[Freeipa-users] hosts/clients joining IPA but dns updating not working

Petr Spacek pspacek at redhat.com
Thu Mar 29 11:11:43 UTC 2012 

Hello,

please post output from:

# klist -kt /etc/krb5.keytab

We still need this to better understand logs. I'm not sure if keytab 
contains right keys.

-- 
Petr Spacek

On 03/27/2012 09:47 PM, Steven Jones wrote:
> Hi
>
> Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
>
> Anyway I have incl both logs just in case.  There is a suggestion that the kerberos ticket isnt right?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Martin Kosek [mkosek at redhat.com]
> Sent: Tuesday, 27 March 2012 10:04 p.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
>
> On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
>> Hi,
>>
>> I just started adding hosts/clients but DNS isnt being updated for the client(s).
>>
>> Screenshot of error is attached....
>>
>
> Hello Steven,
>
> there is something wrong with your host keytab. As written in the
> output, ipa-client-install could not get a TGT for
> host/vuwunicorh6ws04 at ODS.VUW.AC.NZ and thus nsupdate which performs the
> DNS update failed.
>
> Can you please attach a relevant portion of ipaclient-install.log so
> that we can get more information about why it failed?
>
> Alternatively, you can list credentials in the keytab with this command
> yourself:
> # klist -kt /etc/krb5.keytab
>
> To test obtaining the TGT from the host keytab and thus reproducing this
> issue, you can run this command:
> # kinit -k -t /etc/krb5.keytab host/vuwunicorh6ws04 at ODS.VUW.AC.NZ
>
> The command output itself, or KRB5KDC logs in IPA server should provide
> a hint why the kinit fails.
>
> Martin
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list