<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 03/13/2012 02:59 PM, Sylvain Angers wrote:
<blockquote
cite="mid:CABn0HjurAz_LfPSN8KCN2W813y=yJBoxcrs0gvquztvCLC2tSg@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">2012/3/8 Brian Cook <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:bcook@redhat.com"
target="_blank">bcook@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div style="word-wrap: break-word;">Also, I would not use
'delegation record' from AD, use conditional forwarding for
*.<a moz-do-not-send="true" href="http://unix.abcd.ca"
target="_blank">unix.abcd.ca</a>. Your AD admins should
know how to do it.
<div>
<div><br>
<div>
<span style="text-indent: 0px; letter-spacing: normal;
font-variant: normal; font-style: normal;
font-weight: normal; line-height: normal;
border-collapse: separate; text-transform: none;
font-size: medium; white-space: normal; font-family:
Helvetica; word-spacing: 0px;"><span
style="text-indent: 0px; letter-spacing: normal;
font-variant: normal; font-style: normal;
font-weight: normal; line-height: normal;
border-collapse: separate; text-transform: none;
font-size: medium; white-space: normal;
font-family: Helvetica; word-spacing: 0px;">
<div style="word-wrap: break-word;">
<span style="text-indent: 0px; letter-spacing:
normal; font-variant: normal; font-style:
normal; font-weight: normal; line-height:
normal; border-collapse: separate;
text-transform: none; font-size: medium;
white-space: normal; font-family: Helvetica;
word-spacing: 0px;">
<div style="word-wrap: break-word;">
---<br>
Brian Cook<br>
Solutions Architect, Red Hat, Inc.<br>
<a moz-do-not-send="true"
href="tel:407-212-7079"
value="+14072127079" target="_blank">407-212-7079</a></div>
<div style="word-wrap: break-word;"><br>
</div>
</span></div>
</span><br>
</span><br>
</div>
<br>
</div>
<div>
<div>
<div>
<div>On Mar 8, 2012, at 9:04 AM, Simo Sorce wrote:</div>
<br>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div>On Thu, 2012-03-08 at 11:54 -0500, Sylvain
Angers wrote:<br>
<blockquote type="cite">
Alright!<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite">I am now requesting to
our DNS team<br>
</blockquote>
<blockquote type="cite"><br>
</blockquote>
<blockquote type="cite">please delegate dns zone
"<a moz-do-not-send="true"
href="http://unix.abcd.ca" target="_blank">unix.abcd.ca</a>"
to ???<br>
</blockquote>
<br>
the ip address of your ipa server, they will
know what questions to<br>
ask :)<br>
<br>
<blockquote type="cite">Question: is the ipa
server fqdn, be <a moz-do-not-send="true"
href="http://ipaserver.unix.abcd.ca"
target="_blank">ipaserver.unix.abcd.ca</a>
or<br>
</blockquote>
<blockquote type="cite"><a
moz-do-not-send="true"
href="http://ipaserver.abcd.ca"
target="_blank">ipaserver.abcd.ca</a>?<br>
</blockquote>
<br>
<blockquote type="cite">does it matter?<br>
</blockquote>
<br>
It does, the IPa server DNS domain is what
matters for the first master.<br>
So it should be <name>.<a
moz-do-not-send="true"
href="http://unix.abcd.ca" target="_blank">unix.abcd.ca</a><br>
<br>
So that DNS domain = <a moz-do-not-send="true"
href="http://unix.abcd.ca" target="_blank">unix.abcd.ca</a>
and realm = <a moz-do-not-send="true"
href="http://UNIX.ABCD.CA" target="_blank">UNIX.ABCD.CA</a>
(if you use<br>
the standard configuration).<br>
<br>
Simo.<br>
<br>
-- <br>
Simo Sorce * Red Hat, Inc * New York<br>
<br>
</div>
</div>
<div>_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com"
target="_blank">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
Hello
<div>
<br>
</div>
<div>Still have same issue "unable to find 'admin' user with
'getent passwd admin'!<br>
<div><br>
</div>
<div>I redid both client and servers, no selinux,no firewall</div>
<div><br>
</div>
<div>Our dns teams did set soa unix.cnppd.lab to point to my ipa
server</div>
<div><br>
</div>
<div>I had to put a manual entry in /etc/hosts</div>
<div>
<div>165.115.118.21 mtl-ipa01d.unix.cnppd.lab
