As a workaround I modified named.conf to use simple authentication and was able to start bind However I am looking for a better resolution. -------------------------------------------------------------------------------------------------------------- dynamic-db "ipa" { library "ldap.so"; arg "uri ldapi://%2fvar%2frun%2fslapd-XYZ-DMZ.socket"; arg "base cn=dns, dc=xyz,dc=dmz"; arg "fake_mname ipa2.xyz.dmz."; arg "auth_method simple"; arg "bind_dn cn=Directory Manager"; arg "password xxxxxxx"; #arg "auth_method sasl"; #arg "sasl_mech GSSAPI"; #arg "sasl_user DNS/ipa2.xyz.dmz"; arg "zone_refresh 30"; };
[root@ipa2 ~]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING DNS Service: RUNNING MEMCACHE Service: RUNNING HTTP Service: RUNNING CA Service: RUNNING --------------------------------------------------------------------- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users