Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
On 27.10.2016 10:33, Jochen Demmer wrote: Am 27.10.2016 um 10:02 schrieb Jochen Demmer: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error: [27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service failed because the control process exited with error code. See "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart dirsrv@MY-REALM.service" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ Could you please check /var/log/dirsrv/slapd-*/errors there might be more details. Did you reused an old IPA server for this installation? Martin This is what the logfile says: https://paste.fedoraproject.org/461685/raw/ I tried to install this server as a replica a couple of times, but I even reinstalled all of the software and I keep using ipa-client-install --uninstall and ipa-server-install --uninstall It looks like you encountered that problem yourself nearly a year ago: https://fedorahosted.org/freeipa/ticket/5561 IPA hasn't been released with this bug, it was in development version only. Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
Am 27.10.2016 um 10:02 schrieb Jochen Demmer: > > > Am 26.10.2016 um 17:31 schrieb Martin Basti: >> >> >> >> On 26.10.2016 17:25, Jochen Demmer wrote: >>> >>> >>> Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: > > > Am 26.10.2016 um 16:27 schrieb Martin Basti: >> >> >> >> On 26.10.2016 16:10, Jochen Demmer wrote: >>> Hi, >>> >>> my answers also inline. >>> >>> Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: > Hi, > > I've been running and using a single FreeIPA server > successfully, i.e.: > Fedora 24 > freeipa-server-4.3.2-2.fc24.x86_64 > This server is only available via IPv6, because I can't get > public lPv4 addresses no more. > > Now I want to setup a FreeIPA replica at another site also > running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 > First I run "ipa-client-install" which succeeds without an error. > When I invoke "ipa-replica-install" I get this error: > ipa : ERRORCould not resolve hostname > *hostname.mydoma.in* using DNS. Clients may not function > properly. Please check your DNS setup. (Note that this check > queries IPA DNS directly and ignores /etc/hosts.) > LOG: > 2016-10-26T12:14:39Z DEBUG Search DNS server > *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', > '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? >>> There is a resolver given in /etc/resolv.conf. When I do "host >>> <>" I get the right IPv6 back. >> That is weird because IPA is doing basically the same. >> > > *hostname.mydoma.in* is actually the DNS entry for the old > FreeIPA server, which actually resolves, but only to an IPv6 > address of course. > I can continue the installation though by entering "yes". > > I then get asked: > Enter the IP address to use, or press Enter to finish. > Please provide the IP address to be used for this host name: > > When I enter the IPv6 address of the new replica host it > doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation >>> Enter without an IP -> No usable IP address provided nor resolved. >>> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 >>> cannot use IP network address 2a02:1:2:3::4 >> >> How do you have configured IP address on your interface? Does it >> have prefix /128? > Yes, that's right. It's an IP being assigned statefully by a > DHCPv6 server. > There is also another dynamic IP within the same prefix having > /64. I don't want to use this one of course, because its IID changes. > Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix >>> Well now I don't even get asked for the IP. The setup wizard >>> continues, but I now get this error: >>> >>> [27/43]: restarting directory server >>> ipa : CRITICAL Failed to restart the directory server >>> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >>> non-zero exit status 1). See the installation log for details. >>> [28/43]: setting up initial replication >>> [error] error: [Errno 111] Connection refused >>> >>> LOG: >>> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 >>> 2016-10-26T15:14:46Z DEBUG stdout= >>> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service >>> failed because the control process exited with error code. See >>> "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for >>> details. >>> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server >>> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >>> non-zero exit status 1). See the installation log for details. >>> 2016-10-26T15:14:46Z DEBUG duration: 1 seconds >>> 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication >>> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): >>> >>> When I try to restart manually with, "/bin/systemctl restart >>> dirsrv@MY-REALM.service" >>> this is what systemd logs: >>> https://paste.fedoraproject.org/461439/raw/ >>> >>> >> >> Could you please check /var/log/dirsrv/slapd-*/errors there might be >> more details. >> >> Did you reused an old IPA server for this installation? >> >> Martin > This is what the logfile says: >
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
