Alright -- I'm stumped. What is the motivation for requiring reverse lookups for replicas? Is there a way to turn the check off? Others ideas?
Here's what I got: I set up freeipa server and client. The systems are connected over OpenVPN to create a private network between clients and server (10.5.x.x). Traffic to 10.5.0.x subset is routed over VPN; otherwise traffic uses the local network connection (including DNS servers provided over DHCP). For better or worse, I found myself exposing the internal addresses via the public interface of the FreeIPA server. This, however, makes it impossible to do the reverse lookup of internal servers. Clients and freeipa server appear to be happy with this arrangement. Replica not so much. FreeIPA Server: 10.5.0.1 FreeIPA Replica: 10.5.0.2 Client 1: 10.5.0.3 Client 2: 10.5.0.4 and so on... Error: 2013-11-06T06:53:41Z DEBUG Check reverse address of 10.5.0.1 2013-11-06T06:53:46Z DEBUG Check failed: [Errno 1] Unknown host 2013-11-06T06:53:46Z DEBUG The ipa-replica-install command failed, exception: HostReverseLookupError: Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution Brett
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
