On 22.5.2015 22:00, Johnny Tan wrote: > On Fri, May 22, 2015 at 3:14 PM, Martin Basti <[email protected]> wrote: > >> On 22/05/15 18:05, Johnny Tan wrote: >> >> Our servers run CentOS-6.6 and ipa-server-3.0.0-42.el6.centos.x86_64 >> >> Our CentOS clients (also 6.6) join the domain seamlessly. >> >> Our Ubuntu 14.04 LTS clients, however, don't seem to be able to >> auto-discover domain, realm, or IPA servers: >> ``` >> dpkg -l | grep freeipa >> ii freeipa-client 3.3.4-0ubuntu3.1 >> amd64 FreeIPA centralized identity framework -- client >> >> /usr/sbin/ipa-client-install --mkhomedir --no-ntp --no-sudo --unattended >> --hostname testing-ubuntu001.pp --principal admin --password xx --debug >> /usr/sbin/ipa-client-install was invoked with options: {'domain': None, >> 'force': False, 'krb5_offline_passwords': True, 'primary': False, >> 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': >> True, 'conf_ntp': False, 'on_master': False, 'ntp_server': None, >> 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': >> 'testing-ubuntu001.pp', 'no_ac': False, 'unattended': True, 'sssd': True, >> 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': True, 'conf_ssh': >> True, 'force_join': False, 'server': None, 'prompt_password': False, >> 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False} >> missing options might be asked for interactively later >> Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' >> [IPA Discovery] >> Starting IPA discovery with domain=None, servers=None, >> hostname=testing-ubuntu001.pp >> Start searching for LDAP SRV record in "pp" (domain of the hostname) and >> its sub-domains >> Search DNS for SRV record of _ldap._tcp.pp >> DNS record not found: EmptyLabel >> Start searching for LDAP SRV record in ".pp" (search domain from >> /etc/resolv.conf) and its sub-domains >> Search DNS for SRV record of _ldap._tcp..pp >> DNS record not found: EmptyLabel >> Already searched pp; skipping >> No LDAP server found >> No LDAP server found >> Unable to discover domain, not provided on command line >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> ``` >> >> Yet on the same client: >> ``` >> root@testing-ubuntu001:~# dig srv _ldap._tcp.pp +short >> 0 100 389 production-ipa003.pp. >> 0 100 389 production-ipa001.pp. >> 0 100 389 production-ipa002.pp. >> ``` >> >> Why can't ipa-client-install discover those SRV records? >> >> johnny >> >> >> Hello, >> >> this is weird, "DNS record not found: EmptyLabel", this error returns >> python-dns when empty label is used in domain name. >> >> And here is empty label -> _ldap._tcp..pp (two dots). >> >> But that doubled dot is not on line above and the error is the same, >> interesting. >> > > Aha! It seems our configuration management system is populating `search` in > /etc/resolv.conf with ".pp" rather than "pp". If I manually change that, it > now works! Thank you.
Martin, do you see in code why it did not work before? We should fix that (assuming that we are able to find the root cause :-). -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
