[Freeipa-users] SSHFP upload
Rob Crittenden
rcritten at redhat.com
Fri May 6 19:24:15 UTC 2016
Sean Hogan wrote:
> Hi All,
>
> Wondering if someone knows how the SSHFPs of a box are getting uploaded
> to IPA during ipa-client-install --enable-dns-updates? Is it going over
> port 389,636,22?
>
> Have an issue that on one network my enrolls work fine and everything
> gets updated. A new network was put in place but still part of the same
> domain and I get SSHFP failed to upload. I was assuming this has
> something to do with DNS but Network team says bi directional port 53 is
> good and I can nslookup. Both new and old networks point to the same IPA
> DNS server for enrolling. The IPs of the new network still fall in my
> reverse zone.
>
> So My DNS is setup with:
> test.local
> 10.in-addr.arpa
>
> and the IP scheme for new net is 10.5.x.x, old net is 10.35.x.x
It updates over DNS using nsupdate.
> Results of current Network
Look in /var/log/ipaclient-install.log for details.
rob
>
>
> Enrolled in IPA realm TEST.LOCAL
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm TEST.LOCAL
> trying *_https://bob.test.local/ipa/xml_*
> <https://rtpvxl0068.watson.local/ipa/xml>
> Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
> DNS server record set to: dingle.test.local -> IP of dingle
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
> SSSD enabled
> Configuring test.local as NIS domain
> Configured /etc/openldap/ldap.conf
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete.
>
>
>
>
> Results of New network
> Enrolled in IPA realm TEST.LOCAL
> Attempting to get host TGT...
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm TEST.LOCAL
> trying *_https://bob.test.local/ipa/xml_*
> <https://rtpvxl0068.watson.local/ipa/xml>
> Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
> Failed to update DNS records.
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
> Could not update DNS SSHFP records.
> SSSD enabled
> Configuring test.local as NIS domain
> Configured /etc/openldap/ldap.conf
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete
>
>
>
>
>
>
> Sean Hogan
>
>
>
>
More information about the Freeipa-users
mailing list