Of course, as soon as I send this I notice the --no-host-dns. Figures.
On Tue, Nov 5, 2013 at 11:33 PM, Brett Foster <fost...@edgeandvertex.org>wrote: > Alright -- I'm stumped. What is the motivation for requiring reverse > lookups for replicas? Is there a way to turn the check off? Others ideas? > > Here's what I got: > > I set up freeipa server and client. The systems are connected over OpenVPN > to create a private network between clients and server (10.5.x.x). Traffic > to 10.5.0.x subset is routed over VPN; otherwise traffic uses the local > network connection (including DNS servers provided over DHCP). > > For better or worse, I found myself exposing the internal addresses via > the public interface of the FreeIPA server. This, however, makes it > impossible to do the reverse lookup of internal servers. > > Clients and freeipa server appear to be happy with this arrangement. > Replica not so much. > > FreeIPA Server: 10.5.0.1 > FreeIPA Replica: 10.5.0.2 > Client 1: 10.5.0.3 > Client 2: 10.5.0.4 > and so on... > > Error: > 2013-11-06T06:53:41Z DEBUG Check reverse address of 10.5.0.1 > 2013-11-06T06:53:46Z DEBUG Check failed: [Errno 1] Unknown host > 2013-11-06T06:53:46Z DEBUG The ipa-replica-install command failed, > exception: HostReverseLookupError: Unable to resolve the reverse ip > address, check /etc/hosts or DNS name resolution > > Brett >
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users