Yes. [root@meson ~]# cat /etc/resolv.conf search hq.example.com nameserver 192.168.0.72
Sorry from the short log I posted it's not visible, but that ip address is the address of the ipa server (ipa.hq.example.com) [root@meson ~]# dig ipa.hq.spinque.com ; <<>> DiG 9.9.6-P1-RedHat-9.9.6-8.P1.fc21 <<>> ipa.hq.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53238 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ipa.hq.example.com. IN A ;; ANSWER SECTION: ipa.hq.example.com. 1200 IN A 192.168.0.72 ;; AUTHORITY SECTION: hq.example.com. 86400 IN NS ipa.hq.example.com. ;; Query time: 1 msec ;; SERVER: 192.168.0.72#53(192.168.0.72) ;; WHEN: do mrt 19 22:02:04 CET 2015 ;; MSG SIZE rcvd: 83 On 19 March 2015 at 21:55, Dmitri Pal <d...@redhat.com> wrote: > On 03/19/2015 04:46 PM, Roberto Cornacchia wrote: > > Hi, > > This should really work like a charm, and I'm sure it is a stupid > mistake of mine if it doesn't, but I really can't find out what goes wrong. > > Both IPA server and client are on FC21, very up to date. > Server installation (standard, with dns) worked well. Required ports open > in the firewall. Everything seems to work. > > I did try to use the IPA server as a DNS (with forwarders) and NTP > server from non-ipa clients, no problem. > I also tried to use it as LDAP server, from a non-fedora machine (a > synology). It worked well and I could see users. > > When trying to enroll a client, the enrollment itself seems to succeed, > but: > - Unable to sync time with NTP server > - Unable to update DNS > - Unable to find users > > I include below the short installation log (I changed the real domain > into hq.example.com), and in attachment, the full log with debug on. > > From the debug log, about the DNS update failure, I can see this: > > ; Communication with 192.168.0.72#53 failed: operation canceled > could not reach any name server > > I'm not sure what communication problem this could be, as the server > (which is both the IPA and the DNS servers), clearly can be reached. > > Any idea where to look at? > > > Do you have the IPA DNS server in the resolv.conf of the client? > > > > > Thanks, > Roberto > > > [root@meson ~]# ipa-client-install --mkhomedir --ssh-trust-dns > --force-ntpd --hostname=meson.hq.example.com > Discovery was successful! > Hostname: meson.hq.example.com > Realm: HQ.EXAMPLE.COM > DNS Domain: hq.example.com > IPA Server: ipa.hq.example.com > BaseDN: dc=hq,dc=example,dc=com > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > *Unable to sync time with IPA NTP server, assuming the time is in sync. > Please check that 123 UDP port is opened.* > User authorized to enroll computers: admin > Password for ad...@hq.example.com: > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=HQ.EXAMPLE.COM > Issuer: CN=Certificate Authority,O=HQ.EXAMPLE.COM > Valid From: Mon Mar 16 18:44:35 2015 UTC > Valid Until: Fri Mar 16 18:44:35 2035 UTC > > Enrolled in IPA realm HQ.EXAMPLE.COM > Created /etc/ipa/default.conf > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm HQ.EXAMPLE.COM > trying https://ipa.hq.example.com/ipa/json > Forwarding 'ping' to json server 'https://ipa.hq.example.com/ipa/json' > Forwarding 'ca_is_enabled' to json server ' > https://ipa.hq.example.com/ipa/json' > Systemwide CA database updated. > Added CA certificates to the default NSS database. > Hostname (meson.hq.example.com) not found in DNS > *Failed to update DNS records.* > Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > Forwarding 'host_mod' to json server 'https://ipa.hq.example.com/ipa/json' > *Could not update DNS SSHFP records.* > SSSD enabled > Configured /etc/openldap/ldap.conf > *Unable to find 'admin' user with 'getent passwd ad...@hq.example.com > <ad...@hq.example.com>'!* > *Unable to reliably detect configuration. Check NSS setup manually.* > NTP enabled > Configured /etc/ssh/ssh_config > Configured /etc/ssh/sshd_config > Configuring hq.example.com as NIS domain. > Client configuration complete. > > > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
