Sorry for probably stupid question, but if in general ipaclient.staging.example.com host may be a member in prod.example.com domain?
On Thu, Jun 20, 2013 at 10:34 AM, Vitaly <[email protected]> wrote: > >Is KDC resolvable from the client? > yes, there is DNS resolving for "serv02.prod.example.com" on client. > > >Do you have an AD DNS that might be actually serving records? > no, I don't AD DNS for prod.example.com > >What version of the client and what OS are you using? > > On the client: > ipa-client-2.0-10.el5_6.1 > Red Hat Enterprise Linux Server release 5.6 (Tikanga) > > On IPA server : > > ipa-pki-common-theme-9.0.3-7.el6.noarch > > ipa-pki-ca-theme-9.0.3-7.el6.noarch > > libipa_hbac-1.5.1-66.el6_2.3.x86_64 > > libipa_hbac-python-1.5.1-66.el6_2.3.x86_64 > > ipa-python-2.1.3-9.el6.x86_64 > > ipa-client-2.1.3-9.el6.x86_64 > > ipa-server-selinux-2.1.3-9.el6.x86_64 > > ipa-admintools-2.1.3-9.el6.x86_64 > > ipa-server-2.1.3-9.el6.x86_64 > > Red Hat Enterprise Linux Server release 6.2 (Santiago) > > Thank you, > Vitaly > > > On Wed, Jun 19, 2013 at 7:45 PM, Dmitri Pal <[email protected]> wrote: > > On 06/19/2013 10:32 AM, Vitaly wrote: > > > > > > ipa-client-install fails with "Cannot resolve network address for KDC" > > message. > > I don't have SRV records, but I provide IPA server name via "--server" > > param. > > any ideas? > > > > TIA, > > Vitaly > > > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > > '/var/lib/ipa-client/sysrestore/sysrestore.index' > > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > > ldap://serv02.prod.example.com:389 > > 2013-06-19 13:58:39,193 DEBUG Search rootdse > > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > > dc=prod,dc=example,dc=com(base) > > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > > ['prod.example.com'], 'dc': ['prod'], 'nisDomain': ['prod.example.com > ']})] > > 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) > in > > dc=prod,dc=example,dc=com(sub) > > 2013-06-19 13:58:39,313 DEBUG Found: > > [('cn=PROD.EXAMPLE.COM,cn=kerberos,dc=prod,dc=example,dc=com', > > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM > '], > > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', > > 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], > > 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', > > 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', > > 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', > > 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', > > 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > > 'krbMaxRenewableAge': ['604800']})] > > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > > [email protected] > > 2013-06-19 13:58:52,032 INFO stdout= > > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > > address for KDC in realm PROD.EXAMPLE.COM while getting initial > credentials > > > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > > 2013-06-19 13:58:52,065 INFO stdout= > > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found > > while destroying cache > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > > Is KDC resolvable from the client? > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager for IdM portfolio > > Red Hat Inc. > > > > > > ------------------------------- > > Looking to carve out IT costs? > > www.redhat.com/carveoutcosts/ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
