[Freeipa-users] Configuring IPA replicas

Stephen Gallagher sgallagh at redhat.com
Mon Jun 13 16:55:37 UTC 2011 

On Mon, 2011-06-13 at 17:29 +0200, Sigbjorn Lie wrote:
> On 06/13/2011 04:41 PM, Ade Lee wrote:
> > Hi,
> >
> > The replica installation is failing when the replica attempts to contact
> > the CA on the master to log into the security domain.  According to your
> > log, this is https://ipa01.ix.test.com:9445
> >
> > Can the master be resolved and reached from the replica?  Can port 9445
> > be reached (as well as ports 9444 and 9443?)
> >
> > You can also check the master's /var/log/pki-ca/debug log to see if any
> > communication was received from the replica.
> >
> 
> There was an additional DNS A record added to the existing IPA server 
> hostname! This additional DNS A record pointed at the IP address of the 
> replica IPA server I'm attempting to configure! I removed this A record 
> and the replica installed successfully.
> 
> When I initially ran the ipa-replica-prepare command, I added the 
> "--ip-address" option to get the DNS records for this host created. (I 
> have a seperate dns domain for the IPA environment.) In this process 
> ipa-replica-prepare created an additional reverse zone on the server. 
> (The new ipa replica resides on a subnet which sits at a AD DNS server, 
> but it's still resolvable from the IPA dns servers).
> 
> After the replica finished I tried to run the ipa-replica-prepare 
> command again with a new hostname, and adding an IP address using 
> --ip-address on a subnet not known to the IPA DNS. The same error was 
> re-produced, the DNS A record was added to the master IPA server.
> 
> I would also like to note that I cannot see the second DNS entry using 
> the web gui, only using "ipa dnsrecord-find". Bug opened in bugzilla for 
> ipa-replica-prepare:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=712920
> 


This looks like it's probably related to 
https://fedorahosted.org/freeipa/ticket/1223



> 
> Rgds,
> Siggi
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110613/fb942cfa/attachment.sig>

More information about the Freeipa-users mailing list