[Freeipa-users] SSHFP upload
Martin Basti
mbasti at redhat.com
Fri May 6 19:25:50 UTC 2016
Hello, records are updated by nslookup
do you have allowed dynamic updates in the zone settings?
Martin
On 06.05.2016 21:18, Sean Hogan wrote:
>
> Hi All,
>
> Wondering if someone knows how the SSHFPs of a box are getting
> uploaded to IPA during ipa-client-install --enable-dns-updates? Is it
> going over port 389,636,22?
>
> Have an issue that on one network my enrolls work fine and everything
> gets updated. A new network was put in place but still part of the
> same domain and I get SSHFP failed to upload. I was assuming this has
> something to do with DNS but Network team says bi directional port 53
> is good and I can nslookup. Both new and old networks point to the
> same IPA DNS server for enrolling. The IPs of the new network still
> fall in my reverse zone.
>
> So My DNS is setup with:
> test.local
> 10.in-addr.arpa
>
> and the IP scheme for new net is 10.5.x.x, old net is 10.35.x.x
>
>
>
> Results of current Network
>
>
> Enrolled in IPA realm TEST.LOCAL
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm TEST.LOCAL
> trying *_https://bob.test.local/ipa/xml_*
> <https://rtpvxl0068.watson.local/ipa/xml>
> Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
> DNS server record set to: dingle.test.local -> IP of dingle
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
> SSSD enabled
> Configuring test.local as NIS domain
> Configured /etc/openldap/ldap.conf
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete.
>
>
>
>
> Results of New network
> Enrolled in IPA realm TEST.LOCAL
> Attempting to get host TGT...
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm TEST.LOCAL
> trying *_https://bob.test.local/ipa/xml_*
> <https://rtpvxl0068.watson.local/ipa/xml>
> Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
> Failed to update DNS records.
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
> Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
> Could not update DNS SSHFP records.
> SSSD enabled
> Configuring test.local as NIS domain
> Configured /etc/openldap/ldap.conf
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Client configuration complete
>
>
>
>
>
>
> Sean Hogan
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160506/8e73617e/attachment.htm>
More information about the Freeipa-users
mailing list