[Freeipa-users] ipa-client-install failure
Roberto Cornacchia
roberto.cornacchia at gmail.com
Mon Mar 23 11:16:53 UTC 2015
On 23 March 2015 at 10:35, Petr Spacek <pspacek at redhat.com> wrote:
> On 23.3.2015 10:21, Roberto Cornacchia wrote:
> > About the DNS update, this is what the debug log has to say:
> >
> > Found zone name: hq.example.com
> > The master is: ipa.hq.example.com
> > start_gssrequest
> > Found realm from ticket: HQ.EXAMPLE.COM
> > send_gssrequest
> > *; Communication with 192.168.0.72#53 failed: operation canceled*
> > *Reply from SOA query:*
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4923
> > ;; flags: qr ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > ;; QUESTION SECTION:
> > ;1835417091.sig-ipa.hq.example.com. ANY TKEY
> >
> > response to SOA query was unsuccessful
>
> - Please verify that 192.168.0.72 is the correct IP address of the FreeIPA
> server.
>
Positive
> - Please check named.logs on the server side to see if there are any
> complains
> about unsuccessful key negotiation with client.
>
>
I raised named's log level to debug 10 and restarted
Ran ipa-client-install again.
The log shows many queries from the client, for A/AAA/SOA record types,
both about the server and the client. All approved, no problem.
The log does not seem to contain a single failure / rejection.
However:
1) The client reports that response to SOA query was unsuccessful. The
server log does not say anything about this.
2) The server log does not contain any update request
> > Notice that is is *different* from what I got before the chronyd change.
> > Before, there was not even a reply:
> >
> > Found zone name: hq.example.com
> > The master is: ipa.hq.example.com
> > start_gssrequest
> > Found realm from ticket: HQ.EXAMPLE.COM
> > send_gssrequest
> > *; Communication with 192.168.0.72#53 failed: operation canceled*
> > *could not reach any name server*
>
> Interesting, this should not be related to time synchronization in any way.
> DNS server simply did not return any answer.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/d953589e/attachment.htm>
More information about the Freeipa-users
mailing list