On 08/02/2011 09:42 AM, Ondrej Valousek wrote:
This actually brought a chuckle....we've been through a few
iterations of how to deal with this. The approach did do Reverse at
one point, but that brought in a few other issues. Needless to say,
we've felt your pain on numerous occasions.
It was just "polaris" - so I tried:
[root polaris etc]# hostname polaris.example.com
and it started working - Magic!
That means that we rely on the fact that hostname is set to FQDN,
right? Isn't it too strong requirement?
Maybe we should guess FQDN using reverse lookups I do not know.
The bottom line is that at least the IPA installation script
should warn about the incorrect hostname.
Kerberos depends on the hostname being right, and none of the auth
works without Kerberos. This is an issue that seems to mess people
up in testing and evaluation mode, but people want and need it to
resolve correctly in live environments.
the error message was bit confusing as well, because from that one
none can even guess what went wrong, I even tried to add 'ipactl
-d start' to print more debugging, but it did not help either.
Just trying to bring some ideas, otherwise I am happy that it is
working again for me :-)
On 02.08.2011 15:18, Rob Crittenden wrote:
your hostname set to polaris.example.com or polaris (check
What we search for is cn=$FQDN,cn=masters,cn=etc
That explains the matched part. It matched everything except the
The information contained in this e-mail and in any attachments is
confidential and is designated solely for the attention of the
intended recipient(s). If you are not an intended recipient, you
must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error,
please notify the sender by return e-mail and delete all copies of
this e-mail from your computer system(s).
Please direct any additional queries to:
communications s3group com.
Silicon and Software Systems Limited (S3 Group). Registered in
Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown,
Freeipa-users mailing list
Freeipa-users redhat com