On 11/05/2013 03:58 PM, Rich Megginson wrote: > On 11/05/2013 07:53 AM, Tamas Papp wrote: >> On 11/05/2013 03:17 PM, Rich Megginson wrote: >>> https://fedorahosted.org/389/ticket/47516 >>> >>> This has been fixed upstream and in some releases - to allow >>> replication to proceed despite excessive clock skew - what is your >>> 389-ds-base version and platform? >> What is the clock skewed? The date and time is the same on both >> machines. > > VMs are notorious for having the clocks get out of sync - even > temporarily.
What do you mean by this? I definitely see the same time on the machines. Also I can see in the log, that the replication is resumed. There is no messages about the broken replication after the resume message. >> >> freeipa-admintools-3.3.2-1.fc19.x86_64 >> freeipa-client-3.3.2-1.fc19.x86_64 >> freeipa-python-3.3.2-1.fc19.x86_64 >> freeipa-server-3.3.2-1.fc19.x86_64 >> libipa_hbac-1.11.1-4.fc19.x86_64 >> libipa_hbac-python-1.11.1-4.fc19.x86_64 >> sssd-ipa-1.11.1-4.fc19.x86_64 >> 389-ds-base-libs-1.3.1.12-1.fc19.x86_64 >> 389-ds-base-1.3.1.12-1.fc19.x86_64 >> >> Linux ipa31.bph.cxn 3.11.6-201.fc19.x86_64 #1 SMP Sat Nov 2 14:09:09 UTC >> 2013 x86_64 x86_64 x86_64 GNU/Linux >> Fedora 19. >> >> >> How can I fix it? > > ldapmodify -x -D "cn=directory manager" -W <<EOF > dn: cn=config > changetype: modify > replace: nsslapd-ignore-time-skew > nsslapd-ignore-time-skew: on > EOF > > Do this on all of your servers. I tried this, but no joy. Still not good:/ What I really don't understand, why I cannot login to ui (or to an installed client machine) if the replication doesn't work. Is it a normal behaviour? Thanks, tamas _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
