<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hello, <br>
<br>
well it depends what exactly you did and what helped. I see
Alexander gave you some hints about mDNS.<br>
<br>
If it was DNSSEC error you should see validation error messages in
journalctl -u named-pkcs11 before you disabled DNSSEC validation.<br>
<br>
Martin^2<br>
<br>
On 02/02/15 16:34, Gerardo Cuppari wrote:<br>
</div>
<blockquote
cite="mid:CAAD-uD2wztONJKXFF1-3iSzwsqNnuss-FLES8Vg56oROS_8now@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)">Hi
Martin, thanks for your replies!</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)">Please,
don't tell me I am getting all these errors because of the
".local" domain! If so, I will surelly kill someone haha</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)">I
checked /etc/named.conf and changed to "no" dnssec-validation
and here is what you requested:</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;color:rgb(0,0,153)"><br>
</div>
<div class="gmail_default" style="">
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">[root@pc01 ~]# dig
server.estudio.local</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">; <<>> DiG
9.9.6-P1-RedHat-9.9.6-6.P1.fc21 <<>>
server.estudio.local</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; global options: +cmd</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; Got answer:</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; ->>HEADER<<-
opcode: QUERY, status: NOERROR, id: 31554</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; flags: qr aa rd ra; QUERY:
1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; OPT PSEUDOSECTION:</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">; EDNS: version: 0, flags:;
udp: 4096</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; QUESTION SECTION:</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;server.estudio.local.
IN A</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; ANSWER SECTION:</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">server.estudio.local. 1200
IN A 192.168.56.2</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; AUTHORITY SECTION:</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">estudio.local. 86400
IN NS server.estudio.local.</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; Query time: 0 msec</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; SERVER:
192.168.56.2#53(192.168.56.2)</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; WHEN: lun feb 02 12:29:17
ART 2015</font></div>
<div class="gmail_default" style=""><font color="#000099"
face="verdana, sans-serif">;; MSG SIZE rcvd: 79</font></div>
<div style="color:rgb(0,0,153);font-family:verdana,sans-serif"><br>
</div>
<div style="color:rgb(0,0,153);font-family:verdana,sans-serif">******************************************</div>
<div style="color:rgb(0,0,153);font-family:verdana,sans-serif"><br>
</div>
<div style="">
<div style="">
<div><font color="#000099" face="verdana, sans-serif">[root@pc01
~]# dig -t ptr 2.56.168.192.in-addr.arpa</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;
<<>> DiG 9.9.6-P1-RedHat-9.9.6-6.P1.fc21
<<>> -t ptr 2.56.168.192.in-addr.arpa</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
global options: +cmd</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
Got answer:</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 36167</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL: 2</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
OPT PSEUDOSECTION:</font></div>
<div><font color="#000099" face="verdana, sans-serif">;
EDNS: version: 0, flags:; udp: 4096</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
QUESTION SECTION:</font></div>
<div><font color="#000099" face="verdana, sans-serif">;2.56.168.192.in-addr.arpa.
IN PTR</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
ANSWER SECTION:</font></div>
<div><font color="#000099" face="verdana, sans-serif">2.56.168.192.in-addr.arpa.
86400 IN PTR server.estudio.local.</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
AUTHORITY SECTION:</font></div>
<div><font color="#000099" face="verdana, sans-serif">56.168.192.in-addr.arpa.
86400 IN NS server.estudio.local.</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
ADDITIONAL SECTION:</font></div>
<div><font color="#000099" face="verdana, sans-serif">server.estudio.local.
1200 IN A 192.168.56.2</font></div>
<div><font color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
Query time: 0 msec</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
SERVER: 192.168.56.2#53(192.168.56.2)</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
WHEN: lun feb 02 12:34:27 ART 2015</font></div>
<div><font color="#000099" face="verdana, sans-serif">;;
MSG SIZE rcvd: 118</font></div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-02-02 12:17 GMT-03:00 Martin Basti
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 02/02/15 16:07, Martin Basti wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div>On 02/02/15 14:13, Gerardo Cuppari wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default">
<div>
<div class="h5">
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Hello!
