Or maybe its on the AD so its,

ou=People,dc=vuw,dc=ac,dc=nz

?


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Wednesday, 28 March 2012 10:44 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] passwd sync

Section 7.4.2 on password sync calls for a download of a PassSync.msi...I 
cannot locate this....so your doc needs updating I think.

For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts cn=etc, then 
the dc= usual bits

I assume the two cn='s are "standard"?

number 4 point 4 ou=People,dc=example,dc=com  is a "standard"?

So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz

?



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 28 March 2012 10:36 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not 
working

On 03/27/2012 03:47 PM, Steven Jones wrote:

Hi

Its possible the uninstall from one IPA realm didnt work properly before I 
joined it to another?

Anyway I have incl both logs just in case.  There is a suggestion that the 
kerberos ticket isnt right?



Seems like the client fails to get its name properly. Something related to the 
host name resolution is likely not correct.


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Martin Kosek [mko...@redhat.com<mailto:mko...@redhat.com>]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not 
working

On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:


Hi,

I just started adding hosts/clients but DNS isnt being updated for the 
client(s).

Screenshot of error is attached....



Hello Steven,

there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
host/vuwunicorh6w...@ods.vuw.ac.nz<mailto:host/vuwunicorh6w...@ods.vuw.ac.nz> 
and thus nsupdate which performs the
DNS update failed.

Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?

Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab

To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab 
host/vuwunicorh6w...@ods.vuw.ac.nz<mailto:host/vuwunicorh6w...@ods.vuw.ac.nz>

The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.

Martin




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to