Am Titan via FreeIPA-users wrote:
I am shutting the servers because it's still a test environment
and i do require to shutdown from time to time.
I know such servers need to be always on, but i do believe that the sync should pickup
from where it stopped.
It will. Replication has a back-off mechanism which is probably what
you're running into. The max time is 10 minutes so it should come back
on its own.
You can also kick an agreement using ipa-replica-manage force-sync
without doing a full re-init.
ipa-replica-manage list -v ipa-server1.ipa.example.com
last init status: Error (0) Total update succeeded
last init ended: 2021-01-21 13:54:40+00:00
last update status: Error (0) Replica acquired successfully: Incremental update
last update ended: 2021-01-21 13:54:42+00:00
replica seems ok after i force a initialisation, but only for short time.
it will work after i execute the following:
ipa-replica-manage re-initialize --from ipa-server1.ipa.example.com
Another annoying symptom is that after a very short time of the installation (still no
shutdown , or anything) the webpage of the replica i am unable to login due to error:
"Your session has expired. Please log in again", and here nothing helps any
I'd suggest looking in /var/log/httpd/error_log for more details.
And be sure that time is kept in sync between the servers and clients.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, 21 January 2021 15:01, Rob Crittenden <rcritten(a)redhat.com> wrote:
> Am Titan via FreeIPA-users wrote:
>> Someone please?
>> Now I'm getting this on again new installed servers and I cannot move forward
without clearing that the serves are functioning correctly.
>> Another connection to replica issues:
>> [root@ipa-server1 ~]# ipa-replica-manage list -v ipa-server3.ipa.example.com
>> Failed to get data from 'ipa-server3.ipa.example.com': Insufficient
access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid
> You mention turning your servers off. What is the purpose of that?
> Also not that in your attempt to provide some reasoning for the commands
> you executed they were instead passed as options to those commands so
> the output is not what you expected:
> ipa topologysuffix-show # display all managed hosts and segments
> Suffix name: all
> ipa: ERROR: all: suffix not found
> I'd suggest running "ipa-replica-manage -v `hostname`" on each host to
> display the current replication status.
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines