Section 7.4.2 on password sync calls for a download of a PassSync.msi...I cannot locate this....so your doc needs updating I think.
For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts cn=etc, then the dc= usual bits I assume the two cn='s are "standard"? number 4 point 4 ou=People,dc=example,dc=com is a "standard"? So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz ? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Wednesday, 28 March 2012 10:36 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On 03/27/2012 03:47 PM, Steven Jones wrote: Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another? Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? Seems like the client fails to get its name properly. Something related to the host name resolution is likely not correct. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Martin Kosek [mko...@redhat.com<mailto:mko...@redhat.com>] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote: Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached.... Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz<mailto:host/vuwunicorh6w...@ods.vuw.ac.nz> and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz<mailto:host/vuwunicorh6w...@ods.vuw.ac.nz> The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users