On 01/14/2015 04:04 PM, Orion Poplawski wrote:
After running ipa-server-install like this:

ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
/etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
--dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12
--http_pin=XXX --idstart=8000

I'm not configuring bind.

I ended up with a broken krb5.conf with entries like:

[libdefaults]
  default_realm = #

Probably from the krb5.conf template.
I suspect it means that host name was empty and replacement did not do anything.
Sounds like host name resolution problem to me.

[realms]
  NWRA.COM = {
   kdc = server.nwra.com:88
   master_kdc = server.nwra.com:88
   admin_server = server.nwra.com:749
   default_domain = nwra.com
   pkinit_anchors = FILE:/etc/ipa/ca.crt
}

# = {
  kdc = server.nwra.com:88
  admin_server = server.nwra.com:749
}

[domain_realm]
  .nwra.com = NWRA.COM
  nwra.com = NWRA.COM

# = #
.# = #

Any idea where the #'s are coming from?

ipa-server-3.3.3-28.el7_0.3.x86_64



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to