Sylvain Angers wrote:


2012/3/8 Brian Cook <bc...@redhat.com <mailto:bc...@redhat.com>>

    Also, I would not use 'delegation record' from AD, use conditional
    forwarding for *.unix.abcd.ca <http://unix.abcd.ca>.  Your AD admins
    should know how to do it.

    ---
    Brian Cook
    Solutions Architect, Red Hat, Inc.
    407-212-7079 <tel:407-212-7079>




    On Mar 8, 2012, at 9:04 AM, Simo Sorce wrote:

    On Thu, 2012-03-08 at 11:54 -0500, Sylvain Angers wrote:
    Alright!

    I am now requesting to our DNS team

    please delegate dns zone "unix.abcd.ca <http://unix.abcd.ca>" to ???

    the ip address of your ipa server, they will know what questions to
    ask :)

    Question: is the ipa server fqdn, be ipaserver.unix.abcd.ca
    <http://ipaserver.unix.abcd.ca> or
    ipaserver.abcd.ca <http://ipaserver.abcd.ca>?

    does it matter?

    It does, the IPa server DNS domain is what matters for the first
    master.
    So it should be <name>.unix.abcd.ca <http://unix.abcd.ca>

    So that DNS domain = unix.abcd.ca <http://unix.abcd.ca> and realm
    = UNIX.ABCD.CA <http://UNIX.ABCD.CA> (if you use
    the standard configuration).

    Simo.

    --
    Simo Sorce * Red Hat, Inc * New York

    _______________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/mailman/listinfo/freeipa-users


Hello

Still have same issue "unable to find 'admin' user with 'getent passwd
admin'!

I redid both client and servers, no selinux,no firewall

Our dns teams did set soa unix.cnppd.lab to point to my ipa server

I had to put a manual entry in /etc/hosts
165.115.118.21  mtl-ipa01d.unix.cnppd.lab       mtl-ipa01d


then did set my ipa server with the following
*ipa-server-install -a xxxxxxx --hostname=mtl-ipa01d.unix.cnppd.lab -n
unix.cnppd.lab -p xxxxx -r UNIX.CNPPD.LAB --setup-dns
--forwarder=165.115.52.21--fowarder=165.115.51.21*
Server host name [mtl-ipa01d.unix.cnppd.lab]:

Warning: skipping DNS resolution of host mtl-ipa01d.unix.cnppd.lab
The IPA Master Server will be configured with
Hostname:    mtl-ipa01d.unix.cnppd.lab
IP address:  165.115.118.21
Domain name: unix.cnppd.lab

Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [118.115.165.in-addr.arpa.]:
Using reverse zone 118.115.165.in-addr.arpa.


Restarting the directory server
Restarting the KDC
Restarting the web server
Configuring named:
   [1/9]: adding DNS container
   [2/9]: setting up our zone
   [3/9]: setting up reverse zone
   [4/9]: setting up our own record
   [5/9]: setting up kerberos principal
   [6/9]: setting up named.conf
   [7/9]: restarting named
   [8/9]: configuring named to start on boot
   [9/9]: changing resolv.conf to point to ourselves
done configuring named.
==============================================================================
Setup complete


I did set my client with
[root@mtl-vdi01d ~]# ipa-client-install
--server=mtl-ipa01d.unix.cnppd.lab --domain=UNIX.CNPPD.LAB
--realm=UNIX.CNPPD.LAB --mkhomedir
Discovery was successful!
Hostname: mtl-vdi01d.cn.ca <http://mtl-vdi01d.cn.ca>
Realm: UNIX.CNPPD.LAB
DNS Domain: UNIX.CNPPD.LAB
IPA Server: mtl-ipa01d.unix.cnppd.lab
BaseDN: dc=unix,dc=cnppd,dc=lab


Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for ad...@unix.cnppd.lab:

Enrolled in IPA realm UNIX.CNPPD.LAB
Created /etc/ipa/default.conf
Configured[root@mtl-vdi01d ~]# ipa-client-install
--server=mtl-ipa01d.unix.cnppd.lab --domain=UNIX.CNPPD.LAB
--realm=UNIX.CNPPD.LAB --mkhomedir
Discovery was successful!
Hostname: mtl-vdi01d.cn.ca <http://mtl-vdi01d.cn.ca>
Realm: UNIX.CNPPD.LAB
DNS Domain: UNIX.CNPPD.LAB
IPA Server: mtl-ipa01d.unix.cnppd.lab
BaseDN: dc=unix,dc=cnppd,dc=lab


Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for ad...@unix.cnppd.lab:

Enrolled in IPA realm UNIX.CNPPD.LAB
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm UNIX.CNPPD.LAB
SSSD enabled
Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete. /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm UNIX.CNPPD.LAB
SSSD enabled
Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete.

you can see that ipa did enroll my client

[root@mtl-ipa01d ~]# ipa host-find
---------------
2 hosts matched
---------------
   Host name: mtl-ipa01d.unix.cnppd.lab
   Principal name: host/mtl-ipa01d.unix.cnppd....@unix.cnppd.lab
   Keytab: True
   Password: False
   Managed by: mtl-ipa01d.unix.cnppd.lab

   Host name: mtl-vdi01d.cn.ca <http://mtl-vdi01d.cn.ca>
   Certificate:
MIIDhTCCAm2gAwIBAgIBDDANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5VTklYLkNOUFBELkxBQjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDMxMzE4Mjc0MVoXDTE0MDMxNDE4Mjc0MVowNDEXMBUGA1UEChMOVU5JWC5DTlBQRC5MQUIxGTAXBgNVBAMTEG10bC12ZGkwMWQuY24uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKTPD8p7Ttxn87Y/2CCu54GDTd/CS77irN6OYj9IznqMusHAIWsVVu5m0aT77iULYzO9lKmKCL9RuSnZuqsoppFZk8UJu1KAGKv2FQi7zck28P2t6XRhHXcLRRTq5Mzfd/QjFmCv3oxTP2gd/0rLZUTHJkTzqyYIMlExfQqnEBJCzfzukyFUB5S+X2DthiGOM7vcKPXlmG+VstebtsZ1FkE9LquyWGhSBjqycZM350zRwQP6MLKU4ZX11mit6+/AvRrOJW3Gw9JWRxDOullJG2mCjyFCsUKOX/Xz4VrJeSylIGJQk5kLfP2haSPhkKhG9FXy1vhwpXFF1GAa9DYvhvAgMBAAGjgZwwgZkwHwYDVR0jBBgwFoAUZtbp/CAAXZ/LZAKgUqcXPxgkOzcwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vbXRsLWlwYTAxZC51bml4LmNucHBkLmxhYjo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEPpr1rn+inQlxc+u7WAkyuRDd1af/ilUlldkB0n4l9Ni2Lkt+Gt7w6VYqS+/ZtqTPB/mQuISGDuqeEXSgWSc+1NQq1THgBACzfE5CbKWOcfGd/SnTqIA+/ITydi
ntYB7SNQ0Vz6BOC9Uv/VmEPqD38ThR88qhK0+wmvdf2HyKOFAsu5Ty5qKaOyDHuhhA4AXEbQz8vRH3XQa/WtSf/zgRKiNeabEc5gWXEd9dSpm2UhW7oLuPlnKolI3IL1RUoc8WrKKLK1HdyrcNY+woZ2Jw4OCkyiGuWaNZHOEAmAlwmvQrFBlMsIPJfI/mxmAXufEO66AHf/747V2n1TvZrnkrQ=
   Principal name: host/mtl-vdi01d.cn...@unix.cnppd.lab
   Keytab: True
   Password: False
   Managed by: mtl-vdi01d.cn.ca <http://mtl-vdi01d.cn.ca>
   Subject: CN=mtl-vdi01d.cn.ca <http://mtl-vdi01d.cn.ca>,O=UNIX.CNPPD.LAB
   Serial Number: 12
   Issuer: CN=Certificate Authority,O=UNIX.CNPPD.LAB
   Not Before: Tue Mar 13 18:27:41 2012 UTC
   Not After: Fri Mar 14 18:27:41 2014 UTC
   Fingerprint (MD5): 26:f6:9f:32:3d:a0:13:43:8e:16:1a:7f:d7:43:7e:51
   Fingerprint (SHA1):
4b:28:b2:a4:33:16:27:fc:16:cc:35:54:68:fc:b4:45:85:3f:dc:1a
----------------------------
Number of entries returned 2
----------------------------
[root@mtl-ipa01d ~]#



I keep getting "unable to find 'admin' user with 'getent passwd admin'!

Can you check the sssd logs for any details? This is what does the user name resolution.

You can read about sssd troubleshooting at https://fedorahosted.org/sssd/wiki/FAQ#Troubleshooting

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to