Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
Hello, please post output from: # klist -kt /etc/krb5.keytab We still need this to better understand logs. I'm not sure if keytab contains right keys. -- Petr Spacek On 03/27/2012 09:47 PM, Steven Jones wrote: Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another? Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Martin Kosek [mko...@redhat.com] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote: Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote: Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another? Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Martin Kosek [mko...@redhat.com] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote: Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin ipaclient-install.log Description: ipaclient-install.log ipaclient-uninstall.log Description: ipaclient-uninstall.log ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working
On 03/27/2012 03:47 PM, Steven Jones wrote: Hi Its possible the uninstall from one IPA realm didnt work properly before I joined it to another? Anyway I have incl both logs just in case. There is a suggestion that the kerberos ticket isnt right? Seems like the client fails to get its name properly. Something related to the host name resolution is likely not correct. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Martin Kosek [mko...@redhat.com] Sent: Tuesday, 27 March 2012 10:04 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote: Hi, I just started adding hosts/clients but DNS isnt being updated for the client(s). Screenshot of error is attached Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-install could not get a TGT for host/vuwunicorh6w...@ods.vuw.ac.nz and thus nsupdate which performs the DNS update failed. Can you please attach a relevant portion of ipaclient-install.log so that we can get more information about why it failed? Alternatively, you can list credentials in the keytab with this command yourself: # klist -kt /etc/krb5.keytab To test obtaining the TGT from the host keytab and thus reproducing this issue, you can run this command: # kinit -k -t /etc/krb5.keytab host/vuwunicorh6w...@ods.vuw.ac.nz The command output itself, or KRB5KDC logs in IPA server should provide a hint why the kinit fails. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users