A user reported difficulties setting up a new winsync agreement yesterday.
His first symptom was a GSSAPI failure requesting the krbtbg/ADREALM@IPAREALMnot found in Kerberos database
He then got the error "You cannot connect to a previously deleted master"
It was at this point we figured out he wasn't using --winsync.
But he did have a lot of other winsync-related options including the AD CA location. Since some options rely on others there should be a test to be sure all are set.
This will likely fall into the ipa-replica-manage refactor, but take into consideration the grouping of some options.
Big stretch for 4.2. Steps to test should be added.
There is not enough time left in 4.2 development to do this, we have to move it to next release.
The recommended way of integration with AD is IPA-AD trust. Also ipa-replica-manage is being slowly obsoleted by moving commands to API. IPA core team won't invest time here. Therefore closing as won't fix.
Patch is welcome though.
Metadata Update from @rcritten: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.