On Mon, Jul 22, 2013 at 01:41:14PM +0000, Rivet, Matt wrote:
> Does IPA need to be in my host file or dns?
> 
> Does anyone know why certmonger is looking for a keytab for 
> host/det-webdl01@. instead of 
> host/host/det-webdl01.sub.example....@example.com?

In order to authenticate to the IPA server, the client software needs
credentials.  In order to obtain those credentials, it needs to figure
out the client system's principal name.  The function it uses to do this
derives that principal name by doing a lookup to discover the client
host's canonical name, and in this case that appears to be returning the
shorter name.

I'd check the result of running 'getent hosts `hostname`', and if
/etc/hosts has an entry for the hostname that lists the short version
first.

HTH,

Nalin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to