Hi Just a bit of user experience ...
I'm guessing you ran the ipa-client-install program on your client specifying "--server=ipa01.bos1.domain.com" rather than relying on auto-discovery (requires SRV DNS records) If DNS SRV records are not configured and you need to manually specify the IPA servers, then Instead of trying to fix by hand, uninstall the client with "ipa-client-istall --uninstall" and then reinstall giving the --server= option twice (once for each IPA server) to the ipa-client-install command Regards Angus ________________________________ From: Louis Bohm via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: 11 August 2020 23:16 To: freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.org> Cc: Louis Bohm <louisb...@gmail.com> Subject: [Freeipa-users] Multimaster error adding user when one master down. Environment: 2 IPA Masters running Centos 8 and IPA Server 4.8.0.13 Client running Lentos 8 and IPA Client 4.8.0.13 The masters were setup as MultiMasters (I think I have it correct). If I shutdown the first master (ipa01) so only ipa02 is running then try to login to the client I cannot. Found I needed to add both hosts to the IPA_server line in the SSSD.conf under the domain section to make that work. Now if I try to add a user via the command line on the client I get the following error: ipa: ERROR: cannot connect to 'https://ipa01.bos1.domain.com/ipa/json':<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fipa01.bos1.domain.com%2Fipa%2Fjson%27%3A&data=02%7C01%7C%7C4a71590e62ed4a9c21f308d83e3c0f41%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637327774986657203&sdata=p3ZMEKIpsfaYoDVTqm%2BAG%2BcD36Et192Kx7Kwgr%2BVBiM%3D&reserved=0> [Errno 113] No route to host Do I need to list both IPA servers some where else? If so where? I did try adding both IPA servers on the URL line of openldap.conf (only ipa01 was listed). Louis -<<—->>- Louis Bohm louisb...@gmail.com<mailto:louisb...@gmail.com> [cid:e7976d93-d339-46e9-b2ef-5ca2045cf46b] <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youracclaim.com%2Fbadges%2Ff11e0d65-21ad-4458-895b-2c5b5cb11134%2Fpublic_url&data=02%7C01%7C%7C4a71590e62ed4a9c21f308d83e3c0f41%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637327774986657203&sdata=tnVrkfzhh%2F9PB1ddbsaoZszf1KFshby2T1XbgzAVTQM%3D&reserved=0> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youracclaim.com%2Fbadges%2Ff11e0d65-21ad-4458-895b-2c5b5cb11134%2Fpublic_url&data=02%7C01%7C%7C4a71590e62ed4a9c21f308d83e3c0f41%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637327774986667196&sdata=OkIcnuMxoEfFmsJ%2FxF2bhVTHrQZ2DNx7vFbfZClIEbw%3D&reserved=0>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org