Hi, do your clients use the new IPA server as DNS server? This can be done prior to calling ipa-client-install. flo
On Fri, Feb 7, 2025 at 5:01 PM azeem via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello All, > > I have two FreeIPA servers running in AWS—one primary and one replica—with > the DNS entry ipa.testing.com. These servers are running an older version > of FreeIPA on CentOS 7 with expired certificates. I inherited this setup > from a previous admin. > > Since the certificates have expired, I attempted multiple renewal methods, > including rolling back the system time, but nothing worked. As a solution, > I set up a new FreeIPA primary server with the same DNS entry ( > ipa.testing.com) and added it to the AWS DHCP configuration alongside the > old servers. > Steps Taken: > > 1. > > Added the new FreeIPA server to the /etc/hosts 123.234.543 > test.ipa.testing.com test > 2. > > Installed FreeIPA using the following command:- ipa-server-install > --setup-dns --allow-zone-overlap > 3. > > The installation completed successfully. I can log into the UI, create > users, and manage configurations without issues. > > The Problem: > > When installing a FreeIPA client, it does not auto-discover the new > FreeIPA server unless I explicitly specify it in the command: > > ipa-client-install --hostname=$(hostname -f) --mkhomedir > --server=newfreeipa.ipa.testing.com --domain=ipa.testing.com > --realm=IPA.TESTING.COM > > Without the --server parameter, auto-discovery fails. > > Additionally, after successfully enrolling two clients (client-a and > client-b), I am unable to resolve their hostnames between them. When I > attempt to ping client-a from client-b, I receive: > > Name or service not known > > What am I missing? > > - > > Why isn’t the client auto-discovering the new FreeIPA server? > - > > Why can’t the clients resolve each other’s hostnames after enrollment? > - > > Is there anything I need to adjust in DNS or DHCP to ensure proper > resolution and discovery? > > Any help would be greatly appreciated! Thanks in advance. > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
