Hi List,
I have just noticed that the ipa-client-install fails miserably if the clients /etc/resolv.conf points to some foreign DNS server. The
symptoms are that KDC (on the IPA server) fails to locate self in Kerberos database:
Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: NEEDED_PREAUTH: [email protected] for
krbtgt/[email protected], Additional pre-authentication required
Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: ISSUE: authtime 1309425108, etypes {rep=18
tkt=18 ses=18}, [email protected] for krbtgt/[email protected]
Jun 30 11:11:49 polaris krb5kdc[1279](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: UNKNOWN_SERVER: authtime 0, [email protected]
for HTTP/*polaris.prague.s3group.com*@EXAMPLE.COM, *Server not found in Kerberos database*
Question: Should probably try to autoconfigure /etc/resolv.conf as well or at
least warn user that join might fail?
Thanks,
Ondrej
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
