subject:"\[Freeipa\-users\] dns_tkey_negotiategss\: failure GSSAPI error \[...\] Message stream modified."

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

2016-11-03 Thread Petr Spacek

On 27.10.2016 21:47, Tyrell Jentink wrote:
> Thank you Petr!  I found the problem, but quite by accident...  There may
> be a Best Practice at hand that I wasn't aware of...
> 
> I still have the Windows AD server sitting on the side, serving as DHCP
> server and waiting patiently for my Cross Realm Trust;  That server will
> forward DNS requests to the IPA server, and return a non-authoritative
> answer.  Occasionally, that server will seemingly loose track of the IPA
> server, and stop returning results...  And that happened while I was trying
> to follow through with your request for info...  So as a quick work around,
> I simply dropped the AD server from my resolv.conf...
> 
> And then performed your requests, without errors.  I ran the DNS Update
> from the ipa-server-install script, and that worked without errors.  I
> added the AD server back into resolv.conf, and everything failed again. I
> put the AD server as the SECOND name server in resolv.conf, and the errors
> went away. So I've clearly identified the problem.
> 
> I uninstalled the client, and reinstalled the client, and everything went
> cleanly.
> 
> To prevent this problem in the future...  I will be changing the DHCP
> options to list the IPA DNS first for the Linux clients, and the AD DNS
> first for Windows clients; I still want the AD DNS server in the list, as a
> fallback. Is this plan the best practice here?

Well, the ordering of the servers does not matter as long as they can resolve
records properly. The key problem is

> answer.  Occasionally, that server will seemingly loose track of the IPA
> server, and stop returning results...  And that happened while I was trying
...

It should just work if you fix this.

I hope it helps.

Petr Spacek  @  Red Hat

> 
> On Wed, Oct 26, 2016 at 11:36 PM, Petr Spacek  wrote:
> 
>> On 27.10.2016 04:43, Tyrell Jentink wrote:
 2016-10-26T23:30:40Z DEBUG Writing nsupdate commands to
> /etc/ipa/.dns_update.txt:
> 2016-10-26T23:30:40Z DEBUG debug
>
> update delete trainmaster.ipa.rxrhouse.net. IN A
> show
> send
>
> update delete trainmaster.ipa.rxrhouse.net. IN 
> show
> send
>
> update add trainmaster.ipa.rxrhouse.net. 1200 IN A 10.42.0.100
> show
> send
>
> 2016-10-26T23:30:40Z DEBUG Starting external process
> 2016-10-26T23:30:40Z DEBUG args=/usr/bin/nsupdate -g
> /etc/ipa/.dns_update.txt
> 2016-10-26T23:30:40Z DEBUG Process finished, return code=1
> 2016-10-26T23:30:40Z DEBUG stdout=Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> trainmaster.ipa.rxrhouse.net. 0 ANY A
>
> Outgoing update query:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
> ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
>
> ;; ADDITIONAL SECTION:
> 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig.
>> 1477524640
>> [...]
>
> 2016-10-26T23:30:40Z DEBUG stderr=Reply from SOA query:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  38738
> ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
>> ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;trainmaster.ipa.rxrhouse.net.  IN  SOA
>
> ;; AUTHORITY SECTION:
> ipa.rxrhouse.net.   0   IN  SOA
>> ipa-pdc.ipa.rxrhouse.net.
> hostmaster.ipa.rxrhouse.net. 1477524446 3600 900 1209600 3600
>
> Found zone name: ipa.rxrhouse.net
> The master is: ipa-pdc.ipa.rxrhouse.net
> start_gssrequest
> Found realm from ticket: IPA.RXRHOUSE.NET
> send_gssrequest
> recvmsg reply from GSS-TSIG query
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
> ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
>
> ;; ANSWER SECTION:
> 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig.
>> 1466301805
> 1466388205 3 NOERROR 101
> YGMGCSqGSIb3EgECAgMAflQwUqADAgEFoQMCAR6kERgPMjAxNjA2MTkw
> MjAzMjVapQUCAwHGkaYDAgEpqREbD0FELlJYUkhPVVNFLk5FVKoUMBKg
> AwIBAaELMAkbB2FkLXBkYyQ=
> 0
>
> dns_tkey_negotiategss: failure GSSAPI error: Major = Unspecified GSS
> failure.  Minor code may provide more information, Minor = Message
>> stream
> modified.
>
> 2016-10-26T23:30:40Z DEBUG nsupdate failed: Command
>> '/usr/bin/nsupdate -g
> /etc/ipa/.dns_update.txt' returned non-zero exit status 1
> 2016-10-26T23:30:40Z ERROR Failed to update DNS records.
> 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
> trainmaster.ipa.rxrhouse.net IN A
> 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
> 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
>

