I'm on RHEL 9 and have no /etc/named.conf file. I have tried creating one, both in /etc and in /etc/named, with the suggested dnssec configuration, but that got me no further.
On Fri, Jul 19, 2024 at 2:36 PM Rob Crittenden <[email protected]> wrote: > Johnnie W Adams wrote: > > So I adjusted my command line to point at the entire forest and not a > > single domain controller, and got both a trust and a much more > > interesting error: > > > > ipa: INFO: Response: { > > > > "error": { > > > > "code": 906, > > > > "data": { > > > > "error": "Fetching domains from trusted forest failed. See > > details in the error_log", > > > > "server": "rhidm1.net.example.com > > <http://rhidm1.net.example.com>" > > > > }, > > > > "message": "error on server 'rhidm1.net.example.com > > <http://rhidm1.net.example.com>': Fetching domains from trusted forest > > failed. See details in the error_log", > > > > "name": "ServerCommandError" > > > > }, > > > > "id": 0, > > > > "principal": "[email protected] <mailto:[email protected]>", > > > > "result": null, > > > > "version": "4.11.0" > > > > } > > > > ipa: ERROR: error on server 'rhidm1.net.example.com > > <http://rhidm1.net.example.com>': Fetching domains from trusted forest > > failed. See details in the error_log > > > > > > From the error_log: > > > > > > [Fri Jul 19 12:31:51.363222 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: Helper fetch_domains was called > > for forest ad.test.example.com <http://ad.test.example.com>, return code > > is 1 > > > > [Fri Jul 19 12:31:51.363750 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: Standard output from the helper: > > > > > > <snip> > > > > > > [Fri Jul 19 12:31:51.364596 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: environment: environ({'LANG': > > 'en_US.UTF-8', 'PATH': > > '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin', 'PIDFILE': > > '/run/oddjobd.pid', 'INVOCATION_ID': '002ac795667b4ab983ffa100b2f47dd8', > > 'JOURNAL_STREAM': '8:36642766', 'SYSTEMD_EXEC_PID': '487987', 'LC_ALL': > > 'C.UTF-8', 'ODDJOB_SERVICE_NAME': 'com.redhat.idm.trust', > > 'ODDJOB_OBJECT_PATH': '/', 'ODDJOB_INTERFACE_NAME': > > 'com.redhat.idm.trust', 'ODDJOB_METHOD_NAME': 'fetch_domains', > > 'ODDJOB_CALLING_USER': 'ipaapi', 'KRB5_CONFIG': '/etc/krb5.conf', > > 'KRB5CCNAME': '/run/ipa/krb5cc_oddjob_trusts_fetch'}) > > > > > > What am I looking at? What am I missing? > > > > Is DNSSEC enabled? See https://access.redhat.com/solutions/2263991 > > rob > > -- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | [email protected] | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
