Hello,

I have installed FreeIPA 3.0 beta 1 on Fedora 17, and added a Fedora 17 client.

I do not have anything under the Identity -> DNS tab (i.e. no DNS zones)

I did the following when installing:


On the server:
[root@ipaserver ~]#ipa-server-install
-- oops forgot to include DNS
[root@ipaserver ~]#ipa-server-install --uninstall -U
[root@ipaserver ~]#ipa-server-install --setup-dns --no-forwarders
-- at some point the installer prompted with a message that a named.conf 
already existed, overwrite?
-- I chose yes
[root@ipaserver ~]# cd /var/named/
[root@ipaserver named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@ipaserver named]# find .
.
./named.loopback
./named.empty
./slaves
./named.localhost
./data
./data/named.run
./dynamic
./named.ca
[root@ipaserver named]# cat /etc/named.conf 
options {
        // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
        listen-on-v6 {any;};

        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

        forward first;
        forwarders { };

        // Any host is permitted to issue recursive queries
        allow-recursion { any; };

        tkey-gssapi-credential "DNS/ipaserver.beta.local";
        tkey-domain "BETA.LOCAL";
};

/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named 
directory,
 * so put the default debug log file in data/ :
 */
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-BETA-LOCAL.socket";
        arg "base cn=dns, dc=beta,dc=local";
        arg "fake_mname ipaserver.beta.local.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/ipaserver.beta.local";
        arg "zone_refresh 0";
        arg "psearch yes";
};

[root@ipaserver ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.112.10  netmask 255.255.255.0  broadcast 172.16.112.255
        inet6 fe80::20c:29ff:fe56:53bd  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:56:53:bd  txqueuelen 1000  (Ethernet)
        RX packets 33531  bytes 24153141 (23.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30428  bytes 17489346 (16.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


On the client:
[root@ipaclient ~]#ipa-client-install --enable-dns-updates
[root@ipaclient ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.112.11  netmask 255.255.255.0  broadcast 172.16.112.255
        inet6 fe80::20c:29ff:fed4:9724  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:d4:97:24  txqueuelen 1000  (Ethernet)
        RX packets 23591  bytes 24965586 (23.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12756  bytes 1274305 (1.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ipaclient ~]# nslookup ipaclient
Server:         172.16.112.10
Address:        172.16.112.10#53

Name:   ipaclient.beta.local
Address: 172.16.112.11

[root@ipaclient ~]# nslookup ipaserver
Server:         172.16.112.10
Address:        172.16.112.10#53

Name:   ipaserver.beta.local
Address: 172.16.112.10
[root@ipaclient ~]# ipa dnszone-show beta.local
ipa: ERROR: beta.local: DNS zone not found
[root@ipaclient ~]# ipa dns-resolve ipaserver.beta.local
-----------------------------
Found 'ipaserver.beta.local.'
-----------------------------
[root@ipaclient ~]# ipa dnsconfig-show
---------------------------------
Global DNS configuration is empty
---------------------------------

Any pointers?

Thanks,
Mike





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to