[Freeipa-users] passwd sync
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Mar 27 21:44:46 UTC 2012
Section 7.4.2 on password sync calls for a download of a PassSync.msi...I cannot locate this....so your doc needs updating I think.
For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts cn=etc, then the dc= usual bits
I assume the two cn='s are "standard"?
number 4 point 4 ou=People,dc=example,dc=com is a "standard"?
So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz
?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
Sent: Wednesday, 28 March 2012 10:36 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On 03/27/2012 03:47 PM, Steven Jones wrote:
Hi
Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right?
Seems like the client fails to get its name properly. Something related to the host name resolution is likely not correct.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Martin Kosek [mkosek at redhat.com<mailto:mkosek at redhat.com>]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
Hi,
I just started adding hosts/clients but DNS isnt being updated for the client(s).
Screenshot of error is attached....
Hello Steven,
there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
host/vuwunicorh6ws04 at ODS.VUW.AC.NZ<mailto:host/vuwunicorh6ws04 at ODS.VUW.AC.NZ> and thus nsupdate which performs the
DNS update failed.
Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?
Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab
To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab host/vuwunicorh6ws04 at ODS.VUW.AC.NZ<mailto:host/vuwunicorh6ws04 at ODS.VUW.AC.NZ>
The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.
Martin
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120327/7cc303cb/attachment.htm>
More information about the Freeipa-users
mailing list