On Mon, Jul 22, 2013 at 01:41:14PM +0000, Rivet, Matt wrote: > Does IPA need to be in my host file or dns? > > Does anyone know why certmonger is looking for a keytab for > host/det-webdl01@. instead of > host/host/det-webdl01.sub.example....@example.com?
In order to authenticate to the IPA server, the client software needs credentials. In order to obtain those credentials, it needs to figure out the client system's principal name. The function it uses to do this derives that principal name by doing a lookup to discover the client host's canonical name, and in this case that appears to be returning the shorter name. I'd check the result of running 'getent hosts `hostname`', and if /etc/hosts has an entry for the hostname that lists the short version first. HTH, Nalin _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users