Am 26.10.2016 um 17:31 schrieb Martin Basti: > > > > On 26.10.2016 17:25, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: > > > > On 26.10.2016 16:10, Jochen Demmer wrote: >> Hi, >> >> my answers also inline. >> >> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>> >>> Hi, comments inline >>> >>> >>> On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* >>> >>> Can you check with dig or host command if the hostname is really >>> resolvable on that machine? do you have proper resolver in >>> /etc/resolv.conf? >> There is a resolver given in /etc/resolv.conf. When I do "host >> <>" I get the right IPv6 back. > That is weird because IPA is doing basically the same. > >>> *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. >>> >>> Have you pressed enter twice? It should end prompt and continue >>> with installation >> Enter without an IP -> No usable IP address provided nor resolved. >> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 >> cannot use IP network address 2a02:1:2:3::4 > > How do you have configured IP address on your interface? Does it > have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. >>> Could you set (temporarily) prefix for that address to /64 and >>> re-run installer? IPA 4.3 has check that prevents you to use /128 prefix >> Well now I don't even get asked for the IP. The setup wizard >> continues, but I now get this error: >> >> [27/43]: restarting directory server >> ipa : CRITICAL Failed to restart the directory server >> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >> non-zero exit status 1). See the installation log for details. >> [28/43]: setting up initial replication >> [error] error: [Errno 111] Connection refused >> >> LOG: >> 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 >> 2016-10-26T15:14:46Z DEBUG stdout= >> 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service >> failed because the control process exited with error code. See >> "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for >> details. >> 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server >> (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned >> non-zero exit status 1). See the installation log for details. >> 2016-10-26T15:14:46Z DEBUG duration: 1 seconds >> 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication >> 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): >> >> When I try to restart manually with, "/bin/systemctl restart >> dirsrv@MY-REALM.service" >> this is what systemd logs: >> https://paste.fedoraproject.org/461439/raw/ >> >> > > Could you please check /var/log/dirsrv/slapd-*/errors there might be > more details. > > Did you reused an old IPA server for this installation? > > Martin This is what the logfile says: https://paste.fedoraproject.org/461685/raw/ I tried to install this server as a replica a couple of times, but I even reinstalled all of the software and I keep using ipa-client-install --uninstall and
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix Well now I don't even get asked for the IP. The setup wizard continues, but I now get this error: [27/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. [28/43]: setting up initial replication [error] error: [Errno 111] Connection refused LOG: 2016-10-26T15:14:46Z DEBUG Process finished, return code=1 2016-10-26T15:14:46Z DEBUG stdout= 2016-10-26T15:14:46Z DEBUG stderr=Job for dirsrv@MY-REALM.service failed because the control process exited with error code. See "systemctl status dirsrv@MY-REALM.service" and "journalctl -xe" for details. 2016-10-26T15:14:46Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@MY-REALM.service' returned non-zero exit status 1). See the installation log for details. 2016-10-26T15:14:46Z DEBUG duration: 1 seconds 2016-10-26T15:14:46Z DEBUG [28/43]: setting up initial replication 2016-10-26T15:14:56Z DEBUG Traceback (most recent call last): When I try to restart manually with, "/bin/systemctl restart dirsrv@MY-REALM.service" this is what systemd logs: https://paste.fedoraproject.org/461439/raw/ Could you please check /var/log/dirsrv/slapd-*/errors there might be more details. Did you reused an old IPA server for this installation? Martin Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer Martin Jochen -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. Could you set (temporarily) prefix for that address to /64 and re-run installer? IPA 4.3 has check that prevents you to use /128 prefix Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer Martin Jochen -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
