Re: [Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-30 Thread Yogesh Sharma 
Thanks it is resolved.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Thu, Oct 29, 2015 at 8:07 PM, Yogesh Sharma  wrote:

> Sure Petr. Will go through it. Thanks for Sharing.
>
> *Best Regards,*
>
> *__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
>  *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
>    
> 
> 
>
> On Thu, Oct 29, 2015 at 5:33 PM, Petr Spacek  wrote:
>
>> On 29.10.2015 11:33, Yogesh Sharma wrote:
>> > Hi,
>> >
>> > We are working on to create another DC and extending our existing
>> FreeIPA.
>> >
>> > Our current environment has subnet as 172.16.32.0/16. In another DC we
>> have
>> > 10.242.96.0/20.
>> >
>> > On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arpa. ,
>> > However, on registering the DC2 Client with FreeIPA Master it says
>> > "Hostname not found in DNS"
>>
>> This message tells you that "hostname" (i.e. what you see in output of
>> command
>> "hostname") does not have A/ record in DNS. It has nothing to do with
>> PTR
>> records.
>>
>> Message "Failed to update DNS records." is usually caused by
>> misconfigured DNS
>> zones.
>>
>> Please see
>> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR
>> for advice how to configure DNS zones to accept dynamic updates.
>>
>> I hope this helps.
>> Petr^2 Spacek
>>
>> > Our Domain is same across DC, the only change is Subnet.
>> >
>> > Forward Zone is working fine.
>> >
>> >
>> > Below are Regestration Logs:
>> >
>> > [root@dr-ipadns-1002 ~]# ipa-client-install --mkhomedir --no-ntp
>> > Discovery was successful!
>> > Hostname: dr-ipadns-1002.klikpay.int
>> > Realm: KLIKPAY.INT
>> > DNS Domain: klikpay.int
>> > IPA Server: ipa-inf-prd-ng2-02.klikpay.int
>> > BaseDN: dc=klikpay,dc=int
>> >
>> > Continue to configure the system with these values? [no]: yes
>> > User authorized to enroll computers: admin
>> > Synchronizing time with KDC...
>> > Password for ad...@klikpay.int:
>> > Successfully retrieved CA cert
>> > Subject: CN=Certificate Authority,O=KLIKPAY.INT
>> > Issuer:  CN=Certificate Authority,O=KLIKPAY.INT
>> > Valid From:  Fri Aug 14 11:39:47 2015 UTC
>> > Valid Until: Tue Aug 14 11:39:47 2035 UTC
>> >
>> > Enrolled in IPA realm KLIKPAY.INT
>> > Attempting to get host TGT...
>> > Created /etc/ipa/default.conf
>> > New SSSD config will be created
>> > Configured sudoers in /etc/nsswitch.conf
>> > Configured /etc/sssd/sssd.conf
>> > Configured /etc/krb5.conf for IPA realm KLIKPAY.INT
>> > trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml
>> > Forwarding 'env' to server u'
>> https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
>> > *Hostname (dr-ipadns-1002.klikpay.int <
>> http://dr-ipadns-1002.klikpay.int>)
>> > not found in DNS*
>> > Failed to update DNS records.
>> > Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
>> > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
>> > Forwarding 'host_mod' to server u'
>> > https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
>> > SSSD enabled
>> > Configuring klikpay.int as NIS domain
>> > Configured /etc/openldap/ldap.conf
>> > Configured /etc/ssh/ssh_config
>> > Configured /etc/ssh/sshd_config
>> > Client configuration complete.
>> >
>> > [root@dr-ipadns-1002 ~]# ip r
>> > 10.242.96.0/20 dev eth0  proto kernel  scope link  src 10.242.96.3
>> > 169.254.0.0/16 dev eth0  scope link  metric 1002
>> > default via 10.242.96.1 dev eth0
>> > [root@dr-ipadns-1002 ~]#
>> >
>> >
>> >>From IPA:
>> >
>> > [root@ipa-inf-prd-ng2-01 ~]# ipa dnszone-show 242.10.in-addr.arpa
>> >   Zone name: 242.10.in-addr.arpa.
>> >   Active zone: TRUE
>> >   Authoritative nameserver: ipa-inf-prd-ng2-01.klikpay.int.
>> >   Administrator e-mail address: hostmaster
>> >   SOA serial: 1446111284
>> >   SOA refresh: 3600
>> >   SOA retry: 900
>> >   SOA expire: 1209600
>> >   SOA minimum: 3600
>> >   Allow query: any;
>> >   Allow transfer: none;
>> > [root@ipa-inf-prd-ng2-01 ~]#
>> >
>> >
>> >
>> > Please suggest as what I am missing.
>>
>>
>> --
>> Petr^2 Spacek
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-29 Thread Yogesh Sharma 
Sure Petr. Will go through it. Thanks for Sharing.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Thu, Oct 29, 2015 at 5:33 PM, Petr Spacek  wrote:

