[Freeipa-devel] Adding client on RHEL 6 fails to get DNS entry

Adam Young ayoung at redhat.com
Fri Feb 25 19:49:27 UTC 2011 

On 02/25/2011 12:47 AM, Simo Sorce wrote:
> On Thu, 24 Feb 2011 20:55:32 -0500
> Adam Young<ayoung at redhat.com>  wrote:
>
>> I updated the reolve.conf of the client machine to point to the
>> server and ran:
>>
>>
>> [root at vm-060 ~]# ipa-client-install --domain  idm.lab.bos.redhat.com
>> -p admin -w freeipa4all
>> Discovery was successful!
>> Realm: IDM.LAB.BOS.REDHAT.COM
>> DNS Domain: idm.lab.bos.redhat.com
>> IPA Server: vm-051.idm.lab.bos.redhat.com
>> BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
>>
>>
>> Continue to configure the system with these values? [no]: yes
>>
>> Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
>> Created /etc/ipa/default.conf
>> Configured /etc/sssd/sssd.conf
>> Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM
>> certmonger request for host certificate failed
>> Warning: Hostname (vm-060.idm.lab.bos.redhat.com) not found in DNS
>> Failed to obtain host TGT.
>> Failed to update DNS A record. (Command 'x' returned non-zero exit
>> status 1) SSSD enabled
>> Kerberos 5 enabled
>> NTP enabled
>> Client configuration complete.
>>
>>
>> Is this a sign of a cert server issue?  THis is the first time
>> running with dogtag.
> We use TSIG-GSSAPI for DNS Updates, no certs involved.
>
>> Here's the last couple of lines from the ipa-server-log/  They look
>> fine to me.
>>
>> [Thu Feb 24 20:41:06 2011] [error] ipa: INFO:
>> admin at IDM.LAB.BOS.REDHAT.COM: host_find(u'', all=True): SUCCESS
>> [Thu Feb 24 20:41:14 2011] [error] ipa: INFO:
>> admin at IDM.LAB.BOS.REDHAT.COM: batch(({u'params':
>> [[u'vm-060.idm.lab.bos.redhat.com'], {}], u'method': u'host_del'},)):
>> SUCCESS
>> [Thu Feb 24 20:41:15 2011] [error] ipa: INFO:
>> admin at IDM.LAB.BOS.REDHAT.COM: host_find(u'', all=True): SUCCESS
>> [Thu Feb 24 20:46:04 2011] [error] ipa: INFO:
>> admin at IDM.LAB.BOS.REDHAT.COM: join(u'vm-060.idm.lab.bos.redhat.com',
>> nshardwareplatform=u'x86_64',
>> nsosversion=u'2.6.32-114.0.1.el6.x86_64'): SUCCESS
> Can you send the ipaclient-install.log file ?

Attached

>> This machine had client installed before, but I've since uninstalled
>> and reinstalled both the server and client, and rebooted the client
>> as well.
> Should make no difference at all, it seem nsupdate is failing.
> Do you have bind-utils installed ?
>

Yes: bind-utils-9.7.2-8.P3.el6.x86_64
>> There is no file /etc/ipa/.dns_update.txt
> And there shouldn't, it is a temp file we delete as soon as we are done.
>
> Simo.
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipaclient-install.log
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110225/c6fd8865/attachment.log>

More information about the Freeipa-devel mailing list