Hello Pavel

On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka <pvoma...@redhat.com> wrote:

> Hello Gustavo,
> From what I can see, the issue would be PROTOCOL ERROR in whoami command.
> Could you please check whether all services running? Please run
> # ipactl status
> and post the output.
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

> And please could you send me the /etc/named.conf? Especially everything
> after
>  dyndb "ipa"
> line is interesting for us.

This is from /etc/named.conf

options {
        // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
        listen-on-v6 {any;};

        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

        forward only;
        forwarders {

        // Any host is permitted to issue recursive queries
        allow-recursion { any; };

        tkey-gssapi-keytab "/etc/named.keytab";
        pid-file "/run/named/named.pid";
        dnssec-enable yes;
        dnssec-validation no;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";

/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named
 * so put the default debug log file in data/ :
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
                print-time yes;

zone "." IN {
        type hint;
        file "named.ca";

include "/etc/named.rfc1912.zones";

dyndb "ipa" "/usr/lib64/bind/ldap.so" {
        uri "ldapi://%2fvar%2frun%2fslapd-FISICA-CABIB.socket";
        base "cn=dns, dc=fisica,dc=cabib";
        fake_mname "ipaserver.fisica.cabib.";
        auth_method "sasl";
        sasl_mech "GSSAPI";
        sasl_user "DNS/ipaserver.fisica.cabib";
        server_id "ipaserver.fisica.cabib";
include "/etc/named.root.key";

key "rndc-key" {
        algorithm hmac-md5;
        secret "#########################";

Gustavo Berman
Sysadmin - Gerencia de Física - Centro Atómico Bariloche - CNEA
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to