<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 03/27/2012 03:44 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A6ED@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">Section 7.4.2 on password sync calls for a
download of a PassSync.msi...I cannot locate this....so your doc
needs updating I think.<br>
</div>
</blockquote>
There is a version here <a class="moz-txt-link-freetext" href="http://port389.org/wiki/Download">http://port389.org/wiki/Download</a> -<span
class="mw-headline"> Windows Password Synchronization</span>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E404CC3A6ED@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<br>
For the 7.4.2 number 4 point 2 I see uid=passync
cn=systemaccounts cn=etc, then the dc= usual bits<br>
<br>
I assume the two cn='s are "standard"? <br>
<br>
number 4 point 4 ou=People,dc=example,dc=com is a "standard"?
<br>
<br>
So in my case it would simply be
ou=People,dc=ods,dc=vuw,dc=ac,dc=nz<br>
<br>
?<br>
<br>
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0);
font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF916300"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Dmitri Pal
[<a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a>]<br>
<b>Sent:</b> Wednesday, 28 March 2012 10:36 a.m.<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] hosts/clients joining
IPA but dns updating not working<br>
</font><br>
</div>
<div>On 03/27/2012 03:47 PM, Steven Jones wrote:
<blockquote type="cite">
<pre>Hi
Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right?
</pre>
</blockquote>
<br>
Seems like the client fails to get its name properly.
Something related to the host name resolution is likely not
correct.<br>
<br>
<blockquote type="cite">
<pre>regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Martin Kosek [<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">freeipa-users@redhat.com</a>
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
</pre>
<blockquote type="cite">
<pre>Hi,
I just started adding hosts/clients but DNS isnt being updated for the client(s).
Screenshot of error is attached....
</pre>
</blockquote>
<pre>Hello Steven,
there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ" target="_blank">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a> and thus nsupdate which performs the
DNS update failed.
Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?
Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab
To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:host/vuwunicorh6ws04@ODS.VUW.AC.NZ" target="_blank">host/vuwunicorh6ws04@ODS.VUW.AC.NZ</a>
The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.
Martin
</pre>
<pre><fieldset class="mimeAttachmentHeader" target="_blank"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>