[Freeipa-users] ipa-client-install failure
Petr Spacek
pspacek at redhat.com
Mon Mar 23 09:35:26 UTC 2015
On 23.3.2015 10:21, Roberto Cornacchia wrote:
> About the DNS update, this is what the debug log has to say:
>
> Found zone name: hq.example.com
> The master is: ipa.hq.example.com
> start_gssrequest
> Found realm from ticket: HQ.EXAMPLE.COM
> send_gssrequest
> *; Communication with 192.168.0.72#53 failed: operation canceled*
> *Reply from SOA query:*
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4923
> ;; flags: qr ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;1835417091.sig-ipa.hq.example.com. ANY TKEY
>
> response to SOA query was unsuccessful
- Please verify that 192.168.0.72 is the correct IP address of the FreeIPA server.
- Please check named.logs on the server side to see if there are any complains
about unsuccessful key negotiation with client.
> Notice that is is *different* from what I got before the chronyd change.
> Before, there was not even a reply:
>
> Found zone name: hq.example.com
> The master is: ipa.hq.example.com
> start_gssrequest
> Found realm from ticket: HQ.EXAMPLE.COM
> send_gssrequest
> *; Communication with 192.168.0.72#53 failed: operation canceled*
> *could not reach any name server*
Interesting, this should not be related to time synchronization in any way.
DNS server simply did not return any answer.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list