If you don't have DNS configured then this is not a dnssec issue. Creating this file is a no-op without bind configured. Which is fine. It just means it isn't dnssec-related.
rob Johnnie W Adams via FreeIPA-users wrote: > I'm on RHEL 9 and have no /etc/named.conf file. I have tried > creating one, both in /etc and in /etc/named, with the suggested dnssec > configuration, but that got me no further. > > On Fri, Jul 19, 2024 at 2:36 PM Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Johnnie W Adams wrote: > > So I adjusted my command line to point at the entire forest and not a > > single domain controller, and got both a trust and a much more > > interesting error: > > > > ipa: INFO: Response: { > > > > "error": { > > > > "code": 906, > > > > "data": { > > > > "error": "Fetching domains from trusted forest failed. See > > details in the error_log", > > > > "server": "rhidm1.net.example.com > <http://rhidm1.net.example.com> > > <http://rhidm1.net.example.com>" > > > > }, > > > > "message": "error on server 'rhidm1.net.example.com > <http://rhidm1.net.example.com> > > <http://rhidm1.net.example.com>': Fetching domains from trusted forest > > failed. See details in the error_log", > > > > "name": "ServerCommandError" > > > > }, > > > > "id": 0, > > > > "principal": "ad...@net.example.com > <mailto:ad...@net.example.com> <mailto:ad...@net.example.com > <mailto:ad...@net.example.com>>", > > > > "result": null, > > > > "version": "4.11.0" > > > > } > > > > ipa: ERROR: error on server 'rhidm1.net.example.com > <http://rhidm1.net.example.com> > > <http://rhidm1.net.example.com>': Fetching domains from trusted forest > > failed. See details in the error_log > > > > > > From the error_log: > > > > > > [Fri Jul 19 12:31:51.363222 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: Helper fetch_domains was > called > > for forest ad.test.example.com <http://ad.test.example.com> > <http://ad.test.example.com>, return code > > is 1 > > > > [Fri Jul 19 12:31:51.363750 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: Standard output from the > helper: > > > > > > <snip> > > > > > > [Fri Jul 19 12:31:51.364596 2024] [wsgi:error] [pid 522388:tid 522652] > > [remote <ip address>:39124] ipa: ERROR: environment: environ({'LANG': > > 'en_US.UTF-8', 'PATH': > > '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin', 'PIDFILE': > > '/run/oddjobd.pid', 'INVOCATION_ID': > '002ac795667b4ab983ffa100b2f47dd8', > > 'JOURNAL_STREAM': '8:36642766', 'SYSTEMD_EXEC_PID': '487987', > 'LC_ALL': > > 'C.UTF-8', 'ODDJOB_SERVICE_NAME': 'com.redhat.idm.trust', > > 'ODDJOB_OBJECT_PATH': '/', 'ODDJOB_INTERFACE_NAME': > > 'com.redhat.idm.trust', 'ODDJOB_METHOD_NAME': 'fetch_domains', > > 'ODDJOB_CALLING_USER': 'ipaapi', 'KRB5_CONFIG': '/etc/krb5.conf', > > 'KRB5CCNAME': '/run/ipa/krb5cc_oddjob_trusts_fetch'}) > > > > > > What am I looking at? What am I missing? > > > > Is DNSSEC enabled? See https://access.redhat.com/solutions/2263991 > > rob > > > > -- > John Adams > Senior Linux/Middleware Administrator | Information Technology Services > +1-501-916-3010 | jxad...@ualr.edu <mailto:jxad...@ualr.edu> | > http://ualr.edu/itservices > *UA Little Rock* > * > * > > Reminder: IT Services will never ask for your password over the phone > or in an email. Always be suspicious of requests for personal > information that come via email, even from known contacts. For more > information or to report suspicious email, visit IT Security > <http://ualr.edu/itservices/security/>.** > > -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
