[Freeipa-users] ipa-replica-install fails because of IPv6?

Jochen Demmer jochen at winteltosh.de
Wed Oct 26 14:42:16 UTC 2016 


Am 26.10.2016 um 16:27 schrieb Martin Basti:
>
>
>
> On 26.10.2016 16:10, Jochen Demmer wrote:
>> Hi,
>>
>> my answers also inline.
>>
>> Am 26.10.2016 um 15:38 schrieb Martin Basti:
>>>
>>> Hi, comments inline
>>>
>>>
>>> On 26.10.2016 14:28, Jochen Demmer wrote:
>>>> Hi,
>>>>
>>>> I've been running and using a single FreeIPA server successfully, i.e.:
>>>> Fedora 24
>>>> freeipa-server-4.3.2-2.fc24.x86_64
>>>> This server is only available via IPv6, because I can't get public
>>>> lPv4 addresses no more.
>>>>
>>>> Now I want to setup a FreeIPA replica at another site also running
>>>> IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64
>>>> First I run "ipa-client-install" which succeeds without an error.
>>>> When I invoke "ipa-replica-install" I get this error:
>>>> ipa         : ERROR    Could not resolve hostname
>>>> *hostname.mydoma.in* using DNS. Clients may not function properly.
>>>> Please check your DNS setup. (Note that this check queries IPA DNS
>>>> directly and ignores /etc/hosts.)
>>>> LOG:
>>>> 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in*
>>>> (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for
>>>> *hostname.mydoma.in*
>>>
>>> Can you check with dig or host command if the hostname is really
>>> resolvable on that machine? do you have proper resolver in
>>> /etc/resolv.conf?
>> There is a resolver given in /etc/resolv.conf. When I do "host
>> <<hostname.mydoma.in>>" I get the right IPv6 back.
> That is weird because IPA is doing basically the same.
>
>>>
>>>>
>>>> *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA
>>>> server, which actually resolves, but only to an IPv6 address of course.
>>>> I can continue the installation though by entering "yes".
>>>>
>>>> I then get asked:
>>>> Enter the IP address to use, or press Enter to finish.
>>>> Please provide the IP address to be used for this host name:
>>>>
>>>> When I enter the IPv6 address of the new replica host it doesn't
>>>> accept but infinitely asks this question instead.
>>>
>>> Have you pressed enter twice? It should end prompt and continue with
>>> installation
>> Enter without an IP -> No usable IP address provided nor resolved.
>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot
>> use IP network address 2a02:1:2:3::4 
>
> How do you have configured IP address on your interface? Does it have
> prefix /128?
Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server.
There is also another dynamic IP within the same prefix having /64. I
don't want to use this one of course, because its IID changes.

>
>>>
>>>>
>>>> Honestly, I can't see what I might have done wrong.
>>>> Old FreeIPA has hostname is in sync forward and reverse record.
>>>> New FreeIPA host as well has hostname that symmetrically resolves,
>>>> even though the hostname is using another second level domain.
>>>>
>>>> Any hints?
>>>> Jochen Demmer
>>>>
>>>>
>>>
>>> Martin
>> Jochen
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161026/5280c8a5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x54A5283E.asc
Type: application/pgp-keys
Size: 3108 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161026/5280c8a5/attachment.bin>

More information about the Freeipa-users mailing list