[Freeipa-users] DNS service fails to start on replica master
Jeff Goddard
jgoddard at emerlyn.com
Thu Jan 5 15:11:28 UTC 2017
I'm starting a new thread rather than continuing to submit under:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.
My problem is that I cannot get the DNS service to start on one of my
replica masters. From the previous message thread:
Hello,
could you check this link https://fedorahosted.org/bind-
dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:
bindtoLDAPserverfailed
kinit prints nothing when it works, so it works in your case, can you after
kinit as DNS service try to use ldapsearch -Y GSSAPI ?
Martin
Reading the article and following the steps I get this as a result of:
ipa privilege-show 'DNS Servers' --all --raw
dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com
cn: DNS Servers
description: DNS Servers
member: krbprincipalname=DNS/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=ipa-dnskeysyncd/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=DNS/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=ipa-dnskeysyncd/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
+nsuniqueid=be8eda7e-fcd311e5-859e9ada-0ab343c0,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
member: krbprincipalname=DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Read DNS
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Write DNS
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Add DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Manage DNSSEC
keys,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Manage DNSSEC
metadata,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Read DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Remove DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
memberof: cn=System: Update DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/ab2f5eac/attachment.htm>
More information about the Freeipa-users
mailing list