[Freeipa-users] Issues creating trust with AD.
Sumit Bose
sbose at redhat.com
Mon Feb 24 08:31:23 UTC 2014
On Fri, Feb 21, 2014 at 11:17:38PM +0200, Genadi Postrilko wrote:
> I would like to clarify myself, i wasn't accurate when i compared it to :
> https://bugzilla.redhat.com/show_bug.cgi?id=878564.
>
...
>
> *But kinit with AD users failed:*
>
> [root at ipaserver1 ~]# kinit Genadi at ADEXAMPLE.COM
> kinit: Cannot resolve servers for KDC in realm "ADEXAMPLE.COM" while
> getting initial credentials
>
> *But after few minutes i was able to to kinit with AD users agian:*
>
> [root at ipaserver1 ~]# kinit Genadi at ADEXAMPLE.COM
> Password for Genadi at ADEXAMPLE.COM:
The AD KDC is resolved by doing DNS SRV lookup, e.g.
dig SRV _kerberos._udp.adexample.com
So I would assume a DNS related issue. Did the IP address of you AD
server changed after the reboot? Or did you call kinit early during the
AD boot process so that the DNS server were not running?
If you see this isse again, please call
KRB5_TRACE=/dev/stdout kinit Genadi at ADEXAMPLE.COM
This will print lots of debug information what libkrb5 is doing and
might help to identify the origin of the issue.
bye,
Sumit
>
> I think i was too fast on making conclusions.
> Not sure if opening a bug is needed.
>
>
More information about the Freeipa-users
mailing list