Simo Sorce wrote:
On Fri, 2011-08-26 at 11:06 -0400, Rob Crittenden wrote:
If the IPA server's reverse DNS is broken, such as the PTR entry
pointing to a different name then enrollment will fail and
ipa-getkeytab
won't work.
I tested with:
[rcrit@dane freeipa]$ getent hosts slinky
192.168.166.39 slinky.example.com
[rcrit@dane freeipa]$ getent hosts 192.168.166.39
192.168.166.39 lego.example.com
This relies on fixes in openldap and krb5 in Fedora-15. It is
testable
in RHEL 6.2 though.
sssd has similar problems and they are making a change as well.
Without
the sssd fix enrollment will succeed but nss won't work.
ACK!
Simo.
pushed to master and ipa-2-1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