I am trying to enroll one host to my IPA
server (4.1.2) and I am having one
problem: the ipa-client-install script
keeps giving me errors at the "forwarding
ping to json server" step.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">My
configuration is:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><span
style="white-space:pre-wrap"> </span>-
server.estudio.local<span
style="white-space:pre-wrap"> </span>192.168.56.2<span
style="white-space:pre-wrap"> </span>Fedora
Server 21<span
style="white-space:pre-wrap"> </span>ipa
4.1.2</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><span
style="white-space:pre-wrap"> </span>-
pc01.estudio.local<span
style="white-space:pre-wrap"> </span>192.168.56.106<span
style="white-space:pre-wrap"> </span>Fedora
Works. 21</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Both
have firewalld down (just to test) and can
reach each other. I've been trying to get
this working without success (solved other
minor issues) and so I'm asking for your
help.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">The
only way I can make it work is by adding
the --force switch to ipa-client-install
script but, that way, it just disregards
errors.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Thanks
in advance!!!</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Here
are my tests:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">SERVER</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">======</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@server
~]# ipa ping</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">-------------------------------------------</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">IPA
server version 4.1.2. API version 2.109</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">-------------------------------------------</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">CLIENT</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">======</font></div>
<div class="gmail_default"><span
style="white-space:pre-wrap"><font
color="#000099" face="verdana,
sans-serif"> </font></span></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# dig server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;
<<>> DiG
9.9.6-P1-RedHat-9.9.6-6.P1.fc21
<<>> server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
global options: +cmd</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
Got answer:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
->>HEADER<<- opcode: QUERY,
status: SERVFAIL, id: 29286</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
flags: qr rd ra; QUERY: 1, ANSWER: 0,
AUTHORITY: 0, ADDITIONAL: 1</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
OPT PSEUDOSECTION:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;
EDNS: version: 0, flags:; udp: 4096</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
QUESTION SECTION:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;server.
IN A</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
Query time: 10 msec</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
SERVER: 192.168.56.2#53(192.168.56.2)</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
WHEN: lun feb 02 09:51:07 ART 2015</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">;;
MSG SIZE rcvd: 35</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">***********************************************</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# nslookup server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Server:
192.168.56.2</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Address:
192.168.56.2#53</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Name:
server.estudio.local</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Address:
192.168.56.2</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">***********************************************</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Here
I disable chronyd so I can run the script
without NTP sync errors:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# systemctl disable chronyd</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Removed
symlink
/etc/systemd/system/multi-user.target.wants/chronyd.service.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# service chronyd stop</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Redirecting
to /bin/systemctl stop chronyd.service</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">***********************************************</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Without
having "server.estudio.local" on
/etc/hosts file:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# ipa-client-install
--enable-dns-updates --mkhomedir
--ssh-trust-dns</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Skip
server.estudio.local: cannot verify if
this is an IPA server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Provide
your IPA server name (ex: <a
moz-do-not-send="true"
href="http://ipa.example.com"
target="_blank">ipa.example.com</a>): <br>
</font></div>
</div>
</div>
<div>
<div class="h5">
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Skip
server.estudio.local: cannot verify if
this is an IPA server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to verify that server.estudio.local is an
IPA Server.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">This
may mean that the remote server is not up
or is not reachable due to network or
firewall settings.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Please
make sure the following ports are opened
in the firewall settings:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
TCP: 80, 88, 389</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
UDP: 88 (at least one of TCP/UDP ports
88 has to be open)</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Also
note that following ports are necessary
for ipa-client working properly after
enrollment:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
TCP: 464</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
UDP: 464, 123 (if NTP enabled)</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Installation
failed. Rolling back changes.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">IPA
client is not configured on this system.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">***********************************************</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Here
I added hostname and IP address to
/etc/hosts file (don't know why it doesn't
work without it):</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">[root@pc01
~]# ipa-client-install
--enable-dns-updates --mkhomedir
--ssh-trust-dns</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Discovery
was successful!</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Hostname:
pc01.estudio.local</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Realm:
ESTUDIO.LOCAL</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">DNS
Domain: estudio.local</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">IPA
Server: server.estudio.local</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">BaseDN:
dc=estudio,dc=local</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Continue
to configure the system with these values?
