FreeIPA-users


On 12/19/18 8:39 PM, Grant Janssen via FreeIPA-users wrote:

   New replica looks to be fully joined.  I can add users, and I have verified 
by log examination
that the new replica is actually the server adding the user.

   I cannot detect any issues, BUT the 3rd replica does not appear as a column 
when I execute the
ipa_check_consistency script.

grant@ef-idm03:~[20181219-11:35][#103]$ ipa-replica-manage list
ef-idm03.production.efilm.com: master
ef-idm02.production.efilm.com: master
ef-idm01.production.efilm.com: master
grant@ef-idm03:~[20181219-11:35][#104]$ ipa_check_consistency -d 
PRODUCTION.EFILM.COM -W 
FreeIPA servers:ef-idm01ef-idm02STATE
=
Active Users129 129 OK
Stage Users 7   7   OK
Preserved Users 0   0   OK
User Groups 22  22  OK
Hosts   158 158 OK
Host Groups 16  16  OK
HBAC Rules  5   5   OK
SUDO Rules  14  14  OK
DNS Zones   ERROR   ERROR   OK
LDAP Conflicts  NO  NO  OK
Ghost Replicas  NO  NO  OK
Anonymous BIND  YES YES OK
Replication Status  ef-idm02 0  ef-idm01 0
 ef-idm03 0
=
grant@ef-idm03:~[20181219-11:35][#105]$ ipa user_find | grep entries
Number of entries returned 129
grant@ef-idm03:~[20181219-11:35][#106]$ ipa group_find | grep entries
Number of entries returned 22
grant@ef-idm03:~[20181219-11:35][#107]$ ipa host_find | grep entries
Number of entries returned 155
grant@ef-idm03:~[20181219-11:36][#108]$ ipa hostgroup_find | grep entries
Number of entries returned 16
grant@ef-idm03:~[20181219-11:36][#109]$ ipa hbacrule-find | grep entries
Number of entries returned 5
grant@ef-idm03:~[20181219-11:37][#110]$ ipa sudorule-find | grep entries
Number of entries returned 14
grant@ef-idm03:~[20181219-11:37][#111]$

what does this indicate?

Hi,
(disclaimer: I am not familiar with ipa-check-consistency)
I had a quick look at the code for ipa_check_consistency. If the list of 
servers is not provided in the command line, they are found in the DNS 
with the records for _ldap._tcp of the domain.

Can you check the output of
# dig +short -t SRV _ldap._tcp.$domain.

flo


thanx

- grant

This e-mail and any attachments are intended only for use by the addressee(s) 
named herein and may contain confidential information. If you are not the 
intended recipient of this e-mail, you are hereby notified any dissemination, 
distribution or copying of this email and any attachments is strictly 
prohibited. If you receive this email in error, please immediately notify the 
sender by return email and permanently delete the original, any copy and any 
printout thereof. The integrity and security of e-mail cannot be guaranteed.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: new replica does not post properly in ipa_check_consistency

[Freeipa-users] Re: new replica does not post properly in ipa_check_consistency

2 matches

Site Navigation

Mail list logo

Footer information