Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem?
ipa-replica-install --setup-dns --setup-ca --mkhomedir
Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)
thankyou.
Hi,
On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem?
ipa-replica-install --setup-dns --setup-ca --mkhomedir
Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)
Please check the DNS requirements listed in this document:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
flo
thankyou.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
this command shows the ip address of both my main server and my replica server. dig +short *server.idm.example.com http://server.idm.example.com* A
dig +short -x *192.0.2.1 But this command only shows the name of my main free ipa server. On my replica server it returns blank and says nothing. Is this a bug and how can I fix it? *
*Obviously I installed the Replica server with the following command but I'm not sure if I did it correctly ? *
*ipa-replica-install --no-host-dns --setup-ca --setup-dns --no-forwarders --force-join --mkhomedir Now when I create a user on the main server, it appears on the replica server. It also appears as follows under Identity-services.DNS/idm.lab.labDNS/idm02.lab.labhttp/idm.lab.labhttp/idm02.lab.labdogtag/idm.lab.labdogtag/idm02.lab.labipa-dnskeysyncd/idm.lab.labipa-dnskeysyncd/idm02.lab.labldap/idm.lab.labldap/idm02.lab.lab*
*Ipaserver/ipaserver *
*idm.lab.lab*
*idm02.lab.lab*
*but the dnz zone looks like the following.*
* 22.40.10.in-addr.arpa. https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/22.40.10.in-addr.arpa. Enabledlab.lab. https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/tutel.lab. Is there anything missing? Do you think everything is right now? Is there anything I need to fix? Thanks for your help and your time. *
Florence Blanc-Renaud flo@redhat.com, 25 Eki 2023 Çar, 15:20 tarihinde şunu yazdı:
Hi,
On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem?
ipa-replica-install --setup-dns --setup-ca --mkhomedir
Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)
Please check the DNS requirements listed in this document:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
flo
thankyou.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
I disconnected the main server to do a test. The replica server comes up automatically but it is very slow. What could be the reason for this, what could I be missing?
Alper AYKUT alperaykut80@gmail.com, 25 Eki 2023 Çar, 15:33 tarihinde şunu yazdı:
this command shows the ip address of both my main server and my replica server. dig +short *server.idm.example.com http://server.idm.example.com* A
dig +short -x *192.0.2.1 But this command only shows the name of my main free ipa server. On my replica server it returns blank and says nothing. Is this a bug and how can I fix it? *
*Obviously I installed the Replica server with the following command but I'm not sure if I did it correctly ? *
*ipa-replica-install --no-host-dns --setup-ca --setup-dns --no-forwarders --force-join --mkhomedir Now when I create a user on the main server, it appears on the replica server. It also appears as follows under Identity-services.DNS/idm.lab.labDNS/idm02.lab.labhttp/idm.lab.labhttp/idm02.lab.labdogtag/idm.lab.labdogtag/idm02.lab.labipa-dnskeysyncd/idm.lab.labipa-dnskeysyncd/idm02.lab.labldap/idm.lab.labldap/idm02.lab.lab*
*Ipaserver/ipaserver *
*idm.lab.lab*
*idm02.lab.lab*
*but the dnz zone looks like the following.*
22.40.10.in-addr.arpa. https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/22.40.10.in-addr.arpa. Enabledlab.lab. https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/tutel.lab. Is there anything missing? Do you think everything is right now? Is there anything I need to fix? Thanks for your help and your time.
Florence Blanc-Renaud flo@redhat.com, 25 Eki 2023 Çar, 15:20 tarihinde şunu yazdı:
Hi,
On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem?
ipa-replica-install --setup-dns --setup-ca --mkhomedir
Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.)
Please check the DNS requirements listed in this document:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
flo
thankyou.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Alper AYKUT via FreeIPA-users wrote:
I disconnected the main server to do a test. The replica server comes up automatically but it is very slow. What could be the reason for this, what could I be missing?
