freeipa

Clone
Source Code
GIT

#1100 KDC autodiscovery may fail when domain != realm
Closed: Fixed None Opened 13 years ago by mkosek.

Closed: Fixed
Reopen Issue

When ipa-client-install autodiscovers IPA server values it doesn't fill the fixed KDC address to Kerberos configuration file.

However, when realm != domain or the autodiscovered values are overridden, installation may fail because the autodiscovery tries to read the KDC address from DNS zone which equals "realm". If this zone is not configured for Kerberos autodiscovery, installation will fail with the following error:

$ sudo ipa-client-install
Discovery was successful!
Realm: TESTRELM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-111.idm.lab.bos.redhat.com
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
Password for admin@TESTRELM:

kinit: Cannot resolve network address for KDC in realm "TESTRELM" while getting initial credentials

In that case Kerberos tried to read KDC address from DNS zone "TESTRELM".

There should be a failover for that case and we should manually store KDC address to krb.conf in that case (like when --force parameter is entered) + warn the user.

https://bugzilla.redhat.com/show_bug.cgi?id=688266

Patch is ready. Waiting for 2.1 branch initialization.

master: 95b4040[[BR]]
ipa-2-0: 4a4c545

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.1 - 2011/05
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=688266
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.