Bug 1324834

Summary: ipa-client-install fails to discover IPA servers when machines are in another zone.
Product: [Fedora] Fedora Reporter: Alvin <alvin>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: abokovoy, ipa-maint, jhrozek, mkosek, pviktori, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-18 11:22:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
/var/log/ipaclient-install.log none

Description Alvin 2016-04-07 12:07:43 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Have an ipa.example.com domain as standard. Add a domain (local.example.com). A _kerberos TXT entry will be created with IPA.EXAMPLE.COM as value. (integrated DNS.)
2. On a client in local.example.com, use the FreeIPA server as DNS. /etc/resolv.conf looks like:
search local.example.com
nameserver 10.0.0.1 # freeipa server
nameserver 10.0.0.2 # freeipa replica
3. Run ipa-client-install --enable-dns-updates

Actual results:
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com):

Expected results:
Due to the _kerberos TXT record, the domain of the IPA server should be detected automatically

Additional info:
On client:
dig +short -t TXT _kerberos.local.example.com.
"IPA.EXAMPLE.COM"
Comment 1 Alvin 2016-04-07 12:31:31 UTC 
Created attachment 1144696 [details]
/var/log/ipaclient-install.log
Comment 2 Petr Vobornik 2016-04-07 12:57:32 UTC 
There are two ways:

1. The ipa.example.com domain could be passed to --domain option of ipa-client-install.

2. To use just DNS discovery, additional DNS records need to be created. Please check  `man ipa-client-install` "DNS Autodiscovery" section. Or maybe https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/ipa-linux-services.html#dns
Comment 3 Petr Vobornik 2016-05-18 11:22:15 UTC 
Closing  due to lack of activity.