I figured that out right after I emailed. I will get the records added to DNS and then try it out again.
Thanks, Louis -<<—->>- Louis Bohm [email protected] <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> > On Aug 12, 2020, at 7:29 AM, Florence Blanc-Renaud <[email protected]> wrote: > > On 8/12/20 1:16 PM, Louis Bohm via FreeIPA-users wrote: >> Yes the client was installed not using the —server option. So it looks like >> my issue is DNS. We have DNS external to the IPA hosts. Is there a simple >> way for me to get a list of all the DNS records that need to be added to our >> DNS system from IPA? > Yes, please see my 2nd link that mentions ipa dns-update-system-records > --dry-run: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/dns-updates-external > > flo > >> Louis >> -<<—->>- >> Louis Bohm >> [email protected] <mailto:[email protected]> >> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> >> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> >>> On Aug 12, 2020, at 5:02 AM, Florence Blanc-Renaud <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> On 8/11/20 11:16 PM, Louis Bohm via FreeIPA-users wrote: >>>> Environment: >>>> 2 IPA Masters running Centos 8 and IPA Server 4.8.0.13 >>>> Client running Lentos 8 and IPA Client 4.8.0.13 >>>> The masters were setup as MultiMasters (I think I have it correct). >>>> If I shutdown the first master (ipa01) so only ipa02 is running then try >>>> to login to the client I cannot. Found I needed to add both hosts to the >>>> IPA_server line in the SSSD.conf under the domain section to make that >>>> work. >>>> Now if I try to add a user via the command line on the client I get the >>>> following error: >>>> ipa: ERROR: cannot connect to 'https://ipa01.bos1.domain.com/ipa/json': >>>> [Errno 113] No route to host >>>> Do I need to list both IPA servers some where else? If so where? I did >>>> try adding both IPA servers on the URL line of openldap.conf (only ipa01 >>>> was listed). >>> Hi, >>> >>> you can find more information in "Failover, Load balancing and High >>> Availability in IdM" [1] >>> >>> On the client-side, it depends on how the client was installed. If DNS >>> auto-discovery was used (no --server option provided), then sssd.conf >>> should contain the keyword _srv_ in the list of configured servers >>> (ipa_server= _srv_, ...). In this case, SSSD is using the DNS to find the >>> appropriate server, please see sssd-ipa man page, especially the SERVICE >>> DISCOVERY section. >>> >>> This requires the client to use a proper DNS server. If the DNS is provided >>> by the IPA servers, make sure that /etc/resolv.conf on the client contains >>> ipa01 and ipa02 (otherwise when ipa01 is down, the client won't be able to >>> use the DNS). If the DNS is external, make sure that it contains the proper >>> records as explained in "Updating DNS records systematically when using >>> external DNS" [2] >>> >>> HTH, >>> flo >>> >>> [1] >>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/load-balancing >>> >>> [2] >>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/dns-updates-external >>>> Louis >>>> -<<—->>- >>>> Louis Bohm >>>> [email protected] <mailto:[email protected]> >>>> <mailto:[email protected]> >>>> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> >>>> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> >>>> _______________________________________________ >>>> FreeIPA-users mailing list -- [email protected] >>>> <mailto:[email protected]> >>>> To unsubscribe send an email to [email protected] >>>> <mailto:[email protected]> >>>> Fedora Code of Conduct: >>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: >>>> https://lists.fedorahosted.org/archives/list/[email protected] >>> >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
