[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept
Simo Sorce
simo at redhat.com
Tue Aug 7 20:59:30 UTC 2012
On Tue, 2012-08-07 at 13:35 -0700, Rob Ogilvie wrote:
> On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce <simo at redhat.com> wrote:
> > Kerberos depends on proper name resolution. If a hostname cannot be
> > resolved you cannot acquire tickets for it.
> > So if your host ovm-c19-db does not have a DNS entry (either using IPA's
> > DNS server or an external DNS server) you can't get tickets.
> > also name resolution generally must match the hostname as that is what
> > is used to register a client into ipa.
>
> That seems fair. DNS is well set up, though. ovm-c19-db.<fqdn>
> exists in DNS and ovm-auth is able to resolve it by short hostname and
> FQDN. On the client, hostname returns the FQDN, as well.
>
> Is there anything in my log entries that make it look like it's a DNS
> problem? Again, I must stress, I'm new with Kerberos.
Does klist -kt /etc/krb5.keytab return entries with the right hostname ?
If that works does ipa host-find list it ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list