Am 26.10.2016 um 16:27 schrieb Martin Basti: > > > > On 26.10.2016 16:10, Jochen Demmer wrote: >> Hi, >> >> my answers also inline. >> >> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>> >>> Hi, comments inline >>> >>> >>> On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* >>> >>> Can you check with dig or host command if the hostname is really >>> resolvable on that machine? do you have proper resolver in >>> /etc/resolv.conf? >> There is a resolver given in /etc/resolv.conf. When I do "host >> <>" I get the right IPv6 back. > That is weird because IPA is doing basically the same. > >>> *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. >>> >>> Have you pressed enter twice? It should end prompt and continue with >>> installation >> Enter without an IP -> No usable IP address provided nor resolved. >> Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot >> use IP network address 2a02:1:2:3::4 > > How do you have configured IP address on your interface? Does it have > prefix /128? Yes, that's right. It's an IP being assigned statefully by a DHCPv6 server. There is also another dynamic IP within the same prefix having /64. I don't want to use this one of course, because its IID changes. > >>> Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer >>> >>> Martin >> Jochen >> > 0x54A5283E.asc Description: application/pgp-keys -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. That is weird because IPA is doing basically the same. *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 How do you have configured IP address on your interface? Does it have prefix /128? Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer Martin Jochen -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: > > Hi, comments inline > > > On 26.10.2016 14:28, Jochen Demmer wrote: >> Hi, >> >> I've been running and using a single FreeIPA server successfully, i.e.: >> Fedora 24 >> freeipa-server-4.3.2-2.fc24.x86_64 >> This server is only available via IPv6, because I can't get public >> lPv4 addresses no more. >> >> Now I want to setup a FreeIPA replica at another site also running >> IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 >> First I run "ipa-client-install" which succeeds without an error. >> When I invoke "ipa-replica-install" I get this error: >> ipa : ERRORCould not resolve hostname >> *hostname.mydoma.in* using DNS. Clients may not function properly. >> Please check your DNS setup. (Note that this check queries IPA DNS >> directly and ignores /etc/hosts.) >> LOG: >> 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* >> (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for >> *hostname.mydoma.in* > > Can you check with dig or host command if the hostname is really > resolvable on that machine? do you have proper resolver in > /etc/resolv.conf? There is a resolver given in /etc/resolv.conf. When I do "host <>" I get the right IPv6 back. > >> >> *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA >> server, which actually resolves, but only to an IPv6 address of course. >> I can continue the installation though by entering "yes". >> >> I then get asked: >> Enter the IP address to use, or press Enter to finish. >> Please provide the IP address to be used for this host name: >> >> When I enter the IPv6 address of the new replica host it doesn't >> accept but infinitely asks this question instead. > > Have you pressed enter twice? It should end prompt and continue with > installation Enter without an IP -> No usable IP address provided nor resolved. Enter with an IP -> Error: Invalid IP Address 2a02:1:2:3::4 cannot use IP network address 2a02:1:2:3::4 > >> >> Honestly, I can't see what I might have done wrong. >> Old FreeIPA has hostname is in sync forward and reverse record. >> New FreeIPA host as well has hostname that symmetrically resolves, >> even though the hostname is using another second level domain. >> >> Any hints? >> Jochen Demmer >> >> > > Martin Jochen 0x54A5283E.asc Description: application/pgp-keys -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa-replica-install fails because of IPv6?
Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* Can you check with dig or host command if the hostname is really resolvable on that machine? do you have proper resolver in /etc/resolv.conf? *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Have you pressed enter twice? It should end prompt and continue with installation Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] ipa-replica-install fails because of IPv6?
Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24 and freeipa-server-4.3.2-2.fc24.x86_64 First I run "ipa-client-install" which succeeds without an error. When I invoke "ipa-replica-install" I get this error: ipa : ERRORCould not resolve hostname *hostname.mydoma.in* using DNS. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) LOG: 2016-10-26T12:14:39Z DEBUG Search DNS server *hostname.mydoma.in* (['2a01:f11:1:1::1', '2a01:f11:1:1::1', '2a01:f11:1:1::1']) for *hostname.mydoma.in* *hostname.mydoma.in* is actually the DNS entry for the old FreeIPA server, which actually resolves, but only to an IPv6 address of course. I can continue the installation though by entering "yes". I then get asked: Enter the IP address to use, or press Enter to finish. Please provide the IP address to be used for this host name: When I enter the IPv6 address of the new replica host it doesn't accept but infinitely asks this question instead. Honestly, I can't see what I might have done wrong. Old FreeIPA has hostname is in sync forward and reverse record. New FreeIPA host as well has hostname that symmetrically resolves, even though the hostname is using another second level domain. Any hints? Jochen Demmer 0x54A5283E.asc Description: application/pgp-keys -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