What exactly does slow mean?
rob
Alper AYKUT <alperaykut80@gmail.com mailto:alperaykut80@gmail.com>, 25 Eki 2023 Çar, 15:33 tarihinde şunu yazdı:
this command shows the ip address of both my main server and my replica server. dig +short /server.idm.example.com <http://server.idm.example.com>/A dig +short -x /192.0.2.1 But this command only shows the name of my main free ipa server. On my replica server it returns blank and says nothing. Is this a bug and how can I fix it? / /Obviously I installed the Replica server with the following command but I'm not sure if I did it correctly ? / / ipa-replica-install --no-host-dns --setup-ca --setup-dns --no-forwarders --force-join --mkhomedir Now when I create a user on the main server, it appears on the replica server. It also appears as follows under Identity-services. DNS/idm.lab.lab DNS/idm02.lab.lab http/idm.lab.lab http/idm02.lab.lab dogtag/idm.lab.lab dogtag/idm02.lab.lab ipa-dnskeysyncd/idm.lab.lab ipa-dnskeysyncd/idm02.lab.lab ldap/idm.lab.lab ldap/idm02.lab.lab // / /Ipaserver/ipaserver / /idm.lab.lab/ /idm02.lab.lab/ /but the dnz zone looks like the following. / / 22.40.10.in-addr.arpa. <https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/22.40.10.in-addr.arpa.> Enabled lab.lab. <https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/tutel.lab.> Is there anything missing? Do you think everything is right now? Is there anything I need to fix? Thanks for your help and your time. / / / Florence Blanc-Renaud <flo@redhat.com <mailto:flo@redhat.com>>, 25 Eki 2023 Çar, 15:20 tarihinde şunu yazdı: Hi, On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users <freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem? * * ipa-replica-install --setup-dns --setup-ca --mkhomedir Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Please check the DNS requirements listed in this document: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#host-name-and-dns-requirements-for-ipa_preparing-the-system-for-ipa-server-installation flo thankyou. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
For example, when my idm.lab.lab main free ipa server is active, when I ssh from ipa clients, the username and password screen comes very quickly and I can log in. However, when I disconnect my idm.lab.lab main free ipa server for testing, my replica free ipa server idm02.lab.lab automatically activates, but when I ssh from ipa clients, after entering the username, the password screen takes about 15 seconds on average. there is an abnormal situation here. I wonder if my ipa clients are connecting to the nfs servers with autofs, could this be the reason? But there is no problem with my idm.lab.lab free ipa main server. I am having this problem only on the replica free ipa server.
Which parts should I check to solve this problem?
thankyou.
Rob Crittenden rcritten@redhat.com, 25 Eki 2023 Çar, 16:34 tarihinde şunu yazdı:
Alper AYKUT via FreeIPA-users wrote:
I disconnected the main server to do a test. The replica server comes up automatically but it is very slow. What could be the reason for this, what could I be missing?
What exactly does slow mean?
rob
Alper AYKUT <alperaykut80@gmail.com mailto:alperaykut80@gmail.com>, 25 Eki 2023 Çar, 15:33 tarihinde şunu yazdı:
this command shows the ip address of both my main server and my replica server. dig +short /server.idm.example.com <http://server.idm.example.com%3E/A
dig +short -x /192.0.2.1 But this command only shows the name of my main free ipa server. On my replica server it returns blank and says nothing. Is this a bug and how can I fix it? / /Obviously I installed the Replica server with the following command but I'm not sure if I did it correctly ? / / ipa-replica-install --no-host-dns --setup-ca --setup-dns--no-forwarders --force-join --mkhomedir
Now when I create a user on the main server, it appears on the replica server. It also appears as follows under Identity-services. DNS/idm.lab.lab DNS/idm02.lab.lab http/idm.lab.lab http/idm02.lab.lab dogtag/idm.lab.lab dogtag/idm02.lab.lab ipa-dnskeysyncd/idm.lab.lab ipa-dnskeysyncd/idm02.lab.lab ldap/idm.lab.lab ldap/idm02.lab.lab // / /Ipaserver/ipaserver / /idm.lab.lab/ /idm02.lab.lab/ /but the dnz zone looks like the following. / / 22.40.10.in-addr.arpa. <https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/22.40.10.in-addr.arpa.%3E
Enabled lab.lab. <https://idm.tutel.lab/ipa/ui/#/e/dnszone/records/tutel.lab.>
Is there anything missing? Do you think everything is right now? Is there anything I need to fix? Thanks for your help and your time. / / / Florence Blanc-Renaud <flo@redhat.com <mailto:flo@redhat.com>>, 25 Eki 2023 Çar, 15:20 tarihinde şunu yazdı: Hi, On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users <freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem? * * ipa-replica-install --setup-dns --setup-ca --mkhomedir Lookup failed: Preferred host idm02ntp.tutel.lab does not provide DNS. Reverse DNS resolution of address 101.45.58.172 (replica.lab.lab) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Please check the DNS requirements listed in this document:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
flo thankyou. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it:
freeipa-users@lists.fedorahosted.org
-
Alper AYKUT -
Florence Blanc-Renaud -
Rob Crittenden