HI Traino, thanks for the info
i have checked the hots and confirmed that entry was <ip> <FQDN> <Alias> format And the DNS everything is working [root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local ${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa +noadditional +noauthority; done | egrep -v "^;" | egrep _ _ldap._tcp.SUN.LOCAL. 21965 IN SRV 0 100 389 kwtprsolipa01.sun.local. _kerberos._tcp.SUN.LOCAL. 1957 IN SRV 0 100 88 kwtprsolipa01.sun.local. _kerberos._udp.SUN.LOCAL. 86400 IN SRV 0 100 88 kwtprsolipa01.sun.local. _kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV 0 100 88 kwtprsolipa01.sun.local. _kerberos-master._udp.SUN.LOCAL. 9112 IN SRV 0 100 88 kwtprsolipa01.sun.local. _ntp._udp.SUN.LOCAL. 86400 IN SRV 0 100 123 kwtprsolipa01.sun.local. [root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local ${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa +noadditional +noauthority; done | egrep -v "^;" | egrep _ _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389 dxbprdc002.mha.local. _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389 kwtprdc001.mha.local. _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389 dxbprdc001.mha.local. _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389 rusmosprdc002.mha.local. _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389 kwtprdc002.mha.local. _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88 kwtprdc001.mha.local. _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88 dxbprdc002.mha.local. _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88 dxbprdc001.mha.local. _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88 kwtprdc002.mha.local. _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88 kwtprdc002.mha.local. _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88 dxbprdc002.mha.local. _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88 kwtprdc001.mha.local. _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88 dxbprdc001.mha.local. [root@kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99 99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local. [root@kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local kwtprsolipa01.sun.local has address 172.16.99.99 [root@kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local mha.local has address 172.16.98.171 mha.local has address 172.16.100.180 mha.local has address 10.10.10.11 mha.local has address 10.10.10.10 [root@kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;kwtprsolipa01.sun.local. IN A ;; ANSWER SECTION: kwtprsolipa01.sun.local. 38 IN A 172.16.99.99 ;; Query time: 0 msec ;; SERVER: 172.16.100.180#53(172.16.100.180) ;; WHEN: Wed Apr 08 13:54:02 AST 2015 ;; MSG SIZE rcvd: 68 On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome <trai...@gmail.com> wrote: > Hi Ben > > > > On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George <bentech4...@gmail.com> > wrote: > > HI > > > > i am getting krb5kdc: Server error on ligs: > > > > krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL > > > > and the ipactl status is taking long time. Web interface is not able to > > athenticate. > > > > If i issue ipactl restart, noting is happening > > > > to solve this issue currently i am restarting full server.. > > > > > > How can i fix this? > > > > Check the tail-end of this thread: > > https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html > > You may want to begin by checking /etc/hosts for the right format (<ip > address> <fqdn> <hostname>). > DNS is probably the very next thing you want to check... thoroughly. > > > > > > > > Regards, > > Ben > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project