[Freeipa-users] Problem with KRB DNS discovery (i think)
Tomasz 'Zen' Napierala
tomasz.napierala at allegro.pl
Wed Nov 25 17:42:16 UTC 2009
Dnia 2009-11-25, śro o godzinie 15:50 +0100, Tomasz Z. Napierala pisze:
> Hi,
>
> I'm getting problems installing clients with default ipa-client-install
> values. Relam and domain are both discovered successfully but then after
> issuing kinit admin I'm getting:
>
> kinit(v5): Cannot resolve network address for KDC in realm QXLTECH while
> getting initial credentials
>
> My krb5.conf looks like this:
> [libdefaults]
> default_realm = QXLTECH
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
>
> [domain_realm]
> .dc2 = QXLTECH
> dc2 = QXLTECH
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
> Adding static kdc entry solved my problem. DNS is configured properly
> with all necessary SRV and TXT entries.
>
> Do you have any ideas what could be wrong?
I dogged little bit deeper and straced kinit. It looks like kinit is
picking up wrong domain name.
My realm is QXLTECH but domain name .dc2 or .dc3 Kinit is requesting
_kerberos._tcp.QXLTECH
How can I change it?
Regards,
--
Tomasz Z. Napierała
Systems Architecture Engineer,
IT Infrastructure Department
Allegro Team
http://www.allegro.pl/
QXL Poland sp. z o.o.
ul. Marcelińska 90, 60-324 Poznań
NIP 779-21-25-257;
Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, Wydział VIII
Gospodarczy
KRS nr 0000104322
Kapitał zakładowy: 1.046.000 zł.
More information about the Freeipa-users
mailing list