Thank you for the configuration. It looks good.Hello Pavel
On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka <pvomacka@redhat.com> wrote:
Hello Gustavo,
From what I can see, the issue would be PROTOCOL ERROR in whoami command. Could you please check whether all services running? Please run
# ipactl status
and post the output.
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
And please could you send me the /etc/named.conf? Especially everything after
dyndb "ipa"
line is interesting for us.
This is from /etc/named.conf
options {
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
listen-on-v6 {any;};
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
forward only;
forwarders {
10.73.2.100;
10.73.2.102;
10.73.2.101;
};
// Any host is permitted to issue recursive queries
allow-recursion { any; };
tkey-gssapi-keytab "/etc/named.keytab";
pid-file "/run/named/named.pid";
dnssec-enable yes;
dnssec-validation no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
print-time yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
dyndb "ipa" "/usr/lib64/bind/ldap.so" {
uri "ldapi://%2fvar%2frun%2fslapd-FISICA-CABIB.socket";
base "cn=dns, dc=fisica,dc=cabib";
fake_mname "ipaserver.fisica.cabib.";
auth_method "sasl";
sasl_mech "GSSAPI";
sasl_user "DNS/ipaserver.fisica.cabib";
server_id "ipaserver.fisica.cabib";
};
include "/etc/named.root.key";
key "rndc-key" {
algorithm hmac-md5;
secret "#########################";
};
--
Gustavo Berman
Sysadmin - Gerencia de Física - Centro Atómico Bariloche - CNEA
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
-- Pavel^3 Vomacka