[Freeipa-users] hosts/clients joining IPA but dns updating not working

Steven Jones Steven.Jones at vuw.ac.nz
Tue Mar 27 19:47:17 UTC 2012 

Hi

Its possible the uninstall from one IPA realm didnt work properly before I joined it to another?

Anyway I have incl both logs just in case.  There is a suggestion that the kerberos ticket isnt right?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Martin Kosek [mkosek at redhat.com]
Sent: Tuesday, 27 March 2012 10:04 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working

On Tue, 2012-03-27 at 01:15 +0000, Steven Jones wrote:
> Hi,
>
> I just started adding hosts/clients but DNS isnt being updated for the client(s).
>
> Screenshot of error is attached....
>

Hello Steven,

there is something wrong with your host keytab. As written in the
output, ipa-client-install could not get a TGT for
host/vuwunicorh6ws04 at ODS.VUW.AC.NZ and thus nsupdate which performs the
DNS update failed.

Can you please attach a relevant portion of ipaclient-install.log so
that we can get more information about why it failed?

Alternatively, you can list credentials in the keytab with this command
yourself:
# klist -kt /etc/krb5.keytab

To test obtaining the TGT from the host keytab and thus reproducing this
issue, you can run this command:
# kinit -k -t /etc/krb5.keytab host/vuwunicorh6ws04 at ODS.VUW.AC.NZ

The command output itself, or KRB5KDC logs in IPA server should provide
a hint why the kinit fails.

Martin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaclient-install.log
Type: application/octet-stream
Size: 11069 bytes
Desc: ipaclient-install.log
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120327/a221eb83/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaclient-uninstall.log
Type: application/octet-stream
Size: 7987 bytes
Desc: ipaclient-uninstall.log
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120327/a221eb83/attachment-0001.obj>

More information about the Freeipa-users mailing list