Check the firewall settings on all servers if all needed ports are open to all other IPA servers. I had similar problems with broken replication due to lost firewall configs. In any case I'd start with searching for errors in /var/log (dirsrv, krb5kdc.log, kadmind.log, pki, sssd, tomcat, httpd, messages...)
On Wed, 17 Jul 2019 00:35:09 -0000 Raul Gomez via FreeIPA-users <[email protected]> wrote: > Hello list, > > After much testing I've found that this issue is not related to the IPA > client machine, but to the IPA server the IPA client is using, and that's > because I can log in into some of my IPA Servers (via Web Panel), but not to > others, and that coincides with the server the clients can/can't login are > using. So it seems there is a synchronization problem between my 3 IPA > servers that I can't pinpoint yet. > > So far, any change that I apply to any user via the Web Panel o command line > is replicated to the other servers, but I've failed to see what parameter > could be set in the servers where I'm unable to login. > > I've tested with a user created with no locking policies at all, but this > user can only login successfully to some IPA servers too. > > Time is synchronized correctly between my three servers, ntpstat show that > time is correct within 75 ms as much, so it doesn't seem to be the issue here. > > Does this ring a bell to anyone? Any pointer in where to look further will be > much appreciated. > > Thanks in advance, regards... > > Raul > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
