[Freeipa-users] ipa-client install failurres, Could not resolve host: ipa-master-in.xyz.com; Unknown error
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Thu Jul 28 15:31:16 UTC 2016
thanks for the inputs..
the issue was with my network,
I was able to resolve it adding in the NETWORKING_IPV6=no in
/etc/sysconfig/network
possibly it was using IPv6 resolution and that was failing
On Thu, Jul 28, 2016 at 1:37 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 27.7.2016 19:29, Rakesh Rajasekharan wrote:
> > Hi,
> >
> > I am running ipa server 4.2 and set it up without using "--setup-dns=no".
> >
> > On few clients the installation fails with the below error message.
> >
> >
> > I verified that the ipa master dns is resolvable. Not sure what could be
> > wrong here..
> >
> >
> > Joining realm failed: libcurl failed to execute the HTTP POST
> transaction,
> > explaining: Could not resolve host: ipa-master-in.xyz.com; Unknown
> error
> >
> > Use ipa-getkeytab to obtain a host principal for this server.
> > Please make sure the following ports are opened in the firewall settings:
> > TCP: 80, 88, 389
> > UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> > Also note that following ports are necessary for ipa-client working
> > properly after enrollment:
> > TCP: 464
> > UDP: 464, 123 (if NTP enabled)
> > Failed to obtain host TGT: (-1765328203, 'Key table entry not found')
> > Installation failed. Force set so not rolling back changes.
> >
> >
> > I tried removeing /etc/ipa/ca.crt and delete any older certificates
> > "certutil -D -n 'IPA CA' -d /etc/pki/nssdb"
> >
> > However, no luck yet..
> >
> > any suggestions on how can I debug this..
>
> I would start with command:
> $ dig ipa-master-in.xyz.com
>
> It should print IPv4 address of the server ipa-master-in.xyz.com . If it
> does
> not print it there is a problem with DNS. In that case usual DNS debugging
> guides apply.
>
> I hope it helps.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160728/e7c88e6b/attachment.htm>
More information about the Freeipa-users
mailing list