Re: [Freeipa-users] ipa-client-install not creating reverse DNS entries

Mon, 14 Sep 2015 00:09:50 -0700 

Hi,
can you check the journalctl -u named(-pkcs11) on server, they might be errors why PTR record has not been added. 

Do you have enabled dynamic updates for the reverse zone?

Martin

On 09/12/2015 10:42 PM, Youenn PIOLET wrote:


Hi,


I've seen the same issue recently on various clients using ipa 3.3 and 
ipa 4.* during the first join on a clean OS. Can't confirm it was 
working before. Is it normal behavior?


Allow PTR sync is enabled.

Cheers,


Le 12 sept. 2015 7:44 AM, "Nathan Peters" <nat...@nathanpeters.com 
<mailto:nat...@nathanpeters.com>> a écrit :



    On 9/11/2015 10:32 AM, Simo Sorce wrote:

        On Fri, 2015-09-11 at 10:25 -0700, nat...@nathanpeters.com
        <mailto:nat...@nathanpeters.com> wrote:

            I have been trying to figure this out for a while now but
            when I join
            machine to FreeIPA, the installer properly creates forward DNS
            entries,and DNSSSHFP entries, but does not create reverse
            entries.
            Without the PTR records, kerberos logins are always
            failing on these
            machines.

        I am interested in understanding what fails exactly, stuff
        should not
        depend on reverse resolution can you give me an example of a
        failure ?

        For the PTR creation anyway have you enabled the option to
        allow setting
        PTR records ?
        There is a global DNS option (As awell as per-zone setting) called
        "Allow PTR Sync" you may want to enable.


    When we attempt to login using kerberos on a machine that has no
    reverse DNS entry defined, we are instead prompted with a password
    prompt.  The password authentication still works but the ticket
    does not.

    >From what I read, the Allow PTR Sync option is only used in
    conjunction with DNS IP address changes and does not apply to the
    initial join of the domain.

    Is the joining process supposed to create reverse DNS entries for
    the clients or just forward entries and SSHFP entries?


    -- 
    Manage your subscription for the Freeipa-users mailing list:

    https://www.redhat.com/mailman/listinfo/freeipa-users
    Go to http://freeipa.org for more info on the project






-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





















					Reply via email to