#3570 Installation fails when server hostname = domain
Closed: duplicate 2 years ago by frenaud. Opened 10 years ago by mkosek.

# ipa-server-install -a secret123 -p secret123 --domain=ipa1.example.org --realm=IPA1.EXAMPLE.ORG --setup-dns --no-forwarders -U --hostname=ipa1.example.org --ip-address $IP_ADDRESS

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Warning: skipping DNS resolution of host ipa1.example.org

Warning: hostname ipa1.example.org does not match system hostname vm-037.idm.lab.bos.redhat.com.
System hostname will be updated during the installation process
to prevent service failures.

Adding [IP_ADDRESS ipa1.example.org] to your /etc/hosts file
Using reverse zone xx.xx.xx.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:      ipa1.example.org
IP address:    IP_ADDRESS
Domain name:   ipa1.example.org
Realm name:    IPA1.EXAMPLE.ORG
...
Setup complete

Next steps:
    1. You must make sure these network ports are open:
        TCP Ports:
          * 80, 443: HTTP/HTTPS
          * 389, 636: LDAP/LDAPS
          * 88, 464: kerberos
          * 53: bind
        UDP Ports:
          * 88, 464: kerberos
          * 53: bind
          * 123: ntp

    2. You can now obtain a kerberos ticket using the command: 'kinit admin'
       This ticket will allow you to use the IPA tools (e.g., ipa user-add)
       and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

# host `hostname`
Host ipa1.example.org.ipa1.example.org not found: 2(SERVFAIL)

# service named status
Redirecting to /bin/systemctl status  named.service
named.service - Berkeley Internet Name Domain (DNS)
      Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
      Active: active (running) since Wed 2013-04-17 10:11:31 EDT; 7min ago
    Main PID: 31878 (named)
      CGroup: name=systemd:/system/named.service
          `-31878 /usr/sbin/named -u named

Apr 17 10:12:42 ipa1.example.org named[31878]: ldap_psearch_watcher failed to handle LDAP connecti...60s
Apr 17 10:12:46 ipa1.example.org systemd[1]: Started Berkeley Internet Name Domain (DNS).
Apr 17 10:13:42 ipa1.example.org named[31878]: connection to the LDAP server was lost
Apr 17 10:13:42 ipa1.example.org named[31878]: successfully reconnected to LDAP server
Apr 17 10:13:42 ipa1.example.org named[31878]: LDAP error: Can't contact LDAP server
Apr 17 10:13:42 ipa1.example.org named[31878]: connection to the LDAP server was lost
Apr 17 10:13:42 ipa1.example.org named[31878]: successfully reconnected to LDAP server
Apr 17 10:13:42 ipa1.example.org named[31878]: zone ipa1.example.org/IN: NS 'ipa1.example.org' has...AA)
Apr 17 10:13:42 ipa1.example.org named[31878]: zone ipa1.example.org/IN: not loaded due to errors.
Apr 17 10:13:42 ipa1.example.org named[31878]: update_zone (psearch) failed for 'idnsname=ipa1.exa...one

The problem is, that A record is missing:

# ipa dnsrecord-find ipa1.example.org
  Record name: @
  NS record: ipa1.example.org.
  SSHFP record: 2 1 0604E5B13A08F88E93F4CC1496E99648F7C45232, 2 2
                7472D615267A207B3EAA2A5B8CCB82A0D36EA1836EA4539F87E3D6FA 27F3914F, 1 1
                0383AEA3FA5C8626F0AD8370E7BDD74F61D3B41D, 1 2
                98DC7D67058FF6CE2D1A61A9C6281787315BA21A8DB6764526272C60 6E2FA929

  Record name: _kerberos
  TXT record: IPA1.EXAMPLE.ORG

  Record name: _kerberos-master._tcp
  SRV record: 0 100 88 ipa1.example.org.

  Record name: _kerberos-master._udp
  SRV record: 0 100 88 ipa1.example.org.

  Record name: _kerberos._tcp
  SRV record: 0 100 88 ipa1.example.org.

  Record name: _kerberos._udp
  SRV record: 0 100 88 ipa1.example.org.

  Record name: _kpasswd._tcp
  SRV record: 0 100 464 ipa1.example.org.

  Record name: _kpasswd._udp
  SRV record: 0 100 464 ipa1.example.org.

  Record name: _ldap._tcp
  SRV record: 0 100 389 ipa1.example.org.

  Record name: _ntp._udp
  SRV record: 0 100 123 ipa1.example.org.

  Record name: ipa-ca
  A record: IP_ADDRESS
-----------------------------
Number of entries returned 11
-----------------------------

Releasing since it's ages since I had any implementation in progress.

Metadata Update from @mkosek:
- Issue set to the milestone: Future Releases

7 years ago

Metadata Update from @frenaud:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata