Sean Hogan wrote:
Hi All,

Wondering if someone knows how the SSHFPs of a box are getting uploaded
to IPA during ipa-client-install --enable-dns-updates? Is it going over
port 389,636,22?

Have an issue that on one network my enrolls work fine and everything
gets updated. A new network was put in place but still part of the same
domain and I get SSHFP failed to upload. I was assuming this has
something to do with DNS but Network team says bi directional port 53 is
good and I can nslookup. Both new and old networks point to the same IPA
DNS server for enrolling. The IPs of the new network still fall in my
reverse zone.

So My DNS is setup with:
test.local
10.in-addr.arpa

and the IP scheme for new net is 10.5.x.x, old net is 10.35.x.x

It updates over DNS using nsupdate.

Results of current Network

Look in /var/log/ipaclient-install.log for details.

rob



Enrolled in IPA realm TEST.LOCAL
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TEST.LOCAL
trying *_https://bob.test.local/ipa/xml_*
<https://rtpvxl0068.watson.local/ipa/xml>
Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
DNS server record set to: dingle.test.local -> IP of dingle
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
SSSD enabled
Configuring test.local as NIS domain
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.




Results of New network
Enrolled in IPA realm TEST.LOCAL
Attempting to get host TGT...
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TEST.LOCAL
trying *_https://bob.test.local/ipa/xml_*
<https://rtpvxl0068.watson.local/ipa/xml>
Forwarding 'env' to server u'https://bob.test.local/ipa/xml'
Failed to update DNS records.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://bob.test.local/ipa/xml'
Could not update DNS SSHFP records.
SSSD enabled
Configuring test.local as NIS domain
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete






Sean Hogan





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to