This bug has been copied from bug #816693 and has been proposed to be backported to 5.8 z-stream (EUS).
Patch backported from 5.9.
test pass: x86_64 ipa-client join ipa-server on i386 platform [root@fushcia (RH5.8-x86_64) yi] ipa-client-install DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): yzhang.redhat.com DNS discovery failed to find the IPA Server Provide your IPA server name (ex: ipa.example.com): coconut.yzhang.redhat.com The failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured. Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Hostname: fushcia.yzhang.redhat.com Realm: YZHANG.REDHAT.COM DNS Domain: yzhang.redhat.com IPA Server: coconut.yzhang.redhat.com BaseDN: dc=yzhang,dc=redhat,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin.COM: Enrolled in IPA realm YZHANG.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM Failed to stop the nscd daemon SSSD enabled NTP enabled Client configuration complete. [root@fushcia (RH5.8-x86_64) yi] kinit admin Password for admin.COM: [root@fushcia (RH5.8-x86_64) yi] klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin.COM Valid starting Expires Service principal 05/08/12 10:21:23 05/09/12 10:21:20 krbtgt/YZHANG.REDHAT.COM.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@fushcia (RH5.8-x86_64) yi] id admin uid=312000001(admin) gid=31200000(admins) groups=31200000(admins) context=user_u:system_r:unconfined_t
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: If the client requested keys for encryption types that the server did not support, and the requested key was not returned, the ipa-getkeytab utility, and consequently the client enrollment, failed. With this update, the ipa-getkeytab utility has been modified to no longer fail if the key is not retrieved; a warning message is now displayed instead.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0684.html