[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Tue Oct 14 09:59:26 UTC 2014

I tried to avoid setting up a third VM to serve as a DNS server for my 
test scenario. Thought it would be possible to set up working FreeIPA 
client-server interaction with just 2 VMs & correct hostnames & 
/etc/hosts files in them.

Do I correctly understand your idea that it`s a MUST to set up a DNS 
server to facilitate FreeIPA client-server interaction? Or there`s a way 
to do it with just 2 VMs and no DNS server?

14-Oct-14 12:50, Alexander Bokovoy пишет:
> On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
>> With help from Alexander Bokovoy I found correct log destinations:
>>
>> sssd-domain-log:https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log 
>>
>> sssd-nss-log:https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
>>
>> These files are from my second Fedora - FreeBSD setup, they have
>> different domain name, but everything else is identical.
>>
>> Interestingly enough, there are lines in sssd_nss.log telling that there
>> are no users or groups in the domain. But as I said, I can ssh to the
>> IPA server as an IPA user.
> You have basic problem of DNS resolution at the FreeBSD client side:
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [request_watch_destructor] (0x0400): Deleting request watch
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [resolve_srv_done]
> (0x0020): SRV query failed: [Domain name not found]
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [fo_set_port_status]
> (0x0100): Marking port 0 of server '(no name)' as 'not working'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [set_srv_data_status]
> (0x0100): Marking SRV lookup of service 'IPA' as 'not resolved'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV
> lookup meta-server), resolver returned (5)
> ...
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [fo_set_port_status]
> (0x0100): Marking port 0 of server '(no name)' as 'not working'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [set_srv_data_status]
> (0x0100): Marking SRV lookup of service 'IPA' as 'not resolved'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV
> lookup meta-server), resolver returned (5)
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [be_resolve_server_process] (0x1000): Trying with the next one!
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [get_port_status]
> (0x1000): Port status of port 0 for server '(no name)' is 'not working'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [fo_resolve_service_send] (0x0020): No available servers for service
> 'IPA'
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: 5
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error])
> (Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [be_run_offline_cb]
> (0x0080): Going offline. Running callbacks.
>
>
> Make sure your DNS infrastructure is actually working. Run following on
> FreeBSD side:
>
> dig SRV _ldap._tcp.eurosel.az
> dig SRV _kerberos._tcp.eurosel.az
>
> and fix either your resolver or DNS server to properly resolve SRV
> records for IPA domain (assuming eurosel.az is your IPA domain).
>