On 03/27/2012 03:44 PM, Steven Jones wrote:
Section 7.4.2 on password sync calls for a download of a PassSync.msi...I cannot locate this....so your doc needs updating I think.
There is a version here http://port389.org/wiki/Download -Windows Password Synchronization


For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts cn=etc, then the dc= usual bits

I assume the two cn='s are "standard"?

number 4 point 4 ou=People,dc=example,dc=com  is a "standard"?

So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz

?


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

------------------------------------------------------------------------
*From:* freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com]
*Sent:* Wednesday, 28 March 2012 10:36 a.m.
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working

On 03/27/2012 03:47 PM, Steven Jones wrote:
Hi

Its possible the uninstall from one IPA realm didnt work properly before I 
joined it to another?

Anyway I have incl both logs just in case.  There is a suggestion that the 
kerberos ticket isnt right?


Seems like the client fails to get its name properly. Something related to the host name resolution is likely not correct.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc:freeipa-users@redhat.com
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not 
working

On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
Hi,

I just started adding hosts/clients but DNS isnt being updated for the 
client(s).

Screenshot of error is attached....

Hello Steven,

there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
host/vuwunicorh6w...@ods.vuw.ac.nz  and thus nsupdate which performs the
DNS update failed.

Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?

Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab

To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytabhost/vuwunicorh6w...@ods.vuw.ac.nz

The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.

Martin



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to