mtl-ipa01d</div>
</div>
<div><br>
</div>
<div><br>
<div>then did set my ipa server with the following</div>
<div><b style="font-family: 'Times New Roman'; font-size:
medium;"><span style="font-size: 15px; font-family: Arial;
color: rgb(255, 0, 255); font-weight: normal;
vertical-align: baseline; white-space: pre-wrap;">ipa-server-install
-a xxxxxxx --hostname=mtl-ipa01d.unix.cnppd.lab -n
unix.cnppd.lab -p xxxxx -r UNIX.CNPPD.LAB --setup-dns
--forwarder=165.115.52.21--fowarder=165.115.51.21</span></b></div>
<div><font color="#ff00ff" face="Arial">
<div><span style="font-size: 15px; white-space: pre-wrap;">Server
host name [mtl-ipa01d.unix.cnppd.lab]:</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;"><br>
</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Warning:
skipping DNS resolution of host
mtl-ipa01d.unix.cnppd.lab</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">The
IPA Master Server will be configured with</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Hostname:
mtl-ipa01d.unix.cnppd.lab</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">IP
address: 165.115.118.21</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Domain
name: unix.cnppd.lab</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;"><br>
</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Do
you want to configure the reverse zone? [yes]:</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Please
specify the reverse zone name
[118.115.165.in-addr.arpa.]:</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Using
reverse zone 118.115.165.in-addr.arpa.</span></div>
<div style="font-size: 15px; white-space: pre-wrap;"><br>
</div>
</font></div>
<div><font color="#ff00ff" face="Arial"><span
style="font-size: 15px; white-space: pre-wrap;"><br>
<br>
</span></font></div>
<div><font color="#ff00ff" face="Arial">
<div><span style="font-size: 15px; white-space: pre-wrap;">Restarting
the directory server</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Restarting
the KDC</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Restarting
the web server</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Configuring
named:</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[1/9]: adding DNS container</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[2/9]: setting up our zone</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[3/9]: setting up reverse zone</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[4/9]: setting up our own record</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[5/9]: setting up kerberos principal</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[6/9]: setting up named.conf</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[7/9]: restarting named</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[8/9]: configuring named to start on boot</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">
[9/9]: changing resolv.conf to point to ourselves</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">done
configuring named.</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">==============================================================================</span></div>
<div><span style="font-size: 15px; white-space: pre-wrap;">Setup
complete</span></div>
<div style="font-size: 15px; white-space: pre-wrap;"><br>
</div>
</font>
<div><br>
</div>
<div>I did set my client with</div>
<div>
<div>[root@mtl-vdi01d ~]# ipa-client-install
--server=mtl-ipa01d.unix.cnppd.lab
--domain=UNIX.CNPPD.LAB --realm=UNIX.CNPPD.LAB
--mkhomedir</div>
<div>Discovery was successful!</div>
<div>Hostname: <a moz-do-not-send="true"
href="http://mtl-vdi01d.cn.ca">mtl-vdi01d.cn.ca</a></div>
<div>Realm: UNIX.CNPPD.LAB</div>
<div>DNS Domain: UNIX.CNPPD.LAB</div>
<div>IPA Server: mtl-ipa01d.unix.cnppd.lab</div>
<div>BaseDN: dc=unix,dc=cnppd,dc=lab</div>
<div><br>
</div>
<div><br>
</div>
<div>Continue to configure the system with these values?
