Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ? Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
debug level 9 is really verbose, and I'm not sure what I'm looking for So far I found this
[ipa_init_dyndns] Dynamic DNS updates are on. Checking for nsupdate... [ipa_init_dyndns] (0x0100): nsupdate is available [ipa_dyndns_init] (0x0040): Dyndns task can't be started, dyndns_refresh_interval is 0 [ipa_init_dyndns] (0x0080): Failure setting up automatic DNS update
What causes this ?
Rob
Op vr 19 apr. 2019 om 16:27 schreef François Cami fcami@redhat.com:
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop
starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work
but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Fri, Apr 19, 2019 at 4:47 PM Rob Verduijn rob.verduijn@gmail.com wrote:
debug level 9 is really verbose, and I'm not sure what I'm looking for So far I found this
[ipa_init_dyndns] Dynamic DNS updates are on. Checking for nsupdate... [ipa_init_dyndns] (0x0100): nsupdate is available [ipa_dyndns_init] (0x0040): Dyndns task can't be started, dyndns_refresh_interval is 0 [ipa_init_dyndns] (0x0080): Failure setting up automatic DNS update
What causes this ?
There's a timer, I think. What happens if you wait a bit? Can you compare to another host?
Rob
Op vr 19 apr. 2019 om 16:27 schreef François Cami fcami@redhat.com:
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
hmmm got it to work (some rtfm helped)
from the sssd-ipa man page dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true.
Default: 0 (disabled)
This was never needed before, where did this come from ? Why is this suddenly biting me ?
Anyway my ansible playbooks will see to it that this gets distributed accross my systems. What would be a sane value ? 2400 ?
Rob
Op vr 19 apr. 2019 om 16:57 schreef François Cami fcami@redhat.com:
On Fri, Apr 19, 2019 at 4:47 PM Rob Verduijn rob.verduijn@gmail.com wrote:
debug level 9 is really verbose, and I'm not sure what I'm looking for So far I found this
[ipa_init_dyndns] Dynamic DNS updates are on. Checking for nsupdate... [ipa_init_dyndns] (0x0100): nsupdate is available [ipa_dyndns_init] (0x0040): Dyndns task can't be started,
dyndns_refresh_interval is 0
[ipa_init_dyndns] (0x0080): Failure setting up automatic DNS update
What causes this ?
There's a timer, I think. What happens if you wait a bit? Can you compare to another host?
Rob
Op vr 19 apr. 2019 om 16:27 schreef François Cami fcami@redhat.com:
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop
starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that
work but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on
startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Fri, Apr 19, 2019 at 5:40 PM Rob Verduijn rob.verduijn@gmail.com wrote:
hmmm got it to work (some rtfm helped)
from the sssd-ipa man page dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true.
Default: 0 (disabled)
This was never needed before, where did this come from ?
I think this is part of sssd 2.1.0: https://github.com/SSSD/sssd/commit/df9e4802c060fc21d38f238265805092352e5c95
Why is this suddenly biting me ?
If your other hosts are older the codepath might be different.
Anyway my ansible playbooks will see to it that this gets distributed accross my systems. What would be a sane value ? 2400 ?
I don't know, maybe a sssd developer will chime in. But it depends how long you're prepared to wait for the DNS update to happen I guess.
Rob
Op vr 19 apr. 2019 om 16:57 schreef François Cami fcami@redhat.com:
On Fri, Apr 19, 2019 at 4:47 PM Rob Verduijn rob.verduijn@gmail.com wrote:
debug level 9 is really verbose, and I'm not sure what I'm looking for So far I found this
[ipa_init_dyndns] Dynamic DNS updates are on. Checking for nsupdate... [ipa_init_dyndns] (0x0100): nsupdate is available [ipa_dyndns_init] (0x0040): Dyndns task can't be started, dyndns_refresh_interval is 0 [ipa_init_dyndns] (0x0080): Failure setting up automatic DNS update
What causes this ?
