[Freeipa-devel] Adding client on RHEL 6 fails to get DNS entry

Sumit Bose sbose at redhat.com
Fri Feb 25 09:18:11 UTC 2011 

On Fri, Feb 25, 2011 at 12:47:03AM -0500, Simo Sorce wrote:
> On Thu, 24 Feb 2011 20:55:32 -0500
> Adam Young <ayoung at redhat.com> wrote:
> 
> > I updated the reolve.conf of the client machine to point to the
> > server and ran:
> > 
> > 
> > [root at vm-060 ~]# ipa-client-install --domain  idm.lab.bos.redhat.com
> > -p admin -w freeipa4all
> > Discovery was successful!
> > Realm: IDM.LAB.BOS.REDHAT.COM
> > DNS Domain: idm.lab.bos.redhat.com
> > IPA Server: vm-051.idm.lab.bos.redhat.com
> > BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
> > 
> > 
> > Continue to configure the system with these values? [no]: yes
> > 
> > Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
> > Created /etc/ipa/default.conf
> > Configured /etc/sssd/sssd.conf
> > Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM
> > certmonger request for host certificate failed
> > Warning: Hostname (vm-060.idm.lab.bos.redhat.com) not found in DNS
> > Failed to obtain host TGT.
> > Failed to update DNS A record. (Command 'x' returned non-zero exit
> > status 1) SSSD enabled
> > Kerberos 5 enabled
> > NTP enabled
> > Client configuration complete.
> > 
> > 
> > Is this a sign of a cert server issue?  THis is the first time
> > running with dogtag.
> 
> We use TSIG-GSSAPI for DNS Updates, no certs involved.
> 
> > Here's the last couple of lines from the ipa-server-log/  They look
> > fine to me.
> > 
> > [Thu Feb 24 20:41:06 2011] [error] ipa: INFO: 
> > admin at IDM.LAB.BOS.REDHAT.COM: host_find(u'', all=True): SUCCESS
> > [Thu Feb 24 20:41:14 2011] [error] ipa: INFO: 
> > admin at IDM.LAB.BOS.REDHAT.COM: batch(({u'params': 
> > [[u'vm-060.idm.lab.bos.redhat.com'], {}], u'method': u'host_del'},)): 
> > SUCCESS
> > [Thu Feb 24 20:41:15 2011] [error] ipa: INFO: 
> > admin at IDM.LAB.BOS.REDHAT.COM: host_find(u'', all=True): SUCCESS
> > [Thu Feb 24 20:46:04 2011] [error] ipa: INFO: 
> > admin at IDM.LAB.BOS.REDHAT.COM: join(u'vm-060.idm.lab.bos.redhat.com', 
> > nshardwareplatform=u'x86_64',
> > nsosversion=u'2.6.32-114.0.1.el6.x86_64'): SUCCESS
> 
> Can you send the ipaclient-install.log file ?
> 
> > This machine had client installed before, but I've since uninstalled
> > and reinstalled both the server and client, and rebooted the client
> > as well.
> 
> Should make no difference at all, it seem nsupdate is failing.
> Do you have bind-utils installed ?
> 
> > There is no file /etc/ipa/.dns_update.txt
> 
> And there shouldn't, it is a temp file we delete as soon as we are done.

Maybe you need to specify the server explicitly in the message you send
to nsupdate. The man page says it should work without, but then nsupdate
must be able to read the SOA record for the zone.

bye,
Sumit

> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list