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

2016-10-27 Thread Tyrell Jentink

Thank you Petr!  I found the problem, but quite by accident...  There may
be a Best Practice at hand that I wasn't aware of...

I still have the Windows AD server sitting on the side, serving as DHCP
server and waiting patiently for my Cross Realm Trust;  That server will
forward DNS requests to the IPA server, and return a non-authoritative
answer.  Occasionally, that server will seemingly loose track of the IPA
server, and stop returning results...  And that happened while I was trying
to follow through with your request for info...  So as a quick work around,
I simply dropped the AD server from my resolv.conf...

And then performed your requests, without errors.  I ran the DNS Update
from the ipa-server-install script, and that worked without errors.  I
added the AD server back into resolv.conf, and everything failed again. I
put the AD server as the SECOND name server in resolv.conf, and the errors
went away. So I've clearly identified the problem.

I uninstalled the client, and reinstalled the client, and everything went
cleanly.

To prevent this problem in the future...  I will be changing the DHCP
options to list the IPA DNS first for the Linux clients, and the AD DNS
first for Windows clients; I still want the AD DNS server in the list, as a
fallback. Is this plan the best practice here?

On Wed, Oct 26, 2016 at 11:36 PM, Petr Spacek  wrote:

> On 27.10.2016 04:43, Tyrell Jentink wrote:
> >> 2016-10-26T23:30:40Z DEBUG Writing nsupdate commands to
> >> > /etc/ipa/.dns_update.txt:
> >> > 2016-10-26T23:30:40Z DEBUG debug
> >> >
> >> > update delete trainmaster.ipa.rxrhouse.net. IN A
> >> > show
> >> > send
> >> >
> >> > update delete trainmaster.ipa.rxrhouse.net. IN 
> >> > show
> >> > send
> >> >
> >> > update add trainmaster.ipa.rxrhouse.net. 1200 IN A 10.42.0.100
> >> > show
> >> > send
> >> >
> >> > 2016-10-26T23:30:40Z DEBUG Starting external process
> >> > 2016-10-26T23:30:40Z DEBUG args=/usr/bin/nsupdate -g
> >> > /etc/ipa/.dns_update.txt
> >> > 2016-10-26T23:30:40Z DEBUG Process finished, return code=1
> >> > 2016-10-26T23:30:40Z DEBUG stdout=Outgoing update query:
> >> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
> >> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >> > ;; UPDATE SECTION:
> >> > trainmaster.ipa.rxrhouse.net. 0 ANY A
> >> >
> >> > Outgoing update query:
> >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
> >> > ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >> > ;; QUESTION SECTION:
> >> > ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
> >> >
> >> > ;; ADDITIONAL SECTION:
> >> > 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig.
> 1477524640
> [...]
> >> >
> >> > 2016-10-26T23:30:40Z DEBUG stderr=Reply from SOA query:
> >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  38738
> >> > ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
> ADDITIONAL: 0
> >> > ;; QUESTION SECTION:
> >> > ;trainmaster.ipa.rxrhouse.net.  IN  SOA
> >> >
> >> > ;; AUTHORITY SECTION:
> >> > ipa.rxrhouse.net.   0   IN  SOA
> ipa-pdc.ipa.rxrhouse.net.
> >> > hostmaster.ipa.rxrhouse.net. 1477524446 3600 900 1209600 3600
> >> >
> >> > Found zone name: ipa.rxrhouse.net
> >> > The master is: ipa-pdc.ipa.rxrhouse.net
> >> > start_gssrequest
> >> > Found realm from ticket: IPA.RXRHOUSE.NET
> >> > send_gssrequest
> >> > recvmsg reply from GSS-TSIG query
> >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
> >> > ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >> > ;; QUESTION SECTION:
> >> > ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
> >> >
> >> > ;; ANSWER SECTION:
> >> > 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig.
> 1466301805
> >> > 1466388205 3 NOERROR 101
> >> > YGMGCSqGSIb3EgECAgMAflQwUqADAgEFoQMCAR6kERgPMjAxNjA2MTkw
> >> > MjAzMjVapQUCAwHGkaYDAgEpqREbD0FELlJYUkhPVVNFLk5FVKoUMBKg
> >> > AwIBAaELMAkbB2FkLXBkYyQ=
> >> > 0
> >> >
> >> > dns_tkey_negotiategss: failure GSSAPI error: Major = Unspecified GSS
> >> > failure.  Minor code may provide more information, Minor = Message
> stream
> >> > modified.
> >> >
> >> > 2016-10-26T23:30:40Z DEBUG nsupdate failed: Command
> '/usr/bin/nsupdate -g
> >> > /etc/ipa/.dns_update.txt' returned non-zero exit status 1
> >> > 2016-10-26T23:30:40Z ERROR Failed to update DNS records.
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
> >> > trainmaster.ipa.rxrhouse.net IN A
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
> >> > trainmaster.ipa.rxrhouse.net IN 
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
> 100.0.42.10.in-addr.arpa.
> >> > IN PTR
> >> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
> >> > 2016-10-26T23:30:40Z WARNING Missing A/ record(s) for host
> >> > trainmaster.ipa.rxrhouse.net: 10.42.0.100.
> >> >

