<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 22/05/15 18:05, Johnny Tan wrote:<br> </div> <blockquote cite="mid:CABMVzL0t9P0=pXXKOnaOv4EQu1cenC-CD3+N24R_QN2e3StF+w@mail.gmail.com" type="cite"> <div dir="ltr">Our servers run CentOS-6.6 and ipa-server-3.0.0-42.el6.centos.x86_64 <div><br> </div> <div>Our CentOS clients (also 6.6) join the domain seamlessly.</div> <div><br> </div> <div>Our Ubuntu 14.04 LTS clients, however, don't seem to be able to auto-discover domain, realm, or IPA servers:</div> <div> <div>```</div> <div>dpkg -l | grep freeipa</div> <div>ii freeipa-client 3.3.4-0ubuntu3.1 amd64 FreeIPA centralized identity framework -- client</div> </div> <div><br> </div> <div>/usr/sbin/ipa-client-install --mkhomedir --no-ntp --no-sudo --unattended --hostname testing-ubuntu001.pp --principal admin --password xx --debug<br> </div> <div> <div>/usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': 'testing-ubuntu001.pp', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': True, 'conf_ssh': True, 'force_join': False, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}</div> <div>missing options might be asked for interactively later</div> <div>Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'</div> <div>Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'</div> <div>[IPA Discovery]</div> <div>Starting IPA discovery with domain=None, servers=None, hostname=testing-ubuntu001.pp</div> <div>Start searching for LDAP SRV record in "pp" (domain of the hostname) and its sub-domains</div> <div>Search DNS for SRV record of _ldap._tcp.pp</div> <div>DNS record not found: EmptyLabel</div> <div>Start searching for LDAP SRV record in ".pp" (search domain from /etc/resolv.conf) and its sub-domains</div> <div>Search DNS for SRV record of _ldap._tcp..pp</div> <div>DNS record not found: EmptyLabel</div> <div>Already searched pp; skipping</div> <div>No LDAP server found</div> <div>No LDAP server found</div> <div>Unable to discover domain, not provided on command line</div> <div>Installation failed. Rolling back changes.</div> <div>IPA client is not configured on this system.</div> </div> <div>```</div> <div><br> </div> <div>Yet on the same client:</div> <div>```</div> <div> <div>root@testing-ubuntu001:~# dig srv _ldap._tcp.pp +short</div> <div>0 100 389 production-ipa003.pp.</div> <div>0 100 389 production-ipa001.pp.</div> <div>0 100 389 production-ipa002.pp.</div> </div> <div>```</div> <div><br> </div> <div>Why can't ipa-client-install discover those SRV records?</div> <div><br> </div> <div>johnny</div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> Hello,<br> <br> this is weird, "DNS record not found: EmptyLabel", this error returns python-dns when empty label is used in domain name.<br> <br> And here is empty label -> _ldap._tcp..pp (two dots).<br> <br> But that doubled dot is not on line above and the error is the same, interesting.<br> <br> <pre class="moz-signature" cols="72">-- Martin Basti</pre> </body> </html>