Hi List,

I have just noticed that the ipa-client-install fails miserably if the clients /etc/resolv.conf points to some foreign DNS server. The symptoms are that KDC (on the IPA server) fails to locate self in Kerberos database:


Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: NEEDED_PREAUTH: ad...@example.com for krbtgt/example....@example.com, Additional pre-authentication required Jun 30 11:11:48 polaris krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: ISSUE: authtime 1309425108, etypes {rep=18 tkt=18 ses=18}, ad...@example.com for krbtgt/example....@example.com Jun 30 11:11:49 polaris krb5kdc[1279](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: UNKNOWN_SERVER: authtime 0, ad...@example.com for HTTP/*polaris.prague.s3group.com*@EXAMPLE.COM, *Server not found in Kerberos database*

Question: Should probably try to autoconfigure /etc/resolv.conf as well or at 
least warn user that join might fail?
Thanks,

Ondrej

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to