Hi Marti,

On Tue, Jan 9, 2018 at 12:46 AM, Martin Basti via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> it looks that replica is trying to add records to your forward zone. What
> is the hostname of the replica?
>

Yeah, it's xxx.h2.int.pdp7.net, which is within the forwarded zone.

I have a dnsmasq acting as DHCP/DNS server in h2.int.pdp7.net to provide
automatic network configuration to VMs. It's a non-routable network, so I'm
not sure what the right setup would be.

1. what is not working on lxc?
>

It was something about GSSAPI or something like that, I'll try to reproduce
and start a new thread about that- but I guess it's more of an LXC problem
(ideally I would like to run my replica on LXC so it consumes less RAM, but
I can live with a full VM).

Cheers,

Álex

2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:

> Hi,
>
> I'm labbing a FreeIPA environment for personal use, and I'm getting that
> while bringing up a replica.
>
> I set up my first freeipa-server instance on a cheap VPS on a public IP,
> intend on making it publicly accessible so I can always authenticate my
> laptop even on wild public networks.
>
> I'm adding the replica as a VM(1) on a Proxmox VE, on a private network
> with VPN connectivity to the first public freeipa-server, but I'm getting:
>
> 2018-01-06T20:56:04Z DEBUG The ipa-replica-install command failed,
> exception: ValidationError: invalid 'dnszoneidnsname': only master zones
> can contain records
>
> . I'm trying to create the replica with CA and DNS, and I had set up DNS
> forwarding to the internal DNS on the Proxmox system with:
>
> $ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
> $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24
> --forwarder=10.42.42.1 --forward-policy=only
>
> on the first server (I run dnsmasq on Proxmox VE, 10.42.42.0/24 -
> h2.int.pdp7.net is the network it manages), and I guess that's messing
> with the replica, but I'm not sure how to troubleshoot this.
>
> Thoughts? Ideas?
>
> Thanks,
>
> Álex
>
> (1) I can't seem to create a freeipa-replica on an LXC container. Is this
> something that can be discussed here or should I take it to LXC?
>
> --
>    ___
>  {~._.~}
>   ( Y )
>  ()~*~()  mail: alex at corcoles dot net
>  (_)-(_)  http://alex.corcoles.net/
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
S pozdravom Martin Bašti.

>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to