Sigbjorn Lie wrote:
On 06/13/2011 07:24 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 06/13/2011 04:41 PM, Ade Lee wrote:

The replica installation is failing when the replica attempts to
the CA on the master to log into the security domain. According to your
log, this is

Can the master be resolved and reached from the replica? Can port 9445
be reached (as well as ports 9444 and 9443?)

You can also check the master's /var/log/pki-ca/debug log to see if any
communication was received from the replica.

There was an additional DNS A record added to the existing IPA server
hostname! This additional DNS A record pointed at the IP address of the
replica IPA server I'm attempting to configure! I removed this A record
and the replica installed successfully.

When I initially ran the ipa-replica-prepare command, I added the
"--ip-address" option to get the DNS records for this host created. (I
have a seperate dns domain for the IPA environment.) In this process
ipa-replica-prepare created an additional reverse zone on the server.
(The new ipa replica resides on a subnet which sits at a AD DNS server,
but it's still resolvable from the IPA dns servers).

After the replica finished I tried to run the ipa-replica-prepare
command again with a new hostname, and adding an IP address using
--ip-address on a subnet not known to the IPA DNS. The same error was
re-produced, the DNS A record was added to the master IPA server.

I would also like to note that I cannot see the second DNS entry using
the web gui, only using "ipa dnsrecord-find". Bug opened in bugzilla for

Adding the record has already been fixed upstream,

Excellent, Thanks. I assume this is coming to freeipa in F15 as well at
some point?

I'm hoping to do another 2.0 bug fux release in the next couple of weeks.


Freeipa-users mailing list

Reply via email to