[Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem
Dmitri Pal
dpal at redhat.com
Wed Jun 19 16:45:35 UTC 2013
On 06/19/2013 10:32 AM, Vitaly wrote:
>
> ipa-client-install fails with "Cannot resolve network address for KDC"
> message.
> I don't have SRV records, but I provide IPA server name via
> "--server" param.
> any ideas?
>
> TIA,
> Vitaly
>
> 2013-06-19 13:58:39,113 DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2013-06-19 13:58:39,113 DEBUG [ipacheckldap]
> 2013-06-19 13:58:39,113 DEBUG Init ldap with:
> ldap://serv02.prod.example.com:389 <http://serv02.prod.example.com:389>
> 2013-06-19 13:58:39,193 DEBUG Search rootdse
> 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in
> dc=prod,dc=example,dc=com(base)
> 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com',
> {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject',
> 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
> ['prod.example.com <http://prod.example.com>'], 'dc': ['prod'],
> 'nisDomain': ['prod.example.com <http://prod.example.com>']})]
> 2013-06-19 13:58:39,272 DEBUG Search for
> (objectClass=krbRealmContainer) in dc=prod,dc=example,dc=com(sub)
> 2013-06-19 13:58:39,313 DEBUG Found: [('cn=PROD.EXAMPLE.COM
> <http://PROD.EXAMPLE.COM>,cn=kerberos,dc=prod,dc=example,dc=com',
> {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn':
> ['PROD.EXAMPLE.COM <http://PROD.EXAMPLE.COM>'],
> 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special',
> 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass':
> ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope':
> ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal',
> 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special',
> 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special',
> 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal',
> 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4',
> 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
> 'krbMaxRenewableAge': ['604800']})]
> 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit
> vm4.stage.example.com at PROD.EXAMPLE.COM
> <mailto:vm4.stage.example.com at PROD.EXAMPLE.COM>
> 2013-06-19 13:58:52,032 INFO stdout=
> 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network
> address for KDC in realm PROD.EXAMPLE.COM <http://PROD.EXAMPLE.COM>
> while getting initial credentials
>
> 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy
> 2013-06-19 13:58:52,065 INFO stdout=
> 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache
> found while destroying cache
> ~
> ~
> ~
> ~
> ~
> ~
> ~
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Is KDC resolvable from the client?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130619/d5e9f737/attachment.htm>
More information about the Freeipa-users
mailing list