<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 06/19/2013 10:32 AM, Vitaly wrote: <blockquote cite="mid:CANpTS03rKBY5gh+98y5bdTzoMUS-5UPk6xXkk_QqdKJqOi8qyA@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div> <div><br> ipa-client-install fails with "Cannot resolve network address for KDC" message.<br> </div> I don't have SRV records, but I provide IPA server name via "--server" param.<br> </div> any ideas?<br> <br> </div> TIA,<br> </div> Vitaly<br> <div> <div> <div> <div><br> 2013-06-19 13:58:39,113 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'<br> 2013-06-19 13:58:39,113 DEBUG [ipacheckldap]<br> 2013-06-19 13:58:39,113 DEBUG Init ldap with: <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true" href="http://serv02.prod.example.com:389">serv02.prod.example.com:389</a><br> 2013-06-19 13:58:39,193 DEBUG Search rootdse<br> 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in dc=prod,dc=example,dc=com(base)<br> 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['<a moz-do-not-send="true" href="http://prod.example.com">prod.example.com</a>'], 'dc': ['prod'], 'nisDomain': ['<a moz-do-not-send="true" href="http://prod.example.com">prod.example.com</a>']})]<br> 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) in dc=prod,dc=example,dc=com(sub)<br> 2013-06-19 13:58:39,313 DEBUG Found: [('cn=<a moz-do-not-send="true" href="http://PROD.EXAMPLE.COM">PROD.EXAMPLE.COM</a>,cn=kerberos,dc=prod,dc=example,dc=com', {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['<a moz-do-not-send="true" href="http://PROD.EXAMPLE.COM">PROD.EXAMPLE.COM</a>'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})]<br> 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit <a moz-do-not-send="true" href="mailto:vm4.stage.example.com@PROD.EXAMPLE.COM">vm4.stage.example.com@PROD.EXAMPLE.COM</a><br> 2013-06-19 13:58:52,032 INFO stdout=<br> 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network address for KDC in realm <a moz-do-not-send="true" href="http://PROD.EXAMPLE.COM">PROD.EXAMPLE.COM</a> while getting initial credentials<br> <br> 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy<br> 2013-06-19 13:58:52,065 INFO stdout=<br> 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found while destroying cache<br> ~<br> ~<br> ~<br> ~<br> ~<br> ~<br> ~<br> <br> </div> </div> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> Is KDC resolvable from the client?<br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>