On 02/23/2013 12:48 PM, Dale Macartney wrote: > > Hi all > > I've just performed a clean IPA installation and noticed that if you're > using integrated DNS, you are still unable to use bind in a chrooted > environment with a default IPA install. > > Basically if its a chrooted environment, named will fail to start. > > To replicate what I've done, do the following. > > # yum install ipa-server bind bind-chroot bind-dyndb-ldap -y > # ipa-server-install --setup-dns (do your usual thing here) > > - From what I've been testing, there needs to be quite a few libraries > located in the chroot environment. > > I've done the below to get a little further (I should probably use > symbolic links, but for now copying the files is a start). > > mkdir /var/named/chroot/lib64/ > cp /lib64/libldap-2.4.so.2 /var/named/chroot/lib64/ > cp /lib64/liblber-2.4.so.2 /var/named/chroot/lib64/ > cp /lib64/libplds4.so /var/named/chroot/lib64/ > cp /lib64/libplc4.so /var/named/chroot/lib64/ > cp /lib64/libnspr4.so /var/named/chroot/lib64/ > cp /lib64/libcrypt.so.1 /var/named/chroot/lib64/ > cp /lib64/libfreebl3.so /var/named/chroot/lib64/ > > mkdir /var/named/chroot/usr/lib64/ > cp /usr/lib64/libssl3.so /var/named/chroot/usr/lib64/ > cp /usr/lib64/libsmime3.so /var/named/chroot/usr/lib64/ > cp /usr/lib64/libnss3.so /var/named/chroot/usr/lib64/ > cp /usr/lib64/libnssutil3.so /var/named/chroot/usr/lib64/ > cp /usr/lib64/libsasl2.so.2 /var/named/chroot/usr/lib64/ > > > > Now when I restart named, I get the below error in /var/log/messages. > > Does anyone have any ideas of the best way to get around this error? > > Feb 23 17:35:29 ds01 named[2425]: Failed to parse the principal name > DNS/ds01.example.com (Configuration file does not specify default realm)
It should be DNS/[email protected] I do not know the exact reason but it might be that bind ldap driver can't locate its kerberos configuration. I hope it will give you a hint and unblock you before the real masters of DNS chime in. > > > Thanks folks. > > Dale > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
