[Freeipa-users] Unable to start IPA server after server reboot

Adam Young ayoung at redhat.com
Tue Aug 2 14:04:40 UTC 2011 

On 08/02/2011 09:42 AM, Ondrej Valousek wrote:
> Hi Rob,
> It was just "polaris" - so I tried:
> [root at polaris etc]# hostname polaris.example.com
>
> and it started working - Magic!
> That means that we rely on the fact that hostname is set to FQDN, 
> right? Isn't it too strong requirement?
> Maybe we should guess FQDN using reverse lookups I do not know. The 
> bottom line is that at least the IPA installation script should warn 
> about the incorrect hostname.
>
This actually brought a chuckle....we've been through a few iterations 
of how to deal with this.  The approach did do Reverse at one point, but 
that brought in a few other issues.  Needless to say, we've felt your 
pain on numerous occasions.

Kerberos depends on the hostname being right, and none of the auth works 
without Kerberos.  This is an issue that seems to mess people up in 
testing and evaluation mode, but people want and need it to resolve 
correctly in live environments.



> And the error message was bit confusing as well, because from that one 
> none can even guess what went wrong, I even tried to add 'ipactl -d 
> start' to print more debugging, but it did not help either.
>
> Just trying to bring some ideas, otherwise I am happy that it is 
> working again for me :-)
> Thanks!
>
> Ondrej
>
>
>
>
> On 02.08.2011 15:18, Rob Crittenden wrote:
>> Is your hostname set to polaris.example.com or polaris (check 
>> /etc/sysconfig/network).
>>
>> What we search for is cn=$FQDN,cn=masters,cn=etc
>>
>> That explains the matched part. It matched everything except the 
>> hostname.
>>
>> rob 
>
> ------------------------------------------------------------------------
> The information contained in this e-mail and in any attachments is 
> confidential and is designated solely for the attention of the 
> intended recipient(s). If you are not an intended recipient, you must 
> not use, disclose, copy, distribute or retain this e-mail or any part 
> thereof. If you have received this e-mail in error, please notify the 
> sender by return e-mail and delete all copies of this e-mail from your 
> computer system(s). Please direct any additional queries to: 
> communications at s3group.com. Thank You. Silicon and Software Systems 
> Limited (S3 Group). Registered in Ireland no. 378073. Registered 
> Office: South County Business Park, Leopardstown, Dublin 18
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110802/405b948a/attachment.htm>

More information about the Freeipa-users mailing list