hi, The systems are uptodate F19 KVM guests.
I'm trying to login the web ui with no success: "Your session has expired. Please re-login. To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured <http://ipa31.bph.cxn/ipa/config/unauthorized.html> the browser correctly, then click Login. To login with username and password, enter them in the fields below then click Login." Then after a while something happens and it starts working. In logs: On the "primary" node: [05/Nov/2013:12:19:06 +0100] NSMMReplicationPlugin - agmt="cn=meToipa12.bpo.cxn" (ipa12:389): Replication bind with GSSAPI auth resumed On the "secondary" node: [05/Nov/2013:12:31:25 +0100] csngen_new_csn - Warning: too much time skew (-1658 secs). Current seqnum=3 [05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much time skew (-811 secs). Current seqnum=a [05/Nov/2013:12:45:33 +0100] csngen_new_csn - Warning: too much time skew (-812 secs). Current seqnum=1 [05/Nov/2013:12:45:35 +0100] csngen_new_csn - Warning: too much time skew (-811 secs). Current seqnum=1 [05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much time skew (-800 secs). Current seqnum=4 [05/Nov/2013:12:45:47 +0100] csngen_new_csn - Warning: too much time skew (-801 secs). Current seqnum=1 [05/Nov/2013:12:45:49 +0100] csngen_new_csn - Warning: too much time skew (-800 secs). Current seqnum=1 Date shows up the same system time on both machines: Tue Nov 5 12:59:29 CET 2013 I called as primary the machine that was installed initially and secondary is the one that was deployed by replication. Finally, I have some questions:) 1. How can this happen, what's the problem? Is it something about the design, I screwed up something, or maybe the virtualization layer..? How can I avoid it and if it happens, how can I fix it immediately? 2. What is the difference between 'primary' and 'secondary'. What does happen, if the primary machine gets destroyed? 4. How many "master" can I use? 5. If I have a network like this: A1______B1 A2 B2 A2 and B1,2 are replicated from A1 If the connection gets lost between A and B site, are B1 and 2 (and A1,2) replicated fine? 6. If a client is installed with ipa-client-install using A1 and A1 gets lost, does the client know, where it needs to connect (failover..)? 7. Can I install slave (read-only) replicas so clients access them only for queries and for changes (like pw change) they access master servers? Thanks, tamas
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