[no]: yes</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Synchronizing
time with KDC...</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">User
authorized to enroll computers: admin</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Password
for <a moz-do-not-send="true"
href="mailto:admin@ESTUDIO.LOCAL"
target="_blank">admin@ESTUDIO.LOCAL</a>:</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Successfully
retrieved CA cert</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
Subject: CN=Certificate
Authority,O=ESTUDIO.LOCAL</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
Issuer: CN=Certificate
Authority,O=ESTUDIO.LOCAL</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
Valid From: Fri Jan 30 12:02:01 2015
UTC</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">
Valid Until: Tue Jan 30 12:02:01 2035
UTC</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Enrolled
in IPA realm ESTUDIO.LOCAL</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Created
/etc/ipa/default.conf</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">New
SSSD config will be created</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Configured
sudoers in /etc/nsswitch.conf</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Configured
/etc/sssd/sssd.conf</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Configured
/etc/krb5.conf for IPA realm ESTUDIO.LOCAL</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">trying
<a moz-do-not-send="true"
href="https://server.estudio.local/ipa/json"
target="_blank">https://server.estudio.local/ipa/json</a></font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Forwarding
'ping' to json server '<a
moz-do-not-send="true"
href="https://server.estudio.local/ipa/json"
target="_blank">https://server.estudio.local/ipa/json</a>'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Cannot
connect to the server due to Kerberos
error: Kerberos error: ('Unspecified GSS
failure. Minor code may provide more
information', 851968)/("Cannot contact any
KDC for realm 'ESTUDIO.LOCAL'",
-1765328228). Trying with delegate=True</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">trying
<a moz-do-not-send="true"
href="https://server.estudio.local/ipa/json"
target="_blank">https://server.estudio.local/ipa/json</a></font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Forwarding
'ping' to json server '<a
moz-do-not-send="true"
href="https://server.estudio.local/ipa/json"
target="_blank">https://server.estudio.local/ipa/json</a>'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Second
connect with delegate=True also failed:
Kerberos error: ('Unspecified GSS
failure. Minor code may provide more
information', 851968)/("Cannot contact any
KDC for realm 'ESTUDIO.LOCAL'",
-1765328228)</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Cannot
connect to the IPA server RPC interface:
Kerberos error: ('Unspecified GSS
failure. Minor code may provide more
information', 851968)/("Cannot contact any
KDC for realm 'ESTUDIO.LOCAL'",
-1765328228)</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Installation
failed. Rolling back changes.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to list certificates in /etc/ipa/nssdb:
Command ''/usr/bin/certutil' '-d'
'/etc/ipa/nssdb' '-L'' returned non-zero
exit status 255</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to remove /etc/ipa/nssdb/cert8.db: [Errno
2] No existe el fichero o el directorio:
'/etc/ipa/nssdb/cert8.db'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to remove /etc/ipa/nssdb/key3.db: [Errno
2] No existe el fichero o el directorio:
'/etc/ipa/nssdb/key3.db'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to remove /etc/ipa/nssdb/secmod.db: [Errno
2] No existe el fichero o el directorio:
'/etc/ipa/nssdb/secmod.db'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Failed
to remove /etc/ipa/nssdb/pwdfile.txt:
[Errno 2] No existe el fichero o el
directorio: '/etc/ipa/nssdb/pwdfile.txt'</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Unenrolling
client from IPA server</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Unenrolling
host failed: Error getting default
Kerberos realm: host/domain name not
found.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Removing
Kerberos service principals from
/etc/krb5.keytab</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Disabling
client Kerberos and LDAP configurations</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Redundant
SSSD configuration file
/etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Restoring
client configuration files</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">nscd
daemon is not installed, skip
configuration</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">nslcd
daemon is not installed, skip
configuration</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">Client
uninstall complete.</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"><font
color="#000099" face="verdana, sans-serif">***********************************************</font></div>
<div
style="color:rgb(0,0,153);font-family:verdana,sans-serif"><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<div>
<div class="h5"> Hello<br>
<br>
dig returns servfail, it may be issue.<br>
</div>
</div>
</blockquote>
<br>
You used dig with wrong name, please use dig <font
color="#000099" face="verdana, sans-serif"><font
color="#000000">server.estudio.local and send result?</font><br>
<br>
</font><span class="">
<blockquote type="cite"> <br>
Can you check please /etc/named.conf on server, if
there is dnssec-validation true ?<br>
If yes, please set the dnssec-validation to no,
because you use domain name .local. it may cause
troubles.<br>
<br>
If troubles persist, please send journalctl -u
named-pkcs11 log.<br>
<br>
Martin^2<br>
<br>
<pre cols="72">--
Martin Basti</pre>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
<br>
</span><span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Martin Basti</pre>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>