On Tue, 2012-08-07 at 13:35 -0700, Rob Ogilvie wrote:
> On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce <s...@redhat.com> wrote:
> > Kerberos depends on proper name resolution. If a hostname cannot be
> > resolved you cannot acquire tickets for it.
> > So if your host ovm-c19-db does not have a DNS entry (either using IPA's
> > DNS server or an external DNS server) you can't get tickets.
> > also name resolution generally must match the hostname as that is what
> > is used to register a client into ipa.
> That seems fair.  DNS is well set up, though.  ovm-c19-db.<fqdn>
> exists in DNS and ovm-auth is able to resolve it by short hostname and
> FQDN.  On the client, hostname returns the FQDN, as well.
> Is there anything in my log entries that make it look like it's a DNS
> problem?  Again, I must stress, I'm new with Kerberos.

Does klist -kt /etc/krb5.keytab return entries with the right hostname ?

If that works does ipa host-find list it ?


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to