Description of problem: When deploying IPA server, we've had several people fail due to incorrect hostname / DNS settings. In one case /etc/sysconfig/network HOSTNAME setting was bogus, not matching the configured ip address. In another case the reverse DNS was incorrect. The resulting kerberos problems are essentially impossible to diagnose except through guess-work / luck These are both issues that it ought to be possible to detect at time of setup. eg, - Run 'hostname' command & capture output - Verify that you can resolve the hostname to an IP address - Verify that the hostname is an A record, not a CNAME - Verify that the IP address matches that configured for one of the ethN devices - Resolve the IP address back to a hostname - Verify that the hostname matches the original hostname Version-Release number of selected component (if applicable): ipa-0.99-9.fc8 dist-f8-updates-candidate rcritten How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 296678 [details] require DNS A record, match A record to PTR This gets us most of the way there. What's left is to ensure that the hostname is configured to an operational ethernet address. I'm not sure how I'm going to do that.
Committed in changeset 707
Created attachment 297085 [details] make sure /etc/hosts is sane More fixes: Verify that the hostname is correct in /etc/hosts Fix an issue with reverse lookups on x86_64 Don't ignore exceptions when getting the hostname from the user
Committed /etc/hosts fix in changeset 716
Hi: The ipa install script correctly detects the configed hostname does not match DNS record, and it output some msg as below, ===================================================================== Server host name [wrong.ipaqa.com]: Warning: Hostname (wrong.ipaqa.com) not found in DNS The domain name has been calculated based on the host name. Please confirm the domain name [ipaqa.com]: The IPA Master Server will be configured with Hostname: wrong.ipaqa.com IP address: 172.16.142.140 Domain name: ipaqa.com ================================================================= If user just hit enter, the installation will continue and finish it. My question is: is this a right fix? if it is, then I will close the bug Yi
Yes. We warn them that things may not work but if they want to install anyway we can go ahead and let them (maybe they'll setup DNS afterward).
this one is fixed. marking bug verified.