I tried to avoid setting up a third VM to serve as a DNS server for my test scenario. Thought it would be possible to set up working FreeIPA client-server interaction with just 2 VMs & correct hostnames & /etc/hosts files in them.

Do I correctly understand your idea that it`s a MUST to set up a DNS server to facilitate FreeIPA client-server interaction? Or there`s a way to do it with just 2 VMs and no DNS server?



14-Oct-14 12:50, Alexander Bokovoy пишет:
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
With help from Alexander Bokovoy I found correct log destinations:

sssd-domain-log:https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log:https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log

These files are from my second Fedora - FreeBSD setup, they have
different domain name, but everything else is identical.

Interestingly enough, there are lines in sssd_nss.log telling that there
are no users or groups in the domain. But as I said, I can ssh to the
IPA server as an IPA user.
You have basic problem of DNS resolution at the FreeBSD client side:
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [resolve_srv_done]
(0x0020): SRV query failed: [Domain name not found]
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [fo_set_port_status]
(0x0100): Marking port 0 of server '(no name)' as 'not working'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'not resolved'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[be_resolve_server_process] (0x0080): Couldn't resolve server (SRV
lookup meta-server), resolver returned (5)
...
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [fo_set_port_status]
(0x0100): Marking port 0 of server '(no name)' as 'not working'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'not resolved'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[be_resolve_server_process] (0x0080): Couldn't resolve server (SRV
lookup meta-server), resolver returned (5)
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[be_resolve_server_process] (0x1000): Trying with the next one!
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [get_port_status]
(0x1000): Port status of port 0 for server '(no name)' is 'not working'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[fo_resolve_service_send] (0x0020): No available servers for service
'IPA'
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[be_resolve_server_done] (0x1000): Server resolution failed: 5
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Tue Oct 14 12:09:04 2014) [sssd[be[eurosel.az]]] [be_run_offline_cb]
(0x0080): Going offline. Running callbacks.


Make sure your DNS infrastructure is actually working. Run following on
FreeBSD side:

dig SRV _ldap._tcp.eurosel.az
dig SRV _kerberos._tcp.eurosel.az

and fix either your resolver or DNS server to properly resolve SRV
records for IPA domain (assuming eurosel.az is your IPA domain).


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to