I'm on RHEL 9 and have no /etc/named.conf file. I have tried creating one,
both in /etc and in /etc/named, with the suggested dnssec configuration,
but that got me no further.
On Fri, Jul 19, 2024 at 2:36 PM Rob Crittenden <rcrit...@redhat.com> wrote:
> Johnnie W Adams wrote:
> > So I adjusted my command line to point at the entire forest and not a
> > single domain controller, and got both a trust and a much more
> > interesting error:
> >
> > ipa: INFO: Response: {
> >
> > "error": {
> >
> > "code": 906,
> >
> > "data": {
> >
> > "error": "Fetching domains from trusted forest failed. See
> > details in the error_log",
> >
> > "server": "rhidm1.net.example.com
> > <http://rhidm1.net.example.com>"
> >
> > },
> >
> > "message": "error on server 'rhidm1.net.example.com
> > <http://rhidm1.net.example.com>': Fetching domains from trusted forest
> > failed. See details in the error_log",
> >
> > "name": "ServerCommandError"
> >
> > },
> >
> > "id": 0,
> >
> > "principal": "ad...@net.example.com <mailto:ad...@net.example.com>",
> >
> > "result": null,
> >
> > "version": "4.11.0"
> >
> > }
> >
> > ipa: ERROR: error on server 'rhidm1.net.example.com
> > <http://rhidm1.net.example.com>': Fetching domains from trusted forest
> > failed. See details in the error_log
> >
> >
> > From the error_log:
> >
> >
> > [Fri Jul 19 12:31:51.363222 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: Helper fetch_domains was called
> > for forest ad.test.example.com <http://ad.test.example.com>, return code
> > is 1
> >
> > [Fri Jul 19 12:31:51.363750 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: Standard output from the helper:
> >
> >
> > <snip>
> >
> >
> > [Fri Jul 19 12:31:51.364596 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: environment: environ({'LANG':
> > 'en_US.UTF-8', 'PATH':
> > '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin', 'PIDFILE':
> > '/run/oddjobd.pid', 'INVOCATION_ID': '002ac795667b4ab983ffa100b2f47dd8',
> > 'JOURNAL_STREAM': '8:36642766', 'SYSTEMD_EXEC_PID': '487987', 'LC_ALL':
> > 'C.UTF-8', 'ODDJOB_SERVICE_NAME': 'com.redhat.idm.trust',
> > 'ODDJOB_OBJECT_PATH': '/', 'ODDJOB_INTERFACE_NAME':
> > 'com.redhat.idm.trust', 'ODDJOB_METHOD_NAME': 'fetch_domains',
> > 'ODDJOB_CALLING_USER': 'ipaapi', 'KRB5_CONFIG': '/etc/krb5.conf',
> > 'KRB5CCNAME': '/run/ipa/krb5cc_oddjob_trusts_fetch'})
> >
> >
> > What am I looking at? What am I missing?
> >
>
> Is DNSSEC enabled? See https://access.redhat.com/solutions/2263991
>
> rob
>
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxad...@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
