Bug 826799 - Identity Management Guide DNS Errors
Identity Management Guide DNS Errors
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Identity_Management_Guide (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Deon Ballard
: Documentation
Depends On:
  Show dependency treegraph
Reported: 2012-05-30 21:24 EDT by Sivaram Shunmugam
Modified: 2012-06-26 11:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-26 11:02:18 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sivaram Shunmugam 2012-05-30 21:24:11 EDT
Description of problem:

There are errors in the DNS entries as detailed in section 
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Preparing_for_an_IPA_Installation.html#Preparing_for_an_IPA_Installation-DNS The IPA-Generated DNS File

; ldap servers
_ldap._tcp              IN SRV 0 100 389        ipaserver.example.com

;kerberos realm
_kerberos               IN TXT EXAMPLE.COM

; kerberos servers
_kerberos._tcp          IN SRV 0 100 88         ipaserver.example.com
_kerberos._udp          IN SRV 0 100 88         ipaserver.example.com
_kerberos-master._tcp   IN SRV 0 100 88         ipaserver.example.com
_kerberos-master._udp   IN SRV 0 100 88         ipaserver.example.com
_kpasswd._tcp           IN SRV 0 100 464        ipaserver.example.com
_kpasswd._udp           IN SRV 0 100 464        ipaserver.example.com

After adding these entries into my bind configuration, I realized that I was unable to allow RHEV-M to add this as a domain.

According to KB65509:

The DNS entries should be as follows:

 _kerberos._udp                  IN SRV 0 100 88  rhev.example.com.
 _kerberos._tcp                  IN SRV 0 100 88  rhev.example.com.
 _ldap._tcp                      IN SRV 0 100 389 rhev.example.com.

(Note the missing '.' at the end).

After correcting these entries, I was able to allow RHEVM to add the domain.

Version-Release number of selected component (if applicable):
6.2 Docs

How reproducible:


Steps to Reproduce:
1. Follow Documentation section The IPA-Generated DNS File of the Enterprise Identity Management Guide and create DNS entries in bind.
2. Attempt to join RHEVM to the domain the IPA server is serving

Actual results:
1. RHEV-M is unable to join the IPA domain. "Authentication Failure"

Expected results:
1. RHEV-M should be able to join the IPA Domain.
2. Fix is to add the trailing '.' into the DNS entries.
Comment 2 Martin Kosek 2012-05-31 07:32:28 EDT
Moving to proper component.

This Bug is applicable for sections:
- The IPA-Generated DNS File
- 2.5.2. Creating the Replica
- Example 8.5. SRV Record
- 8.12. Changing Load Balancing for IPA Servers and Replicas

In all these sections, SRV hostname should have the trailing '.' otherwise the SRV records won't work.

Note You need to log in before you can comment on or make changes to this bug.