Fixed.
The reason for this problem was pretty simple - DNS server provided wrong
SRV records for kerberos stuff (my IPA deploy is in fact migration from
IPA1 server to IPA2, and customer decided to install IPA2 on different
server instead of upgrade in-place).
After I updated SRV records with the new IPA server, ipa-client-install
works.

many thanks to all for your help,
Vitaly


On Tue, Jun 25, 2013 at 2:38 PM, Petr Spacek <pspa...@redhat.com> wrote:

> On 25.6.2013 12:09, Martin Kosek wrote:
>
>> Sure, you just need to have properly configured /etc/krb5.conf (namely
>> [domain_realm] mapping) and /etc/sssd/sssd.conf to look up the clients in
>> this
>> domain.
>>
> You don't need to configure [domain_realm] mapping manually if you have
> proper TXT records in DNS && /etc/krb5.conf contains this:
>
>
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
> --
> Petr^2 Spacek
>
>
> ______________________________**_________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to