On Mon, Feb 10, 2025 at 7:36 AM Florence Blanc-Renaud via FreeIPA-users < [email protected]> wrote: > > Hi, > > do your clients use the new IPA server as DNS server? This can be done prior to calling ipa-client-install. > flo >
Adding to the answer, if you want to use Ansible, the ansible-freeipa's [1] ipaclient role (and ipareplica) have settings that automate this step for you. [1] https://github.com/freeipa/ansible-freeipa Rafael > On Fri, Feb 7, 2025 at 5:01 PM azeem via FreeIPA-users < [email protected]> wrote: >> >> Hello All, >> >> I have two FreeIPA servers running in AWS—one primary and one replica—with the DNS entry ipa.testing.com. These servers are running an older version of FreeIPA on CentOS 7 with expired certificates. I inherited this setup from a previous admin. >> >> Since the certificates have expired, I attempted multiple renewal methods, including rolling back the system time, but nothing worked. As a solution, I set up a new FreeIPA primary server with the same DNS entry ( ipa.testing.com) and added it to the AWS DHCP configuration alongside the old servers. >> >> Steps Taken: >> >> Added the new FreeIPA server to the /etc/hosts 123.234.543 test.ipa.testing.com test >> >> Installed FreeIPA using the following command:- ipa-server-install --setup-dns --allow-zone-overlap >> >> The installation completed successfully. I can log into the UI, create users, and manage configurations without issues. >> >> The Problem: >> >> When installing a FreeIPA client, it does not auto-discover the new FreeIPA server unless I explicitly specify it in the command: >> >> ipa-client-install --hostname=$(hostname -f) --mkhomedir --server= newfreeipa.ipa.testing.com --domain=ipa.testing.com --realm=IPA.TESTING.COM >> >> Without the --server parameter, auto-discovery fails. >> >> Additionally, after successfully enrolling two clients (client-a and client-b), I am unable to resolve their hostnames between them. When I attempt to ping client-a from client-b, I receive: >> >> Name or service not known >> >> What am I missing? >> >> Why isn’t the client auto-discovering the new FreeIPA server? >> >> Why can’t the clients resolve each other’s hostnames after enrollment? >> >> Is there anything I need to adjust in DNS or DHCP to ensure proper resolution and discovery? >> >> Any help would be greatly appreciated! Thanks in advance. >> >> -- >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