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

2016-10-27 Thread Petr Spacek

On 27.10.2016 04:43, Tyrell Jentink wrote:
>> 2016-10-26T23:30:40Z DEBUG Writing nsupdate commands to
>> > /etc/ipa/.dns_update.txt:
>> > 2016-10-26T23:30:40Z DEBUG debug
>> >
>> > update delete trainmaster.ipa.rxrhouse.net. IN A
>> > show
>> > send
>> >
>> > update delete trainmaster.ipa.rxrhouse.net. IN 
>> > show
>> > send
>> >
>> > update add trainmaster.ipa.rxrhouse.net. 1200 IN A 10.42.0.100
>> > show
>> > send
>> >
>> > 2016-10-26T23:30:40Z DEBUG Starting external process
>> > 2016-10-26T23:30:40Z DEBUG args=/usr/bin/nsupdate -g
>> > /etc/ipa/.dns_update.txt
>> > 2016-10-26T23:30:40Z DEBUG Process finished, return code=1
>> > 2016-10-26T23:30:40Z DEBUG stdout=Outgoing update query:
>> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
>> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> > ;; UPDATE SECTION:
>> > trainmaster.ipa.rxrhouse.net. 0 ANY A
>> >
>> > Outgoing update query:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
>> > ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>> > ;; QUESTION SECTION:
>> > ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
>> >
>> > ;; ADDITIONAL SECTION:
>> > 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig. 1477524640
[...]
>> >
>> > 2016-10-26T23:30:40Z DEBUG stderr=Reply from SOA query:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  38738
>> > ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>> > ;; QUESTION SECTION:
>> > ;trainmaster.ipa.rxrhouse.net.  IN  SOA
>> >
>> > ;; AUTHORITY SECTION:
>> > ipa.rxrhouse.net.   0   IN  SOA ipa-pdc.ipa.rxrhouse.net.
>> > hostmaster.ipa.rxrhouse.net. 1477524446 3600 900 1209600 3600
>> >
>> > Found zone name: ipa.rxrhouse.net
>> > The master is: ipa-pdc.ipa.rxrhouse.net
>> > start_gssrequest
>> > Found realm from ticket: IPA.RXRHOUSE.NET
>> > send_gssrequest
>> > recvmsg reply from GSS-TSIG query
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  39562
>> > ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>> > ;; QUESTION SECTION:
>> > ;3107127915.sig-ipa-pdc.ipa.rxrhouse.net. ANY TKEY
>> >
>> > ;; ANSWER SECTION:
>> > 3107127915.sig-ipa-pdc.ipa.rxrhouse.net. 0 ANY TKEY gss-tsig. 1466301805
>> > 1466388205 3 NOERROR 101
>> > YGMGCSqGSIb3EgECAgMAflQwUqADAgEFoQMCAR6kERgPMjAxNjA2MTkw
>> > MjAzMjVapQUCAwHGkaYDAgEpqREbD0FELlJYUkhPVVNFLk5FVKoUMBKg
>> > AwIBAaELMAkbB2FkLXBkYyQ=
>> > 0
>> >
>> > dns_tkey_negotiategss: failure GSSAPI error: Major = Unspecified GSS
>> > failure.  Minor code may provide more information, Minor = Message stream
>> > modified.
>> >
>> > 2016-10-26T23:30:40Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g
>> > /etc/ipa/.dns_update.txt' returned non-zero exit status 1
>> > 2016-10-26T23:30:40Z ERROR Failed to update DNS records.
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
>> > trainmaster.ipa.rxrhouse.net IN A
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query:
>> > trainmaster.ipa.rxrhouse.net IN 
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: Query: 100.0.42.10.in-addr.arpa.