> On 29.10.2015 11:33, Yogesh Sharma wrote:
> > Hi,
> >
> > We are working on to create another DC and extending our existing
> FreeIPA.
> >
> > Our current environment has subnet as 172.16.32.0/16. In another DC we
> have
> > 10.242.96.0/20.
> >
> > On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arpa. ,
> > However, on registering the DC2 Client with FreeIPA Master it says
> > "Hostname not found in DNS"
>
> This message tells you that "hostname" (i.e. what you see in output of
> command
> "hostname") does not have A/ record in DNS. It has nothing to do with
> PTR
> records.
>
> Message "Failed to update DNS records." is usually caused by misconfigured
> DNS
> zones.
>
> Please see
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR
> for advice how to configure DNS zones to accept dynamic updates.
>
> I hope this helps.
> Petr^2 Spacek
>
> > Our Domain is same across DC, the only change is Subnet.
> >
> > Forward Zone is working fine.
> >
> >
> > Below are Regestration Logs:
> >
> > [root@dr-ipadns-1002 ~]# ipa-client-install --mkhomedir --no-ntp
> > Discovery was successful!
> > Hostname: dr-ipadns-1002.klikpay.int
> > Realm: KLIKPAY.INT
> > DNS Domain: klikpay.int
> > IPA Server: ipa-inf-prd-ng2-02.klikpay.int
> > BaseDN: dc=klikpay,dc=int
> >
> > Continue to configure the system with these values? [no]: yes
> > User authorized to enroll computers: admin
> > Synchronizing time with KDC...
> > Password for ad...@klikpay.int:
> > Successfully retrieved CA cert
> > Subject: CN=Certificate Authority,O=KLIKPAY.INT
> > Issuer:  CN=Certificate Authority,O=KLIKPAY.INT
> > Valid From:  Fri Aug 14 11:39:47 2015 UTC
> > Valid Until: Tue Aug 14 11:39:47 2035 UTC
> >
> > Enrolled in IPA realm KLIKPAY.INT
> > Attempting to get host TGT...
> > Created /etc/ipa/default.conf
> > New SSSD config will be created
> > Configured sudoers in /etc/nsswitch.conf
> > Configured /etc/sssd/sssd.conf
> > Configured /etc/krb5.conf for IPA realm KLIKPAY.INT
> > trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml
> > Forwarding 'env' to server u'
> https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> > *Hostname (dr-ipadns-1002.klikpay.int  >)
> > not found in DNS*
> > Failed to update DNS records.
> > Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> > Forwarding 'host_mod' to server u'
> > https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> > SSSD enabled
> > Configuring klikpay.int as NIS domain
> > Configured /etc/openldap/ldap.conf
> > Configured /etc/ssh/ssh_config
> > Configured /etc/ssh/sshd_config
> > Client configuration complete.
> >
> > [root@dr-ipadns-1002 ~]# ip r
> > 10.242.96.0/20 dev eth0  proto kernel  scope link  src 10.242.96.3
> > 169.254.0.0/16 dev eth0  scope link  metric 1002
> > default via 10.242.96.1 dev eth0
> > [root@dr-ipadns-1002 ~]#
> >
> >
> >>From IPA:
> >
> > [root@ipa-inf-prd-ng2-01 ~]# ipa dnszone-show 242.10.in-addr.arpa
> >   Zone name: 242.10.in-addr.arpa.
> >   Active zone: TRUE
> >   Authoritative nameserver: ipa-inf-prd-ng2-01.klikpay.int.
> >   Administrator e-mail address: hostmaster
> >   SOA serial: 1446111284
> >   SOA refresh: 3600
> >   SOA retry: 900
> >   SOA expire: 1209600
> >   SOA minimum: 3600
> >   Allow query: any;
> >   Allow transfer: none;
> > [root@ipa-inf-prd-ng2-01 ~]#
> >
> >
> >
> > Please suggest as what I am missing.
>
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-29 Thread Petr Spacek 
On 29.10.2015 11:33, Yogesh Sharma wrote:
> Hi,
> 
> We are working on to create another DC and extending our existing FreeIPA.
> 
> Our current environment has subnet as 172.16.32.0/16. In another DC we have
> 10.242.96.0/20.
> 
> On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arpa. ,
> However, on registering the DC2 Client with FreeIPA Master it says
> "Hostname not found in DNS"

