Hello Pavel
On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka pvomacka@redhat.com wrote:
Hello Gustavo, From what I can see, the issue would be PROTOCOL ERROR in whoami command. Could you please check whether all services running? Please run # ipactl status
and post the output.
# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful
And please could you send me the /etc/named.conf? Especially everything after dyndb "ipa" line is interesting for us.
This is from /etc/named.conf
options { // turns on IPv6 for port 53, IPv4 is on by default for all ifaces listen-on-v6 {any;};
// Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt";
forward only; forwarders { 10.73.2.100; 10.73.2.102; 10.73.2.101; };
// Any host is permitted to issue recursive queries allow-recursion { any; };
tkey-gssapi-keytab "/etc/named.keytab"; pid-file "/run/named/named.pid"; dnssec-enable yes; dnssec-validation no; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
/* If you want to enable debugging, eg. using the 'rndc trace' command, * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ logging { channel default_debug { file "data/named.run"; severity dynamic; print-time yes; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones";
dyndb "ipa" "/usr/lib64/bind/ldap.so" { uri "ldapi://%2fvar%2frun%2fslapd-FISICA-CABIB.socket"; base "cn=dns, dc=fisica,dc=cabib"; fake_mname "ipaserver.fisica.cabib."; auth_method "sasl"; sasl_mech "GSSAPI"; sasl_user "DNS/ipaserver.fisica.cabib"; server_id "ipaserver.fisica.cabib"; }; include "/etc/named.root.key";
key "rndc-key" { algorithm hmac-md5; secret "#########################"; };