>> > IN PTR
>> > 2016-10-26T23:30:40Z DEBUG DNS resolver: No record.
>> > 2016-10-26T23:30:40Z WARNING Missing A/ record(s) for host
>> > trainmaster.ipa.rxrhouse.net: 10.42.0.100.
>> > 2016-10-26T23:30:40Z WARNING Missing reverse record(s) for address(es):
>> > 10.42.0.100.
>> >
> -- Full logs can be found here:  http://pastebin.com/90dG9Ffu
> 
>- For grins, I decided to test:
>kinit admin
>id admin
>getent passwd admin
>on the client, and all of those all made valid responses... So
>authentication is working, I just can't update DNS records.
> 
> 
> So that's what I've tried, and where I'm at...  My client machines running
> modern client software can NOT update DNS records, complaining about GSSAPI
> "Message Stream Modified" errors...  And I have no idea how to troubleshoot
> that... Any ideas?

Interesting, I haven't seen this one :-)

There is something fishy in GSSAPI negotiation between the client and DNS 
server.

I would try this (and watch out for suspicious messages along the way):

1) To be sure, please double-check that ipa-pdc.ipa.rxrhouse.net. resolves
(from the client) to correct IP address of IPA DNS server.

2) Verify that Kerberos ticket for the DNS server can be obtained:
$ kinit -k
$ kvno DNS/ipa-pdc.ipa.rxrhouse.net
$ klist  # it should list Kerberos ticket for ipa-pdc.ipa.rxrhouse.net

3) Create a plain text file with update message content:
cat > /tmp/dnsupdate <

[Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

2016-10-26 Thread Tyrell Jentink

Hello all,

I'm still having problems with my IPA Client install...  My errors aren't
bringing up any meaningful results on Google, so I really appreciate any
hints anyone might have!

To narrow the scope of the problem, I simply rebuilt both the server and
the client from scratch... This time without Active Directory Realm trusts,
so things are nice and clean. To wit, I have been using
http://www.freeipa.org/page/Active_Directory_trust_setup and
https://blog.christophersmart.com/articles/freeipa-how-to-fedora/ as
references, and I have run the following:

ON THE SERVER:

   - dnf -y update && dnf install -y "*ipa-server" "*ipa-server-trust-ad"
   "*ipa-server-dns" bind bind-dyndb-ldap
   - echo "ipa_ip_address ipa_hostname.ipa_domain ipa_hostname" >>
   /etc/hosts
   (I also added the AD server to my hosts file, although that shouldn't be
   messing with anything...)
   - hostname ipa_hostname.ipa_domain
   - hostnamectl set-hostname ipa_hostname.ipa_domain
   - reboot (And took a snapshot of the VM)
   - for x in freeipa-ldap freeipa-ldaps dns ntp; do firewall-cmd
   --permanent --zone=FedoraServer --add-service=${x} ; done
   - systemctl reload firewalld.service
   - ipa-server-install --setup-dns --no-forwarders
   (I had no errors there...  But I can share my logs if anyone wants to
   see them)
   - And I rebooted again, took another snapshot, and verified the
   following:
  - kinit admin
  id admin
  getent passwd admin
  All return appropriate values on the server...
  - nslookup ipa_hostname.ipa_domain works on both the server and on
  the client...