[no]: yes</div>
<div>User authorized to enroll computers: admin</div>
<div>Synchronizing time with KDC...</div>
<div>Password for <a class="moz-txt-link-abbreviated" href="mailto:admin@UNIX.CNPPD.LAB:">admin@UNIX.CNPPD.LAB:</a> </div>
<div><br>
</div>
<div>Enrolled in IPA realm UNIX.CNPPD.LAB</div>
<div>Created /etc/ipa/default.conf</div>
<div>Configured[root@mtl-vdi01d ~]# ipa-client-install
--server=mtl-ipa01d.unix.cnppd.lab
--domain=UNIX.CNPPD.LAB --realm=UNIX.CNPPD.LAB
--mkhomedir</div>
<div>Discovery was successful!</div>
<div>Hostname: <a moz-do-not-send="true"
href="http://mtl-vdi01d.cn.ca">mtl-vdi01d.cn.ca</a></div>
<div>Realm: UNIX.CNPPD.LAB</div>
<div>DNS Domain: UNIX.CNPPD.LAB</div>
<div>IPA Server: mtl-ipa01d.unix.cnppd.lab</div>
<div>BaseDN: dc=unix,dc=cnppd,dc=lab</div>
<div><br>
</div>
<div><br>
</div>
<div>Continue to configure the system with these values?
[no]: yes</div>
<div>User authorized to enroll computers: admin</div>
<div>Synchronizing time with KDC...</div>
<div>Password for <a class="moz-txt-link-abbreviated" href="mailto:admin@UNIX.CNPPD.LAB:">admin@UNIX.CNPPD.LAB:</a> </div>
<div><br>
</div>
<div>Enrolled in IPA realm UNIX.CNPPD.LAB</div>
<div>Created /etc/ipa/default.conf</div>
<div>Configured /etc/sssd/sssd.conf</div>
<div>Configured /etc/krb5.conf for IPA realm
UNIX.CNPPD.LAB</div>
<div>SSSD enabled</div>
<div>Unable to find 'admin' user with 'getent passwd
admin'!</div>
<div>Recognized configuration: SSSD</div>
<div>NTP enabled</div>
<div>Client configuration complete. /etc/sssd/sssd.conf</div>
<div>Configured /etc/krb5.conf for IPA realm
UNIX.CNPPD.LAB</div>
<div>SSSD enabled</div>
<div>Unable to find 'admin' user with 'getent passwd
admin'!</div>
<div>Recognized configuration: SSSD</div>
<div>NTP enabled</div>
<div>Client configuration complete.</div>
</div>
<div><br>
</div>
<div>you can see that ipa did enroll my client </div>
<div><br>
</div>
<div>
<div>[root@mtl-ipa01d ~]# ipa host-find</div>
<div>---------------</div>
<div>2 hosts matched</div>
<div>---------------</div>
<div> Host name: mtl-ipa01d.unix.cnppd.lab</div>
<div> Principal name:
<a class="moz-txt-link-abbreviated" href="mailto:host/mtl-ipa01d.unix.cnppd.lab@UNIX.CNPPD.LAB">host/mtl-ipa01d.unix.cnppd.lab@UNIX.CNPPD.LAB</a></div>
<div> Keytab: True</div>
<div> Password: False</div>
<div> Managed by: mtl-ipa01d.unix.cnppd.lab</div>
<div><br>
</div>
<div> Host name: <a moz-do-not-send="true"
href="http://mtl-vdi01d.cn.ca">mtl-vdi01d.cn.ca</a></div>
<div> Certificate:
