# ipa-server-install -a secret123 -p secret123 --domain=ipa1.example.org --realm=IPA1.EXAMPLE.ORG --setup-dns --no-forwarders -U --hostname=ipa1.example.org --ip-address $IP_ADDRESS The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Warning: skipping DNS resolution of host ipa1.example.org Warning: hostname ipa1.example.org does not match system hostname vm-037.idm.lab.bos.redhat.com. System hostname will be updated during the installation process to prevent service failures. Adding [IP_ADDRESS ipa1.example.org] to your /etc/hosts file Using reverse zone xx.xx.xx.in-addr.arpa. The IPA Master Server will be configured with: Hostname: ipa1.example.org IP address: IP_ADDRESS Domain name: ipa1.example.org Realm name: IPA1.EXAMPLE.ORG ... Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password # host `hostname` Host ipa1.example.org.ipa1.example.org not found: 2(SERVFAIL) # service named status Redirecting to /bin/systemctl status named.service named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled) Active: active (running) since Wed 2013-04-17 10:11:31 EDT; 7min ago Main PID: 31878 (named) CGroup: name=systemd:/system/named.service `-31878 /usr/sbin/named -u named Apr 17 10:12:42 ipa1.example.org named[31878]: ldap_psearch_watcher failed to handle LDAP connecti...60s Apr 17 10:12:46 ipa1.example.org systemd[1]: Started Berkeley Internet Name Domain (DNS). Apr 17 10:13:42 ipa1.example.org named[31878]: connection to the LDAP server was lost Apr 17 10:13:42 ipa1.example.org named[31878]: successfully reconnected to LDAP server Apr 17 10:13:42 ipa1.example.org named[31878]: LDAP error: Can't contact LDAP server Apr 17 10:13:42 ipa1.example.org named[31878]: connection to the LDAP server was lost Apr 17 10:13:42 ipa1.example.org named[31878]: successfully reconnected to LDAP server Apr 17 10:13:42 ipa1.example.org named[31878]: zone ipa1.example.org/IN: NS 'ipa1.example.org' has...AA) Apr 17 10:13:42 ipa1.example.org named[31878]: zone ipa1.example.org/IN: not loaded due to errors. Apr 17 10:13:42 ipa1.example.org named[31878]: update_zone (psearch) failed for 'idnsname=ipa1.exa...one
The problem is, that A record is missing:
# ipa dnsrecord-find ipa1.example.org Record name: @ NS record: ipa1.example.org. SSHFP record: 2 1 0604E5B13A08F88E93F4CC1496E99648F7C45232, 2 2 7472D615267A207B3EAA2A5B8CCB82A0D36EA1836EA4539F87E3D6FA 27F3914F, 1 1 0383AEA3FA5C8626F0AD8370E7BDD74F61D3B41D, 1 2 98DC7D67058FF6CE2D1A61A9C6281787315BA21A8DB6764526272C60 6E2FA929 Record name: _kerberos TXT record: IPA1.EXAMPLE.ORG Record name: _kerberos-master._tcp SRV record: 0 100 88 ipa1.example.org. Record name: _kerberos-master._udp SRV record: 0 100 88 ipa1.example.org. Record name: _kerberos._tcp SRV record: 0 100 88 ipa1.example.org. Record name: _kerberos._udp SRV record: 0 100 88 ipa1.example.org. Record name: _kpasswd._tcp SRV record: 0 100 464 ipa1.example.org. Record name: _kpasswd._udp SRV record: 0 100 464 ipa1.example.org. Record name: _ldap._tcp SRV record: 0 100 389 ipa1.example.org. Record name: _ntp._udp SRV record: 0 100 123 ipa1.example.org. Record name: ipa-ca A record: IP_ADDRESS ----------------------------- Number of entries returned 11 -----------------------------
Releasing since it's ages since I had any implementation in progress.
Metadata Update from @mkosek: - Issue set to the milestone: Future Releases
Closing as duplicate of https://pagure.io/freeipa/issue/9003
Metadata Update from @frenaud: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.