On Tue, 2012-08-07 at 13:35 -0700, Rob Ogilvie wrote: > On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce <s...@redhat.com> wrote: > > Kerberos depends on proper name resolution. If a hostname cannot be > > resolved you cannot acquire tickets for it. > > So if your host ovm-c19-db does not have a DNS entry (either using IPA's > > DNS server or an external DNS server) you can't get tickets. > > also name resolution generally must match the hostname as that is what > > is used to register a client into ipa. > > That seems fair. DNS is well set up, though. ovm-c19-db.<fqdn> > exists in DNS and ovm-auth is able to resolve it by short hostname and > FQDN. On the client, hostname returns the FQDN, as well. > > Is there anything in my log entries that make it look like it's a DNS > problem? Again, I must stress, I'm new with Kerberos.
Does klist -kt /etc/krb5.keytab return entries with the right hostname ? If that works does ipa host-find list it ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users