Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote: Hi, Server Side: RHEL6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64

[Freeipa-users] SSSD (sssd_be) crashing on RHEL 6.2

Hi, I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL 6.2 machines where we have installed SSSD connected to an IPA domain. SSSD can reach up to a month of uptime before sssd_be crashes. This happens on both physical and virtual machines. It happens at different machines

Re: [Freeipa-users] SSSD (sssd_be) crashing on RHEL 6.2

On Fri, 2012-03-02 at 14:52 +0100, Sigbjorn Lie wrote: Hi, I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL 6.2 machines where we have installed SSSD connected to an IPA domain. SSSD can reach up to a month of uptime before sssd_be crashes. This happens on both

Re: [Freeipa-users] SSSD (sssd_be) crashing on RHEL 6.2

On Fri, March 2, 2012 15:04, Stephen Gallagher wrote: On Fri, 2012-03-02 at 14:52 +0100, Sigbjorn Lie wrote: Hi, I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL 6.2 machines where we have installed SSSD connected to an IPA domain. SSSD can reach up to a month

Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

On Fri, 2012-03-02 at 08:10 -0500, Stephen Gallagher wrote: On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote: Hi, Server Side: RHEL6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch

Re: [Freeipa-users] SSSD (sssd_be) crashing on RHEL 6.2

On Fri, 2012-03-02 at 15:08 +0100, Sigbjorn Lie wrote: On Fri, March 2, 2012 15:04, Stephen Gallagher wrote: On Fri, 2012-03-02 at 14:52 +0100, Sigbjorn Lie wrote: Hi, I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL 6.2 machines where we have installed

Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

There are kerberized programs that expect to use gethostname() and use that name to compose principals. If that name is not fully qualified they will break. Simo. Normally, you should have both: [root@ara tmp]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal

Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

On Fri, 2012-03-02 at 15:21 +0100, Ondrej Valousek wrote: There are kerberized programs that expect to use gethostname() and use that name to compose principals. If that name is not fully qualified they will break. Simo. Normally, you should have both: [root@ara tmp]# klist -k

Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

No, unless you can alias them in the KDC. Our KDC can technically supports aliases now, but we haven't added these kind of aliases yet to it. And it is a bit controversial on whether we want to. In A windows domain you simply cannot have client residing in a DNA domain that is not the same as

Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?

On Fri, 2012-03-02 at 16:10 +0100, Ondrej Valousek wrote: No, unless you can alias them in the KDC. Our KDC can technically supports aliases now, but we haven't added these kind of aliases yet to it. And it is a bit controversial on whether we want to. In A windows domain you simply