MIIDhTCCAm2gAwIBAgIBDDANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5VTklYLkNOUFBELkxBQjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDMxMzE4Mjc0MVoXDTE0MDMxNDE4Mjc0MVowNDEXMBUGA1UEChMOVU5JWC5DTlBQRC5MQUIxGTAXBgNVBAMTEG10bC12ZGkwMWQuY24uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKTPD8p7Ttxn87Y/2CCu54GDTd/CS77irN6OYj9IznqMusHAIWsVVu5m0aT77iULYzO9lKmKCL9RuSnZuqsoppFZk8UJu1KAGKv2FQi7zck28P2t6XRhHXcLRRTq5Mzfd/QjFmCv3oxTP2gd/0rLZUTHJkTzqyYIMlExfQqnEBJCzfzukyFUB5S+X2DthiGOM7vcKPXlmG+VstebtsZ1FkE9LquyWGhSBjqycZM350zRwQP6MLKU4ZX11mit6+/AvRrOJW3Gw9JWRxDOullJG2mCjyFCsUKOX/Xz4VrJeSylIGJQk5kLfP2haSPhkKhG9FXy1vhwpXFF1GAa9DYvhvAgMBAAGjgZwwgZkwHwYDVR0jBBgwFoAUZtbp/CAAXZ/LZAKgUqcXPxgkOzcwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vbXRsLWlwYTAxZC51bml4LmNucHBkLmxhYjo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEPpr1rn+inQlxc+u7WAkyuRDd1af/ilUlldkB0n4l9Ni2Lkt+Gt7w6VYqS+/ZtqTPB/mQuISGDuqeEXSgWSc+1NQq1THgBACzfE5CbKWOcfGd/SnTqIA+/ITydint
YB7SNQ0Vz6BOC9Uv/VmEPqD38ThR88qhK0+wmvdf2HyKOFAsu5Ty5qKaOyDHuhhA4AXEbQz8vRH3XQa/WtSf/zgRKiNeabEc5gWXEd9dSpm2UhW7oLuPlnKolI3IL1RUoc8WrKKLK1HdyrcNY+woZ2Jw4OCkyiGuWaNZHOEAmAlwmvQrFBlMsIPJfI/mxmAXufEO66AHf/747V2n1TvZrnkrQ=</div>
<div> Principal name:
<a class="moz-txt-link-abbreviated" href="mailto:host/mtl-vdi01d.cn.ca@UNIX.CNPPD.LAB">host/mtl-vdi01d.cn.ca@UNIX.CNPPD.LAB</a></div>
<div> Keytab: True</div>
<div> Password: False</div>
<div> Managed by: <a moz-do-not-send="true"
href="http://mtl-vdi01d.cn.ca">mtl-vdi01d.cn.ca</a></div>
<div> Subject: CN=<a moz-do-not-send="true"
href="http://mtl-vdi01d.cn.ca">mtl-vdi01d.cn.ca</a>,O=UNIX.CNPPD.LAB</div>
<div> Serial Number: 12</div>
<div> Issuer: CN=Certificate Authority,O=UNIX.CNPPD.LAB</div>
<div> Not Before: Tue Mar 13 18:27:41 2012 UTC</div>
<div> Not After: Fri Mar 14 18:27:41 2014 UTC</div>
<div> Fingerprint (MD5):
26:f6:9f:32:3d:a0:13:43:8e:16:1a:7f:d7:43:7e:51</div>
<div> Fingerprint (SHA1):
4b:28:b2:a4:33:16:27:fc:16:cc:35:54:68:fc:b4:45:85:3f:dc:1a</div>
<div>----------------------------</div>
<div>Number of entries returned 2</div>
<div>----------------------------</div>
<div>[root@mtl-ipa01d ~]# </div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I keep getting "unable to find 'admin' user with
'getent passwd admin'!</div>
<div><br>
</div>
<div>Why is that? </div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Sylvain</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Did you run the client enrollment twice?<br>
Can you provide a ipaclient installation log?<br>
<br>
<blockquote
cite="mid:CABn0HjurAz_LfPSN8KCN2W813y=yJBoxcrs0gvquztvCLC2tSg@mail.gmail.com"
type="cite">
<div>
<div>
<div>
<div><br>
</div>
<div><br>
</div>
-- <br>
Sylvain Angers<br>
<br>
</div>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>