Hello,
please post output from:
# klist -kt /etc/krb5.keytab
We still need this to better understand logs. I'm not sure if keytab
contains right keys.
--
Petr Spacek
On 03/27/2012 09:47 PM, Steven Jones wrote:
Hi
Its possible the uninstall from one IPA realm didnt work properly before I
joined it to another?
Anyway I have incl both logs just in case. There is a suggestion that the
kerberos ticket isnt right?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not
working
On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
Hi,
I just started adding hosts/clients but DNS isnt being updated for the
client(s).
Screenshot of error is attached....
Hello Steven,
there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the
DNS update failed.
Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?
Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab
To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz
The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.
Martin
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
