[Freeipa-users] passwd sync
Dmitri Pal
dpal at redhat.com
Tue Mar 27 22:07:22 UTC 2012
On 03/27/2012 05:44 PM, Steven Jones wrote:
> Section 7.4.2 on password sync calls for a download of a
> PassSync.msi...I cannot locate this....so your doc needs updating I think.
>
> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts
> cn=etc, then the dc= usual bits
>
> I assume the two cn='s are "standard"?
>
> number 4 point 4 ou=People,dc=example,dc=com is a "standard"?
>
> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz
>
> ?
Isn't it in a separate channel that needs to be added?
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ------------------------------------------------------------------------
> *From:* freeipa-users-bounces at redhat.com
> [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal
> [dpal at redhat.com]
> *Sent:* Wednesday, 28 March 2012 10:36 a.m.
> *To:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] hosts/clients joining IPA but dns
> updating not working
>
> On 03/27/2012 03:47 PM, Steven Jones wrote:
>> Hi
>>
>> Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
>>
>> Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right?
>>
>
> Seems like the client fails to get its name properly. Something
> related to the host name resolution is likely not correct.
>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: Martin Kosek [mkosek at redhat.com]
>> Sent: Tuesday, 27 March 2012 10:04 p.m.
>> To: Steven Jones
>> Cc: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
>>
>> On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
>>> Hi,
>>>
>>> I just started adding hosts/clients but DNS isnt being updated for the client(s).
>>>
>>> Screenshot of error is attached....
>>>
>> Hello Steven,
>>
>> there is something wrong with your host keytab. As written in the
>> output, ipa-client-install could not get a TGT for
>> host/vuwunicorh6ws04 at ODS.VUW.AC.NZ and thus nsupdate which performs the
>> DNS update failed.
>>
>> Can you please attach a relevant portion of ipaclient-install.log so
>> that we can get more information about why it failed?
>>
>> Alternatively, you can list credentials in the keytab with this command
>> yourself:
>> # klist -kt /etc/krb5.keytab
>>
>> To test obtaining the TGT from the host keytab and thus reproducing this
>> issue, you can run this command:
>> # kinit -k -t /etc/krb5.keytab host/vuwunicorh6ws04 at ODS.VUW.AC.NZ
>>
>> The command output itself, or KRB5KDC logs in IPA server should provide
>> a hint why the kinit fails.
>>
>> Martin
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120327/470088b3/attachment.htm>
More information about the Freeipa-users
mailing list