>Is KDC resolvable from the client? yes, there is DNS resolving for "serv02.prod.example.com" on client.
>Do you have an AD DNS that might be actually serving records? no, I don't AD DNS for prod.example.com >What version of the client and what OS are you using? On the client: ipa-client-2.0-10.el5_6.1 Red Hat Enterprise Linux Server release 5.6 (Tikanga) On IPA server : ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.5.1-66.el6_2.3.x86_64 libipa_hbac-python-1.5.1-66.el6_2.3.x86_64 ipa-python-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 ipa-admintools-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 Red Hat Enterprise Linux Server release 6.2 (Santiago) Thank you, Vitaly On Wed, Jun 19, 2013 at 7:45 PM, Dmitri Pal <d...@redhat.com> wrote: > On 06/19/2013 10:32 AM, Vitaly wrote: > > > ipa-client-install fails with "Cannot resolve network address for KDC" > message. > I don't have SRV records, but I provide IPA server name via "--server" > param. > any ideas? > > TIA, > Vitaly > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > ldap://serv02.prod.example.com:389 > 2013-06-19 13:58:39,193 DEBUG Search rootdse > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > dc=prod,dc=example,dc=com(base) > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > ['prod.example.com'], 'dc': ['prod'], 'nisDomain': ['prod.example.com']})] > 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) in > dc=prod,dc=example,dc=com(sub) > 2013-06-19 13:58:39,313 DEBUG Found: > [('cn=PROD.EXAMPLE.COM,cn=kerberos,dc=prod,dc=example,dc=com', > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM'], > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', > 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], > 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', > 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', > 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', > 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', > 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > 'krbMaxRenewableAge': ['604800']})] > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > vm4.stage.example....@prod.example.com > 2013-06-19 13:58:52,032 INFO stdout= > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > address for KDC in realm PROD.EXAMPLE.COM while getting initial credentials > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > 2013-06-19 13:58:52,065 INFO stdout= > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found > while destroying cache > ~ > ~ > ~ > ~ > ~ > ~ > ~ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Is KDC resolvable from the client? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
