On to, 20 loka 2016, Carlos Raúl Laguna wrote:
Hi Alexander,
I do belive is a DNS problem, the command failing are

host -t srv _ldap._tcp.ad_domain
dig SRV _ldap._tcp.ad_domain
after checkig the logs a see this error
"no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN':"

so i disable the dnssec validation on IPA and it work as expected, i will
setup dnssec on the windows side and enable dns validation once more on IPA
to see if can get the same outcome.
When you use DNSSEC validation, your DNS infrastructure should all be
using DNSSEC. This does not depend on whether you are deploying trust to
AD or not.

In fact, when installing FreeIPA server, you have option to disable
DNSSEC validation (ipa-server-install --no-dnssec-validation). The same
option exists in ipa-dns-install.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to