[Freeipa-users] ipa-client-install failed to join the IPA realm if DNS setting is incorrect
Ondrej Valousek
ondrejv at s3group.cz
Thu Jun 30 09:26:04 UTC 2011
Hi List,
I have just noticed that the ipa-client-install fails miserably if the clients /etc/resolv.conf points to some foreign DNS server. The
symptoms are that KDC (on the IPA server) fails to locate self in Kerberos database:
Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: NEEDED_PREAUTH: admin at EXAMPLE.COM for
krbtgt/EXAMPLE.COM at EXAMPLE.COM, Additional pre-authentication required
Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: ISSUE: authtime 1309425108, etypes {rep=18
tkt=18 ses=18}, admin at EXAMPLE.COM for krbtgt/EXAMPLE.COM at EXAMPLE.COM
Jun 30 11:11:49 polaris krb5kdc[1279](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: UNKNOWN_SERVER: authtime 0, admin at EXAMPLE.COM
for HTTP/*polaris.prague.s3group.com*@EXAMPLE.COM, *Server not found in Kerberos database*
Question: Should probably try to autoconfigure /etc/resolv.conf as well or at least warn user that join might fail?
Thanks,
Ondrej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110630/e5f33dc4/attachment.htm>
More information about the Freeipa-users
mailing list