[Freeipa-users] ubuntu dns discovery

Johnny Tan johnnydtan at gmail.com
Fri May 22 20:00:38 UTC 2015 

On Fri, May 22, 2015 at 3:14 PM, Martin Basti <mbasti at redhat.com> wrote:

>  On 22/05/15 18:05, Johnny Tan wrote:
>
> Our servers run CentOS-6.6 and ipa-server-3.0.0-42.el6.centos.x86_64
>
>  Our CentOS clients (also 6.6) join the domain seamlessly.
>
>  Our Ubuntu 14.04 LTS clients, however, don't seem to be able to
> auto-discover domain, realm, or IPA servers:
>  ```
> dpkg -l | grep freeipa
> ii  freeipa-client                      3.3.4-0ubuntu3.1
>         amd64        FreeIPA centralized identity framework -- client
>
>  /usr/sbin/ipa-client-install --mkhomedir --no-ntp --no-sudo --unattended
> --hostname testing-ubuntu001.pp --principal admin --password xx --debug
>  /usr/sbin/ipa-client-install was invoked with options: {'domain': None,
> 'force': False, 'krb5_offline_passwords': True, 'primary': False,
> 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd':
> True, 'conf_ntp': False, 'on_master': False, 'ntp_server': None,
> 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname':
> 'testing-ubuntu001.pp', 'no_ac': False, 'unattended': True, 'sssd': True,
> 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': True, 'conf_ssh':
> True, 'force_join': False, 'server': None, 'prompt_password': False,
> 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
> missing options might be asked for interactively later
> Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
> [IPA Discovery]
> Starting IPA discovery with domain=None, servers=None,
> hostname=testing-ubuntu001.pp
> Start searching for LDAP SRV record in "pp" (domain of the hostname) and
> its sub-domains
> Search DNS for SRV record of _ldap._tcp.pp
> DNS record not found: EmptyLabel
> Start searching for LDAP SRV record in ".pp" (search domain from
> /etc/resolv.conf) and its sub-domains
> Search DNS for SRV record of _ldap._tcp..pp
> DNS record not found: EmptyLabel
> Already searched pp; skipping
> No LDAP server found
> No LDAP server found
> Unable to discover domain, not provided on command line
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
>  ```
>
>  Yet on the same client:
> ```
>  root at testing-ubuntu001:~# dig srv _ldap._tcp.pp +short
> 0 100 389 production-ipa003.pp.
> 0 100 389 production-ipa001.pp.
> 0 100 389 production-ipa002.pp.
>  ```
>
>  Why can't ipa-client-install discover those SRV records?
>
>  johnny
>
>
>  Hello,
>
> this is weird, "DNS record not found: EmptyLabel", this error returns
> python-dns when empty label is used in domain name.
>
> And here is empty label -> _ldap._tcp..pp  (two dots).
>
> But that doubled dot is not on line above and the error is the same,
> interesting.
>

Aha! It seems our configuration management system is populating `search` in
/etc/resolv.conf with ".pp" rather than "pp". If I manually change that, it
now works! Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150522/a79abe22/attachment.htm>

More information about the Freeipa-users mailing list