On 22/05/15 18:05, Johnny Tan wrote:
Our servers run CentOS-6.6 and ipa-server-3.0.0-42.el6.centos.x86_64

Our CentOS clients (also 6.6) join the domain seamlessly.

Our Ubuntu 14.04 LTS clients, however, don't seem to be able to auto-discover domain, realm, or IPA servers:
```
dpkg -l | grep freeipa
ii freeipa-client 3.3.4-0ubuntu3.1 amd64 FreeIPA centralized identity framework -- client

/usr/sbin/ipa-client-install --mkhomedir --no-ntp --no-sudo --unattended --hostname testing-ubuntu001.pp --principal admin --password xx --debug /usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': 'testing-ubuntu001.pp', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': True, 'conf_ssh': True, 'force_join': False, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
missing options might be asked for interactively later
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
[IPA Discovery]
Starting IPA discovery with domain=None, servers=None, hostname=testing-ubuntu001.pp Start searching for LDAP SRV record in "pp" (domain of the hostname) and its sub-domains
Search DNS for SRV record of _ldap._tcp.pp
DNS record not found: EmptyLabel
Start searching for LDAP SRV record in ".pp" (search domain from /etc/resolv.conf) and its sub-domains
Search DNS for SRV record of _ldap._tcp..pp
DNS record not found: EmptyLabel
Already searched pp; skipping
No LDAP server found
No LDAP server found
Unable to discover domain, not provided on command line
Installation failed. Rolling back changes.
IPA client is not configured on this system.
```

Yet on the same client:
```
root@testing-ubuntu001:~# dig srv _ldap._tcp.pp +short
0 100 389 production-ipa003.pp.
0 100 389 production-ipa001.pp.
0 100 389 production-ipa002.pp.
```

Why can't ipa-client-install discover those SRV records?

johnny


Hello,

this is weird, "DNS record not found: EmptyLabel", this error returns python-dns when empty label is used in domain name.

And here is empty label -> _ldap._tcp..pp  (two dots).

But that doubled dot is not on line above and the error is the same, interesting.

--
Martin Basti

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to