FAILS on Microsoft ADTrust check. #66
Comments
|
Confirmed via GUI. Best as I can see both trusts are identical. Trust was created on ipa03 and replicated to ipa04 from there. |
|
these checks do not check for adtrust, but instead, check that IdM/IPA dns discovery entries are present. you might also like to give my fork of this script a try: https://github.com/schlitzered/checkipaconsistency it has two more checks, that can help identify problems with objects in the directory server itself. please also see #76 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behaviour
cipa returns success on all.
Actual behaviour
FAILS on Microsoft ADTrust check.
Steps to reproduce the behaviour
[root@ipa03 bin]# ./cipa -d abc.xyz.123 -W "SECRET"
+--------------------+------------+------------+-------+
| FreeIPA servers: | ipa04 | ipa03 | STATE |
+--------------------+------------+------------+-------+
| Active Users | 1 | 1 | OK |
| Stage Users | 0 | 0 | OK |
| Preserved Users | 0 | 0 | OK |
| Hosts | 2 | 2 | OK |
| Services | 11 | 11 | OK |
| User Groups | 10 | 10 | OK |
| Host Groups | 1 | 1 | OK |
| Netgroups | 0 | 0 | OK |
| HBAC Rules | 1 | 1 | OK |
| SUDO Rules | 0 | 0 | OK |
| DNS Zones | 3 | 3 | OK |
| Certificates | 17 | 17 | OK |
| LDAP Conflicts | 0 | 0 | OK |
| Ghost Replicas | 0 | 0 | OK |
| Anonymous BIND | ON | ON | OK |
| Microsoft ADTrust | False | True | FAIL |
| Replication Status | ipa03 0 | ipa04 0 | OK |
+--------------------+------------+------------+-------+
[root@ipa03 bin]#
Version of the project
Latest available from this GIT repo at the time of the writing:
[root@ipa03 bin]# pip show checkipaconsistency
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Name: checkipaconsistency
Version: 2.7.7
Summary: Tool to check consistency across FreeIPA servers
Home-page: https://github.com/peterpakos/checkipaconsistency
Author: Peter Pakos
Author-email: peter.pakos@wandisco.com
License: GPLv3
Location: /root/.local/lib/python2.7/site-packages
Requires: dnspython, pplogger, prettytable, python-ldap
Required-by:
[root@ipa03 bin]#
Version of the FreeIPA
ipa-server-4.6.4-10.el7.centos.2.x86_64
Version of the Operating System
[root@ipa03 bin]# cat /etc/release
CentOS Linux release 7.4.1708 (Core)
Derived from Red Hat Enterprise Linux 7.4 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.4.1708 (Core)
CentOS Linux release 7.4.1708 (Core)
cpe:/o:centos:centos:7
[root@ipa03 bin]# uname -a
Linux ipa03.abc.xyz.123 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@ipa03 bin]#
The text was updated successfully, but these errors were encountered: