[Freeipa-users] Replication problems with having more than one replica?

Petr Spacek pspacek at redhat.com
Mon Jun 25 11:02:41 UTC 2012


On 06/15/2012 12:12 AM, Steven Jones wrote:
> I have the forward zone (ods.vuw.ac.nz) setup in IPA but the reverse zone(s) is meant to be slaved back to the MS AD masters (vuw.ac.nz) and 10/8 and (130.195./16).
>
> What should the reverse/ PTR zone setup look like?  ie if I had a flat file aka bind and named.conf its straightforward I can just look at the file(s), and that a reverse zone file is created on the salve however I have no screenhots or anything to indicate if I have setup that reverse function correctly.  For instance there is nothing in /var/named/slaves, I have assumed that the slave data from the AD masters is actually held in the LDAP.....so how do I prove that?
AFAIK there is no special requirement.

Any host name for IPA server should translate to IP addresses. PTR records for 
those IP addresses should point back to A/AAAA records used during original 
name->IP translation. (PTR should point to A records, not CNAME records.)

Actually it doesn't matter where records are stored, as long as DNS 
translation via servers configured in /etc/resolv.conf is functional.


> Also I notice when I create a zone using the dns ui it creates a file called 0.3.70.10, but when I add a replica it creates another zone file 3.70.10 and populates it....which it shouldnt as the MS AD is the master.....yet I used --no-reverse in the replica command...
I'm not sure if I understood it correctly. Where are the files created? Can 
you post them to the list?

Petr^2 Spacek

>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Simo Sorce [simo at redhat.com]
> Sent: Thursday, 14 June 2012 11:50 p.m.
> To: Steven Jones
> Cc: Rob Crittenden; freeipa-users
> Subject: RE: [Freeipa-users] Replication problems with having more than one replica?
>
> On Thu, 2012-06-14 at 03:00 +0000, Steven Jones wrote:
>> Hi,
>>
>> 3 log sets from /var/log/dirsrv/slapd
>
> Looking at the first server's error log it looks like one of your
> replicas has a wrong PTR record and GSSAPI cannot therefore find the
> right ticket.
>
> Make sure your DNS is properly set up (or /etc/hosts entries) for all
> the servers.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users




More information about the Freeipa-users mailing list