<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 03/27/2012 03:47 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A51C@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<pre wrap="">Hi
Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right?
</pre>
</blockquote>
<br>
Seems like the client fails to get its name properly. Something
related to the host name resolution is likely not correct.<br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A51C@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<pre wrap="">regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Martin Kosek [<a class="moz-txt-link-abbreviated" href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I just started adding hosts/clients but DNS isnt being updated for the client(s).
Screenshot of error is attached....
</pre>
</blockquote>
<pre wrap="">
Hello Steven,
there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
<a class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a> and thus nsupdate which performs the
DNS update failed.
Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?
Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab
To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab <a class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a>
The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.
Martin
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>