I am deploying the freeIPA demo follwing below link.
https://www.freeipa.org/page/Demo
[root@localhost ~]# ping www.google.com PING www.google.com (142.250.196.68) 56(84) bytes of data. 64 bytes from maa03s46-in-f4.1e100.net (142.250.196.68): icmp_seq=1 ttl=128 time=347 ms 64 bytes from maa03s46-in-f4.1e100.net (142.250.196.68): icmp_seq=2 ttl=128 time=348 ms ^C --- www.google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 346.995/347.316/347.637/0.321 ms [root@localhost ~]#
[root@localhost ~]# ipa-client-install --domain demo1.freeipa.org -p admin -w Secret123 This program will set up IPA client. Version 4.9.13
Skip ipa.demo1.freeipa.org: LDAP server is not responding, unable to verify if this is an IPA server Skip ipa.demo1.freeipa.org: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
[root@server ~]# ipa-client-install --domain demo1.freeipa.org -p admin -w Secret123 This program will set up IPA client. Version 4.9.13
Skip ipa.demo1.freeipa.org: LDAP server is not responding, unable to verify if this is an IPA server
[root@server ~]# hostnamectl Static hostname: server.ipa.test Icon name: computer-vm Chassis: vm Machine ID: f1091fe035104fbbb26c2b8e9a13c864 Boot ID: 45f167f3cb154b36a00cf123b99669bb Virtualization: vmware Operating System: Red Hat Enterprise Linux 8.9 (Ootpa) CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos Kernel: Linux 4.18.0-513.5.1.el8_9.x86_64 Architecture: x86-64 [root@server ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.88.129 server.ipa.test server [root@server ~]#
On Аўт, 09 ліп 2024, veck zuo via FreeIPA-users wrote:
I am deploying the freeIPA demo follwing below link.
https://www.freeipa.org/page/Demo
[root@localhost ~]# ping www.google.com PING www.google.com (142.250.196.68) 56(84) bytes of data. 64 bytes from maa03s46-in-f4.1e100.net (142.250.196.68): icmp_seq=1 ttl=128 time=347 ms 64 bytes from maa03s46-in-f4.1e100.net (142.250.196.68): icmp_seq=2 ttl=128 time=348 ms ^C --- www.google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 346.995/347.316/347.637/0.321 ms [root@localhost ~]#
[root@localhost ~]# ipa-client-install --domain demo1.freeipa.org -p admin -w Secret123 This program will set up IPA client. Version 4.9.13
Skip ipa.demo1.freeipa.org: LDAP server is not responding, unable to verify if this is an IPA server Skip ipa.demo1.freeipa.org: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This really looks like your network is filtering out access to LDAP ports on ipa.demo1.freeipa.org.
$ nmap ipa.demo1.freeipa.org Starting Nmap 7.95 ( https://nmap.org ) at 2024-07-09 15:01 EEST Nmap scan report for ipa.demo1.freeipa.org (52.57.162.88) Host is up (0.030s latency). Not shown: 991 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 389/tcp open ldap 443/tcp open https 464/tcp open kpasswd5 636/tcp open ldapssl 9090/tcp closed zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 4.98 seconds
and I have no problem reaching it:
$ ldapsearch -x -H ldap://ipa.demo1.freeipa.org -b '' -s base # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# dn: objectClass: top namingContexts: dc=demo1,dc=freeipa,dc=org namingContexts: cn=changelog namingContexts: o=ipaca defaultnamingcontext: dc=demo1,dc=freeipa,dc=org ....
thanks @Alex => It looks like my networking issue.
[root@server ~]# nmap ipa.demo1.freeipa.org Starting Nmap 7.92 ( https://nmap.org ) at 2024-07-10 06:58 GMT Nmap scan report for ipa.demo1.freeipa.org (52.57.162.88) Host is up (0.090s latency). rDNS record for 52.57.162.88: ec2-52-57-162-88.eu-central-1.compute.amazonaws.com Not shown: 992 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 88/tcp open kerberos-sec 389/tcp open ldap 443/tcp open https 464/tcp open kpasswd5 636/tcp open ldapssl 9090/tcp closed zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 43.04 seconds [root@server ~]#
[root@server ~]# ldapsearch -x -H ldap://ipa.demo1.freeipa.org -b '' -s base ldap_result: Can't contact LDAP server (-1) [root@server ~]#
2) If I disconnect my VPN , it looks like working fine. I am curious about how to configure the DNS record for my IPA client.
=> https://www.freeipa.org/page/Demo , step3 [root@mytestclient ~]# host mytestclient.demo1.freeipa.org Host mytestclient.demo1.freeipa.org not found: 3(NXDOMAIN) [root@mytestclient ~]#
freeipa-users@lists.fedorahosted.org