<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 03/27/2012 03:44 PM, Steven Jones wrote: <blockquote cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A6ED@STAWINCOX10MBX1.staff.vuw.ac.nz" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style> <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt;">Section 7.4.2 on password sync calls for a download of a PassSync.msi...I cannot locate this....so your doc needs updating I think.<br> </div> </blockquote> There is a version here <a class="moz-txt-link-freetext" href="http://port389.org/wiki/Download">http://port389.org/wiki/Download</a> -<span class="mw-headline"> Windows Password Synchronization</span> <blockquote cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A6ED@STAWINCOX10MBX1.staff.vuw.ac.nz" type="cite"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"> <br> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts cn=etc, then the dc= usual bits<br> <br> I assume the two cn='s are "standard"? <br> <br> number 4 point 4 ou=People,dc=example,dc=com is a "standard"? <br> <br> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz<br> <br> ?<br> <br> <div><br> <div style="font-family: Tahoma; font-size: 13px;"> <p>regards</p> <p>Steven Jones</p> <p>Technical Specialist - Linux RHCE</p> <p>Victoria University, Wellington, NZ</p> <p>0064 4 463 6272<br> </p> </div> </div> <div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;"> <hr tabindex="-1"> <div style="direction: ltr;" id="divRpF916300"><font color="#000000" face="Tahoma" size="2"><b>From:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Dmitri Pal [<a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a>]<br> <b>Sent:</b> Wednesday, 28 March 2012 10:36 a.m.<br> <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working<br> </font><br> </div> <div>On 03/27/2012 03:47 PM, Steven Jones wrote: <blockquote type="cite"> <pre>Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another? Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? </pre> </blockquote> <br> Seems like the client fails to get its name properly. Something related to the host name resolution is likely not correct.<br> <br> <blockquote type="cite"> <pre>regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Martin Kosek [<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">freeipa-users@redhat.com</a> Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote: </pre> <blockquote type="cite"> <pre>Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached.... </pre> </blockquote> <pre>Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ" target="_blank">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a> and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ" target="_blank">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a> The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin </pre> <pre><fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> _______________________________________________ Freeipa-users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> </body> </html>