I tried from another client. Also FC21, same network, same settings from
the same DHCP.
But obviously it must have something different because it partially
- I do not get errors about LDAP users.
- I do not get errors about DNS update
- I still get the initial error about NTP
- The host is enrolled, but not added to the DNS zone
Now, I don't care much about the previous client. It was pretty much empty
and can re-install Fedora from scratch.
But I'd like to understand if this is still a problem.
It should be added to the zone, shouldn't it?
$ ipa-client-install --mkhomedir --ssh-trust-dns --force-ntpd
Discovery was successful!
DNS Domain: hq.example.com
IPA Server: ipa.hq.example.com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
*Unable to sync time with IPA NTP server, assuming the time is in sync.
Please check that 123 UDP port is opened.*
User authorized to enroll computers: admin
Password for ad...@hq.example.com:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=HQ.EXAMPLE.COM
Issuer: CN=Certificate Authority,O=HQ.EXAMPLE.COM
Valid From: Mon Mar 16 18:44:35 2015 UTC
Valid Until: Fri Mar 16 18:44:35 2035 UTC
Enrolled in IPA realm HQ.EXAMPLE.COM
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/krb5.conf for IPA realm HQ.EXAMPLE.COM
Forwarding 'ping' to json server 'https://ipa.hq.example.com/ipa/json'
Forwarding 'ca_is_enabled' to json server '
Systemwide CA database updated.
Added CA certificates to the default NSS database.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Forwarding 'host_mod' to json server 'https://ipa.hq.example.com/ipa/json'
*Could not update DNS SSHFP records.*
Configuring hq.example.com as NIS domain.
Client configuration complete.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project