[Freeipa-users] IPA-AD Trust unable to resolve child domain
Carlos Raúl Laguna
carlosla1987 at gmail.com
Thu Oct 20 18:05:49 UTC 2016
Hi Alexander,
I do belive is a DNS problem, the command failing are
host -t srv _ldap._tcp.ad_domain
or
dig SRV _ldap._tcp.ad_domain
after checkig the logs a see this error
"no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN': 10.20.4.22#53"
so i disable the dnssec validation on IPA and it work as expected, i will
setup dnssec on the windows side and enable dns validation once more on IPA
to see if can get the same outcome.
Thanks for you answer
2016-10-20 10:10 GMT-04:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On to, 20 loka 2016, Carlos Raúl Laguna wrote:
>
>> Hello everyone,
>>
>> Both server are fresh install 2008r2 and fedora 24 server freeipa 4.3.2 as
>> documentation explain in
>> http://www.freeipa.org/page/Active_Directory_trust_setup#If_
>> AD_is_subdomain_of_IPA
>>
>> however the server is unable to resolve any record from my child domain, i
>> found
>> this bug https://fedorahosted.org/freeipa/ticket/6062, but not sure if
>> this
>> version of IPA is affected by it.
>>
>> The procedure in the documentation is still valid ?.
>>
> Given that you have literally provided no logs that would help to help
> you, let's start from it.
>
> Show what's your problem is through the logs. What exact commands are
> failing? If you suspect DNS issues, show your named-pkcs11's logs.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161020/7a7c82e3/attachment.htm>
More information about the Freeipa-users
mailing list