[Freeipa-users] Broken krb5.conf after ipa-server-install
Dmitri Pal
dpal at redhat.com
Wed Jan 14 21:16:02 UTC 2015
On 01/14/2015 04:04 PM, Orion Poplawski wrote:
> After running ipa-server-install like this:
>
> ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
> /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
> --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12
> --http_pin=XXX --idstart=8000
>
> I'm not configuring bind.
>
> I ended up with a broken krb5.conf with entries like:
>
> [libdefaults]
> default_realm = #
Probably from the krb5.conf template.
I suspect it means that host name was empty and replacement did not do
anything.
Sounds like host name resolution problem to me.
> [realms]
> NWRA.COM = {
> kdc = server.nwra.com:88
> master_kdc = server.nwra.com:88
> admin_server = server.nwra.com:749
> default_domain = nwra.com
> pkinit_anchors = FILE:/etc/ipa/ca.crt
> }
>
> # = {
> kdc = server.nwra.com:88
> admin_server = server.nwra.com:749
> }
>
> [domain_realm]
> .nwra.com = NWRA.COM
> nwra.com = NWRA.COM
>
> # = #
> .# = #
>
> Any idea where the #'s are coming from?
>
> ipa-server-3.3.3-28.el7_0.3.x86_64
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list