Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?
Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Martin Kosek [mko...@redhat.com] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: firstname.lastname@example.org Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote: > Hi, > > I just started adding hosts/clients but DNS isnt being updated for the > client(s). > > Screenshot of error is attached.... > Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users