This message tells you that "hostname" (i.e. what you see in output of command
"hostname") does not have A/ record in DNS. It has nothing to do with PTR
records.

Message "Failed to update DNS records." is usually caused by misconfigured DNS
zones.

Please see
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR
for advice how to configure DNS zones to accept dynamic updates.

I hope this helps.
Petr^2 Spacek

> Our Domain is same across DC, the only change is Subnet.
> 
> Forward Zone is working fine.
> 
> 
> Below are Regestration Logs:
> 
> [root@dr-ipadns-1002 ~]# ipa-client-install --mkhomedir --no-ntp
> Discovery was successful!
> Hostname: dr-ipadns-1002.klikpay.int
> Realm: KLIKPAY.INT
> DNS Domain: klikpay.int
> IPA Server: ipa-inf-prd-ng2-02.klikpay.int
> BaseDN: dc=klikpay,dc=int
> 
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admin
> Synchronizing time with KDC...
> Password for ad...@klikpay.int:
> Successfully retrieved CA cert
> Subject: CN=Certificate Authority,O=KLIKPAY.INT
> Issuer:  CN=Certificate Authority,O=KLIKPAY.INT
> Valid From:  Fri Aug 14 11:39:47 2015 UTC
> Valid Until: Tue Aug 14 11:39:47 2035 UTC
> 
> Enrolled in IPA realm KLIKPAY.INT
> Attempting to get host TGT...
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm KLIKPAY.INT
> trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml
> Forwarding 'env' to server u'https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> *Hostname (dr-ipadns-1002.klikpay.int )
> not found in DNS*
> Failed to update DNS records.
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to server u'
> https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml'
> SSSD enabled
> Configuring klikpay.int as NIS domain
> Configured /etc/openldap/ldap.conf
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete.
> 
> [root@dr-ipadns-1002 ~]# ip r
> 10.242.96.0/20 dev eth0  proto kernel  scope link  src 10.242.96.3
> 169.254.0.0/16 dev eth0  scope link  metric 1002
> default via 10.242.96.1 dev eth0
> [root@dr-ipadns-1002 ~]#
> 
> 
>>From IPA:
> 
> [root@ipa-inf-prd-ng2-01 ~]# ipa dnszone-show 242.10.in-addr.arpa
>   Zone name: 242.10.in-addr.arpa.
>   Active zone: TRUE
>   Authoritative nameserver: ipa-inf-prd-ng2-01.klikpay.int.
>   Administrator e-mail address: hostmaster
>   SOA serial: 1446111284
>   SOA refresh: 3600
>   SOA retry: 900
>   SOA expire: 1209600
>   SOA minimum: 3600
>   Allow query: any;
>   Allow transfer: none;
> [root@ipa-inf-prd-ng2-01 ~]#
> 
> 
> 
> Please suggest as what I am missing.


-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project