This program will set up IPA client: Failed to update DNS records.
CHAPTER 2. INSTALLING AN IDM SERVER: WITH INTEGRATED
DNS, WITH AN INTEGRATED CA AS THE ROOT CA
I successfully "Enrolled in IPA realm" a client accept I had some failures,
- Failed to update DNS records.
- Could not update DNS SSHFP records.
[root@mariadbserver etc]# ipa-client-install --enable-dns-updates --mkhomedir
This program will set up IPA client.
Version 4.10.0
Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]: yes
Enter NTP source server addresses separated by comma, or press Enter to skip: 10.30.70.1
Enter a NTP source pool address, or press Enter to skip:
Client hostname: mariadbserver.kbbn-7.com
Realm: KBBN-7.COM
DNS Domain: kbbn-7.com
IPA Server: idmserver1c.kbbn-7.com
BaseDN: dc=kbbn-7,dc=com
NTP server: 10.30.70.1
Continue to configure the system with these values? [no]: yes
Synchronizing time
Configuration of chrony was changed by installer.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@KBBN-7.COM:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=KBBN-7.COM
Issuer: CN=Certificate Authority,O=KBBN-7.COM
Valid From: 2023-04-03 08:49:27
Valid Until: 2043-04-03 08:49:27
Enrolled in IPA realm KBBN-7.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
Failed to update DNS records. <--------------------------------------<<
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Could not update DNS SSHFP records. <-----------------------------<<
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config.d/04-ipa.conf
Configuring kbbn-7.com as NIS domain.
Configured /etc/krb5.conf for IPA realm KBBN-7.COM
Client configuration complete.
The ipa-client-install command was successful
I was not able to do this until I added the SRV to pfSense DNS Resolver:
server:
include: /var/unbound/pfb_dnsbl.*conf
local-data: "_kerberos-master._tcp.kbbn-7.com. 3600 IN SRV 0 100 88 idmserver1c.kbbn-7.com."
local-data: "_kerberos-master._udp.kbbn-7.com. 3600 IN SRV 0 100 88 idmserver1c.kbbn-7.com."
local-data: "_kerberos._tcp.kbbn-7.com. 3600 IN SRV 0 100 88 idmserver1c.kbbn-7.com."
local-data: "_kerberos._udp.kbbn-7.com. 3600 IN SRV 0 100 88 idmserver1c.kbbn-7.com."
local-data: "_kerberos.kbbn-7.com. 3600 IN TXT KBBN-7.COM"
local-data: "_kerberos.kbbn-7.com. 3600 IN URI 0 100 krb5srv:m:tcp:idmserver1c.kbbn-7.com."
local-data: "_kerberos.kbbn-7.com. 3600 IN URI 0 100 krb5srv:m:udp:idmserver1c.kbbn-7.com."
local-data: "_kpasswd._tcp.kbbn-7.com. 3600 IN SRV 0 100 464 idmserver1c.kbbn-7.com."
local-data: "_kpasswd._udp.kbbn-7.com. 3600 IN SRV 0 100 464 idmserver1c.kbbn-7.com."
local-data: "_kpasswd.kbbn-7.com. 3600 IN URI 0 100 krb5srv:m:tcp:idmserver1c.kbbn-7.com."
local-data: "_kpasswd.kbbn-7.com. 3600 IN URI 0 100 krb5srv:m:udp:idmserver1c.kbbn-7.com."
local-data: "_ldap._tcp.kbbn-7.com. 3600 IN SRV 0 100 389 idmserver1c.kbbn-7.com."
local-data: "ipa-ca.kbbn-7.com. 3600 IN A 10.30.70.106"
What may have caused this and how to correct it? I'm using pfSense for my DHCP, DNS Resovler as the Forwarder from the IDM Server, and NTP for the IDM Domain clock sync.
Network Topology.
