On Fri, 2011-08-26 at 11:06 -0400, Rob Crittenden wrote: > If the IPA server's reverse DNS is broken, such as the PTR entry > pointing to a different name then enrollment will fail and > ipa-getkeytab > won't work. > > I tested with: > > [rcrit@dane freeipa]$ getent hosts slinky > 192.168.166.39 slinky.example.com > [rcrit@dane freeipa]$ getent hosts 192.168.166.39 > 192.168.166.39 lego.example.com > > This relies on fixes in openldap and krb5 in Fedora-15. It is > testable > in RHEL 6.2 though. > > sssd has similar problems and they are making a change as well. > Without > the sssd fix enrollment will succeed but nss won't work. >
ACK! Simo. > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
