[Freeipa-users] Host certificate issue problem
Rivet, Matt
Matt_Rivet at Archway.com
Mon Jul 22 14:26:14 UTC 2013
> Does anyone know why certmonger is looking for a keytab for host/det-webdl01 at . instead of host/host/det-webdl01.sub.example.com at EXAMPLE.com?
In order to authenticate to the IPA server, the client software needs
credentials. In order to obtain those credentials, it needs to figure
out the client system's principal name. The function it uses to do this
derives that principal name by doing a lookup to discover the client
host's canonical name, and in this case that appears to be returning the
shorter name.
I'd check the result of running 'getent hosts `hostname`', and if
/etc/hosts has an entry for the hostname that lists the short version
first.
HTH,
Nalin
/etc/hosts has both sort and FQDN. I removed the sort and and resubmitted the certificate. That resolved my issue. should I completely remove the short name or is there a way to work around this?
More information about the Freeipa-users
mailing list