1324834 – ipa-client-install fails to discover IPA servers when machines are in another zone.

Bug 1324834 - ipa-client-install fails to discover IPA servers when machines are in another zone.

Summary: ipa-client-install fails to discover IPA servers when machines are in another...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freeipa
Sub Component:
Version:	23
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	IPA Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-07 12:07 UTC by Alvin
Modified:	2016-05-18 11:22 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-18 11:22:15 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
/var/log/ipaclient-install.log (2.24 KB, text/plain) 2016-04-07 12:31 UTC, Alvin	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Alvin 2016-04-07 12:07:43 UTC

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Have an ipa.example.com domain as standard. Add a domain (local.example.com). A _kerberos TXT entry will be created with IPA.EXAMPLE.COM as value. (integrated DNS.)
2. On a client in local.example.com, use the FreeIPA server as DNS. /etc/resolv.conf looks like:
search local.example.com
nameserver 10.0.0.1 # freeipa server
nameserver 10.0.0.2 # freeipa replica
3. Run ipa-client-install --enable-dns-updates

Actual results:
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com):

Expected results:
Due to the _kerberos TXT record, the domain of the IPA server should be detected automatically

Additional info:
On client:
dig +short -t TXT _kerberos.local.example.com.
"IPA.EXAMPLE.COM"

Comment 1 Alvin 2016-04-07 12:31:31 UTC

Created attachment 1144696 [details]
/var/log/ipaclient-install.log

Comment 2 Petr Vobornik 2016-04-07 12:57:32 UTC

There are two ways:

1. The ipa.example.com domain could be passed to --domain option of ipa-client-install.

2. To use just DNS discovery, additional DNS records need to be created. Please check  `man ipa-client-install` "DNS Autodiscovery" section. Or maybe https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/ipa-linux-services.html#dns

Comment 3 Petr Vobornik 2016-05-18 11:22:15 UTC

Closing  due to lack of activity.

Note You need to log in before you can comment on or make changes to this bug.