[root@meson ~]# cat /etc/resolv.conf
Sorry from the short log I posted it's not visible, but that ip address is
the address of the ipa server (ipa.hq.example.com)
[root@meson ~]# dig ipa.hq.spinque.com
; <<>> DiG 9.9.6-P1-RedHat-9.9.6-8.P1.fc21 <<>> ipa.hq.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53238
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ipa.hq.example.com. IN A
;; ANSWER SECTION:
ipa.hq.example.com. 1200 IN A 192.168.0.72
;; AUTHORITY SECTION:
hq.example.com. 86400 IN NS ipa.hq.example.com.
;; Query time: 1 msec
;; SERVER: 192.168.0.72#53(192.168.0.72)
;; WHEN: do mrt 19 22:02:04 CET 2015
;; MSG SIZE rcvd: 83
On 19 March 2015 at 21:55, Dmitri Pal <d...@redhat.com> wrote:
> On 03/19/2015 04:46 PM, Roberto Cornacchia wrote:
> This should really work like a charm, and I'm sure it is a stupid
> mistake of mine if it doesn't, but I really can't find out what goes wrong.
> Both IPA server and client are on FC21, very up to date.
> Server installation (standard, with dns) worked well. Required ports open
> in the firewall. Everything seems to work.
> I did try to use the IPA server as a DNS (with forwarders) and NTP
> server from non-ipa clients, no problem.
> I also tried to use it as LDAP server, from a non-fedora machine (a
> synology). It worked well and I could see users.
> When trying to enroll a client, the enrollment itself seems to succeed,
> - Unable to sync time with NTP server
> - Unable to update DNS
> - Unable to find users
> I include below the short installation log (I changed the real domain
> into hq.example.com), and in attachment, the full log with debug on.
> From the debug log, about the DNS update failure, I can see this:
> ; Communication with 192.168.0.72#53 failed: operation canceled
> could not reach any name server
> I'm not sure what communication problem this could be, as the server
> (which is both the IPA and the DNS servers), clearly can be reached.
> Any idea where to look at?
> Do you have the IPA DNS server in the resolv.conf of the client?
> [root@meson ~]# ipa-client-install --mkhomedir --ssh-trust-dns
> --force-ntpd --hostname=meson.hq.example.com
> Discovery was successful!
> Hostname: meson.hq.example.com
> Realm: HQ.EXAMPLE.COM
> DNS Domain: hq.example.com
> IPA Server: ipa.hq.example.com
> BaseDN: dc=hq,dc=example,dc=com
> Continue to configure the system with these values? [no]: yes
> Synchronizing time with KDC...
> *Unable to sync time with IPA NTP server, assuming the time is in sync.
> Please check that 123 UDP port is opened.*
> User authorized to enroll computers: admin
> Password for ad...@hq.example.com:
> Successfully retrieved CA cert
> Subject: CN=Certificate Authority,O=HQ.EXAMPLE.COM
> Issuer: CN=Certificate Authority,O=HQ.EXAMPLE.COM
> Valid From: Mon Mar 16 18:44:35 2015 UTC
> Valid Until: Fri Mar 16 18:44:35 2035 UTC
> Enrolled in IPA realm HQ.EXAMPLE.COM
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm HQ.EXAMPLE.COM
> trying https://ipa.hq.example.com/ipa/json
> Forwarding 'ping' to json server 'https://ipa.hq.example.com/ipa/json'
> Forwarding 'ca_is_enabled' to json server '
> Systemwide CA database updated.
> Added CA certificates to the default NSS database.
> Hostname (meson.hq.example.com) not found in DNS
> *Failed to update DNS records.*
> Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Forwarding 'host_mod' to json server 'https://ipa.hq.example.com/ipa/json'
> *Could not update DNS SSHFP records.*
> SSSD enabled
> Configured /etc/openldap/ldap.conf
> *Unable to find 'admin' user with 'getent passwd ad...@hq.example.com
> *Unable to reliably detect configuration. Check NSS setup manually.*
> NTP enabled
> Configured /etc/ssh/ssh_config
> Configured /etc/ssh/sshd_config
> Configuring hq.example.com as NIS domain.
> Client configuration complete.
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project