So, ON TO THE CLIENT:

   - echo "ipa_ip_address ipa_hostname.ipa_domain ipa_hostname" >>
   /etc/hosts
   - echo "nameserver ipa_ip_address" >> /etc/resolv.conf
   - (OF course, I verified that the client can ping the server, and
   nslookup against the server)
   - ipa-client-install --enable-dns-updates --ssh-trust-dns --force-ntpd
   And this is where I ran into problems... My output:

Discovery was successful!
> Client hostname: trainmaster.ipa.rxrhouse.net
> Realm: IPA.RXRHOUSE.NET 
> DNS Domain: ipa.rxrhouse.net
> IPA Server: ipa-pdc.ipa.rxrhouse.net
> BaseDN: dc=ipa,dc=rxrhouse,dc=net
> Continue to configure the system with these values? [no]: yes
> Synchronizing time with KDC...
> Attempting to sync time using ntpd.  Will timeout after 15 seconds
> Attempting to sync time using ntpd.  Will timeout after 15 seconds
> Unable to sync time with NTP server, assuming the time is in sync. Please
> check
>
>that 123 UDP port is opened.
> User authorized to enroll computers: admin
> Password for ad...@ipa.rxrhouse.net:
> Successfully retrieved CA cert
> Subject: CN=Certificate Authority,O=IPA.RXRHOUSE.NET
> 
> Issuer:  CN=Certificate Authority,O=IPA.RXRHOUSE.NET
> 
> Valid From:  Thu Sep 08 17:27:47 2016 UTC
> Valid Until: Mon Sep 08 17:27:47 2036 UTC
> Enrolled in IPA realm IPA.RXRHOUSE.NET 
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm IPA.RXRHOUSE.NET
> 
> trying https://ipa-pdc.ipa.rxrhouse.net/ipa/json
> Forwarding 'ping' to json server 'https://ipa-pdc.ipa.rxrhouse.
> net/ipa/json'
> Forwarding 'ca_is_enabled' to json server 'https://ipa-pdc.ipa.rxrhouse.
> net/ipa/json'
> Systemwide CA database updated.
> Failed to update DNS records.
> Missing reverse record(s) for address(es): 10.42.0.100.
> Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to json server 'https://ipa-pdc.ipa.rxrhouse.
> net/ipa/json'
> Could not update DNS SSHFP records.
> SSSD enabled
> Configured /etc/openldap/ldap.conf
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Configuring ipa.rxrhouse.net as NIS domain.
> Client configuration complete.



   - Of interest, I DID solve my NTP issues from before!  On the downside,
   that wasn't the source of my DNS issues...
   In /var/log/ipaclient-install, I still have the following clipping of
   errors, which I'm merely assuming are the relevant piece:

2016-10-26T23:30:40Z DEBUG Starting external process
> 2016-10-26T23:30:40Z DEBUG args=/sbin/ip -oneline address show dev enp1s6
> 2016-10-26T23:30:40Z DEBUG Process finished, return code=0
> 2016-10-26T23:30:40Z DEBUG stdout=2: enp1s6inet 10.42.0.100/8 brd
> 10.255.255.255 scope global dynamic enp1s6\   valid_lft 588384sec
> preferred_lft 588384sec
> 2: enp1s6inet6 fe80::e779:3263:960d:ff87/64 scope link \
> valid_lft forever preferred_lft forever
>
> 2016-10-26T23:30:40Z DEBUG stderr=
> 2016-10-26T23:30:40Z DEBUG Writing nsupdate commands to
>

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

[Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

4 matches

Site Navigation

Mail list logo

Footer information