Alright -- I'm stumped. What is the motivation for requiring reverse
lookups for replicas? Is there a way to turn the check off? Others ideas?

Here's what I got:

I set up freeipa server and client. The systems are connected over OpenVPN
to create a private network between clients and server (10.5.x.x). Traffic
to 10.5.0.x subset is routed over VPN; otherwise traffic uses the local
network connection (including DNS servers provided over DHCP).

For better or worse, I found myself exposing the internal addresses via the
public interface of the FreeIPA server. This, however, makes it impossible
to do the reverse lookup of internal servers.

Clients and freeipa server appear to be happy with this arrangement.
Replica not so much.

FreeIPA Server:
FreeIPA Replica:
Client 1:
Client 2:
and so on...

2013-11-06T06:53:41Z DEBUG Check reverse address of
2013-11-06T06:53:46Z DEBUG Check failed: [Errno 1] Unknown host
2013-11-06T06:53:46Z DEBUG The ipa-replica-install command failed,
exception: HostReverseLookupError: Unable to resolve the reverse ip
address, check /etc/hosts or DNS name resolution

Freeipa-users mailing list

Reply via email to