[Freeipa-users] dns problems with kerberos
Ivan Levchenko
levchenko.i at gmail.com
Mon Sep 15 12:44:29 UTC 2008
Hi All,
I installed IPA ok, no errors, i can even authenticate to it from a
remote host using the admin user.
I created a new users via the web panel, and as soon as I log in, it
says that the pass is expired and that i need to change it, as soon as
it gets the confirmation pass, i get an error:
$ kinit ivan
Password for ivan at MYDOMAIN.COM:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit(v5): Cannot contact any KDC for requested realm while getting
initial credentials
as i understand it, its a dns problem...
I added the needed info to my domains zone file like so:
;IPA
master IN A 192.168.0.112
_ldap._tcp IN SRV 0 100 389 master
;kerberos realm
_kerberos IN TXT MYDOMAIN.COM
; kerberos servers
_kerberos IN SRV 0 100 88 master
_kerberos IN SRV 0 100 88 master
_kerberos-master IN SRV 0 100 88 master
_kerberos-master IN SRV 0 100 88 master
_kpasswd._tcp IN SRV 0 100 464 master
_kpasswd._udp IN SRV 0 100 464 master
;ntp server
_ntp._udp IN SRV 0 100 123 ntp-server
using dig, i can verify that all of this works just fine.. is there
anything that I missing?
I'm very new to ipa, kerberos, ldap.. but I REALLY want to get a
single signon and single user/pass environment working...
thanks in advance!!!
--
Best Regards,
Ivan Levchenko
levchenko.i at gmail.com
More information about the Freeipa-users
mailing list