On 07/22/2013 04:26 PM, Rivet, Matt wrote:
>> Does anyone know why certmonger is looking for a keytab for
>> host/det-webdl01@. instead of
> In order to authenticate to the IPA server, the client software needs
> credentials. In order to obtain those credentials, it needs to figure
> out the client system's principal name. The function it uses to do this
> derives that principal name by doing a lookup to discover the client
> host's canonical name, and in this case that appears to be returning the
> shorter name.
> I'd check the result of running 'getent hosts `hostname`', and if
> /etc/hosts has an entry for the hostname that lists the short version
> /etc/hosts has both sort and FQDN. I removed the sort and and resubmitted
> the certificate. That resolved my issue. should I completely remove the
> short name or is there a way to work around this?
/etc/hosts can have the short form, it just need to be specified _after_ the
FQDN one, i.e.:
10.0.0.1 ipa.example.com ipa
This works! thanks - I realized this after I checked out the ipa-server config.
Freeipa-users mailing list