On 3.5.2016 13:28, Gary T. Giesen wrote: > 1. Confirmed, it was already set to ISMASTER=1 > > 2. Logs: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Current cookie is: None > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.odsmgr.ODSMgr: DEBUG LDAP zones: {'203dbe2d-8d9c-1 > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG Detected add of entry: > May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]: > ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG New cookie is: host.exa
The log seems to be truncated. Please attach it as a file to avoid truncation and line wrapping problems. Thanks Petr^2 Spacek > > > 3. # rpm -q ipa-server > ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64 > > -----Original Message----- > From: freeipa-users-boun...@redhat.com > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek > Sent: May-03-16 7:08 AM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing > > Okay, this is a problem. It should list your zone example.com because it has > DNSSEC signing enabled. > > Make sure you are working on host.example.com (the host listed by the > ldapsearch above). > > I would check two things: > 1. File /etc/sysconfig/ipa-dnskeysyncd contains line "ISMASTER=1". If it > does not, re-run ipa-dns-install with --dnssec-master option to fix that. > > 2. Debug logs from the daemon. Please edit /etc/ipa/default.conf and make > sure that it contains line "debug=True" and restart ipa-dnskeysyncd when you > are done with it. > > The log should be much longer after this change. > > I hope it will help to identify the root cause. > > What IPA version do you use? > $ rpm -q freeipa-server > > Petr^2 Spacek > > > >> Per the instructions, I've restarted ipa-dnskeysyncd, but it has had >> no effect. The only log entries I see are: >> >> # journalctl -u ipa-dnskeysyncd >> >> May 02 20:35:52 host.example.com systemd[1]: Stopping IPA key daemon... >> May 02 20:35:52 host.example.com ipa-dnskeysyncd[14903]: ipa : > INFO >> Signal 15 received: Shutting down! >> May 02 20:35:52 host.example.com systemd[1]: Started IPA key daemon. >> May 02 20:35:52 host.example.com systemd[1]: Starting IPA key daemon... >> May 02 20:35:52 host.example.com ipa-dnskeysyncd[15014]: ipa: WARNING: >> session memcached servers not running >> May 02 20:35:53 host.example.com ipa-dnskeysyncd[15014]: ipa : > INFO >> LDAP bind... >> May 02 20:35:53 host.example.com python2[15014]: GSSAPI client step 1 >> May 02 20:35:53 host.example.com python2[15014]: GSSAPI client step 1 >> May 02 20:35:54 host.example.com python2[15014]: GSSAPI client step 1 >> May 02 20:35:54 host.example.com python2[15014]: GSSAPI client step 2 >> May 02 20:35:54 host.example.com ipa-dnskeysyncd[15014]: ipa : > INFO >> Commencing sync process >> >> >> >> Can anyone advise on next steps? I've been banging my head against a >> wall for a couple days now and would really appreciate some help. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project