Hello All, I have two FreeIPA servers running in AWS—one primary and one replica—with the DNS entry ipa.testing.com. These servers are running an older version of FreeIPA on CentOS 7 with expired certificates. I inherited this setup from a previous admin.
Since the certificates have expired, I attempted multiple renewal methods, including rolling back the system time, but nothing worked. As a solution, I set up a new FreeIPA primary server with the same DNS entry ( ipa.testing.com) and added it to the AWS DHCP configuration alongside the old servers. Steps Taken: 1. Added the new FreeIPA server to the /etc/hosts 123.234.543 test.ipa.testing.com test 2. Installed FreeIPA using the following command:- ipa-server-install --setup-dns --allow-zone-overlap 3. The installation completed successfully. I can log into the UI, create users, and manage configurations without issues. The Problem: When installing a FreeIPA client, it does not auto-discover the new FreeIPA server unless I explicitly specify it in the command: ipa-client-install --hostname=$(hostname -f) --mkhomedir --server=newfreeipa.ipa.testing.com --domain=ipa.testing.com --realm=IPA.TESTING.COM Without the --server parameter, auto-discovery fails. Additionally, after successfully enrolling two clients (client-a and client-b), I am unable to resolve their hostnames between them. When I attempt to ping client-a from client-b, I receive: Name or service not known What am I missing? - Why isn’t the client auto-discovering the new FreeIPA server? - Why can’t the clients resolve each other’s hostnames after enrollment? - Is there anything I need to adjust in DNS or DHCP to ensure proper resolution and discovery? Any help would be greatly appreciated! Thanks in advance.
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
