Hello
We installed our IPA servers back in EL7.2 days and deployed with a single level domain
and matching (uppercased) realm. Through various upgrades we are now at EL7.9 and are
aware that the ipa-client-install command has become finickity about single level domains
however thus far we have been able to continue joining EL7 clients.
I've setup my test environment similarly and have been unsuccessful in trying to
upgrade (join new and replace old) these EL7 Freeipa servers to EL8, the
ipa-client-install on EL8 skips the single level domain so I'm a bit stuck.
Is there a way around this in EL8?
EL7 ipa server (ipatest1):
ipa-server-4.6.8-5.0.1.el7_9.10.x86_64
EL8 (ipatest2):
ipa-server-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.x86_64
[root@ipatest2 ~]# ipa-replica-install --setup-ca --ip-address 192.168.180.141
--password=Password1234 --principal=admin --setup-dns --forwarder=192.168.180.100
Configuring client side components
This program will set up IPA client.
Version 4.9.6
Unable to discover domain, not provided on command line
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more
information
Removing client side components
IPA client is not configured on this system.
The ipa-client-install command failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Configuration of client side components failed!
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more
information
[root@ipatest2 ~]# less /var/log/ipaclient-install.log
<-- snip
2022-05-03T08:53:10Z DEBUG [IPA Discovery]
2022-05-03T08:53:10Z DEBUG Starting IPA discovery with domain=None, servers=None,
hostname=ipatest2.int.test
2022-05-03T08:53:10Z DEBUG Start searching for LDAP SRV record in "int.test"
(domain of the hostname) and its sub-d
omains
2022-05-03T08:53:10Z DEBUG Search DNS for SRV record of _ldap._tcp.int.test
2022-05-03T08:53:10Z DEBUG DNS record not found: NXDOMAIN
2022-05-03T08:53:10Z DEBUG Search DNS for SRV record of _ldap._tcp.test
2022-05-03T08:53:10Z DEBUG DNS record found: 0 100 389 ipatest1.int.test.
2022-05-03T08:53:10Z DEBUG [Kerberos realm search]
2022-05-03T08:53:10Z DEBUG Search DNS for TXT record of _kerberos.test
2022-05-03T08:53:10Z DEBUG DNS record found: "TEST"
2022-05-03T08:53:10Z DEBUG Skipping invalid realm 'TEST' (single label realms are
not supported)
2022-05-03T08:53:10Z DEBUG Search DNS for SRV record of _kerberos._udp.test
2022-05-03T08:53:10Z DEBUG DNS record found: 0 100 88 ipatest1.int.test.
2022-05-03T08:53:10Z DEBUG [LDAP server check]
2022-05-03T08:53:10Z DEBUG Verifying that ipatest1.int.test (realm None) is an IPA
server
2022-05-03T08:53:10Z DEBUG Init LDAP connection to: ldap://ipatest1.int.test:389
2022-05-03T08:53:10Z DEBUG Search LDAP server for IPA base DN
2022-05-03T08:53:10Z DEBUG Check if naming context 'dc=test' is for IPA
2022-05-03T08:53:10Z DEBUG Naming context 'dc=test' is a valid IPA context
2022-05-03T08:53:10Z DEBUG Search for (objectClass=krbRealmContainer) in dc=test (sub)
2022-05-03T08:53:10Z DEBUG Found: cn=TEST,cn=kerberos,dc=test
2022-05-03T08:53:10Z DEBUG Skipping invalid realm 'TEST' (single label realms are
not supported)
2022-05-03T08:53:10Z DEBUG Discovery result: NOT_IPA_SERVER; server=None, domain=test,
kdc=ipatest1.int.test, bas
edn=dc=test
2022-05-03T08:53:10Z DEBUG Validated servers:
2022-05-03T08:53:10Z DEBUG No IPA server found
<-- snip
Thanks
Angus
Show replies by date