There's a timer, I think. What happens if you wait a bit? Can you compare to another host?
Rob
Op vr 19 apr. 2019 om 16:27 schreef François Cami fcami@redhat.com:
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Well since I've done a clean ipaclient install on this client, the ipa-client-install should have taken care of it, which it obviously didn't. I think an update for the default sssd.conf is in order.
Rob
Op vr 19 apr. 2019 om 17:46 schreef François Cami fcami@redhat.com:
On Fri, Apr 19, 2019 at 5:40 PM Rob Verduijn rob.verduijn@gmail.com wrote:
hmmm got it to work (some rtfm helped)
from the sssd-ipa man page dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in
addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true.
Default: 0 (disabled)
This was never needed before, where did this come from ?
I think this is part of sssd 2.1.0:
https://github.com/SSSD/sssd/commit/df9e4802c060fc21d38f238265805092352e5c95
Why is this suddenly biting me ?
If your other hosts are older the codepath might be different.
Anyway my ansible playbooks will see to it that this gets distributed
accross my systems.
What would be a sane value ? 2400 ?
I don't know, maybe a sssd developer will chime in. But it depends how long you're prepared to wait for the DNS update to happen I guess.
Rob
Op vr 19 apr. 2019 om 16:57 schreef François Cami fcami@redhat.com:
On Fri, Apr 19, 2019 at 4:47 PM Rob Verduijn rob.verduijn@gmail.com
wrote:
debug level 9 is really verbose, and I'm not sure what I'm looking for So far I found this
[ipa_init_dyndns] Dynamic DNS updates are on. Checking for nsupdate... [ipa_init_dyndns] (0x0100): nsupdate is available [ipa_dyndns_init] (0x0040): Dyndns task can't be started,
dyndns_refresh_interval is 0
[ipa_init_dyndns] (0x0080): Failure setting up automatic DNS update
What causes this ?
There's a timer, I think. What happens if you wait a bit? Can you compare to another host?
Rob
Op vr 19 apr. 2019 om 16:27 schreef François Cami fcami@redhat.com:
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the
laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that
work but can't seem to find it.
Anybody got an idea where to look ?
Please enable debug mode in sssd. debug_level = 9 should be enough, in the domain section of sssd.conf. Restart sssd and then make sure the laptop gets a new address on
startup.
François
Rob
my sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com ipa_domain = example.com ipa_hostname = laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 4/19/19 3:59 PM, Rob Verduijn via FreeIPA-users wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ? Rob
my sssd.conf [domain/example.com http://example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com http://freeipa01.example.com ipa_domain = example.com http://example.com ipa_hostname = laptop.example.com http://laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com http://example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi,
can you check if the zones allow dynamic dns updates (for the forward and reverse zones)? $ kinit admin $ ipa dnszone-show $ZONE --all | grep Dynamic Dynamic update: TRUE
For troubleshooting, please have a look at https://www.freeipa.org/page/Troubleshooting/DNS as it explains where to find the relevant logs.
flo
Hello forward and reverse dynamic dns updates are on
Rob
Op vr 19 apr. 2019 om 16:30 schreef Florence Blanc-Renaud flo@redhat.com:
On 4/19/19 3:59 PM, Rob Verduijn via FreeIPA-users wrote:
Hello,
I have this laptop that is an ipa domain member. And the login/sudo/automount all works fine. However the dns entries of the laptop are not updated when the laptop starts up and gets a new ipaddress.
I've looked in several configs and compared to other systems that work but can't seem to find it.
Anybody got an idea where to look ? Rob
my sssd.conf [domain/example.com http://example.com] id_provider = ipa ipa_server = _srv_, freeipa01.example.com http://freeipa01.example.com ipa_domain = example.com http://example.com ipa_hostname = laptop.example.com http://laptop.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = * krb5_store_password_if_offline = True autofs_provider = ipa ipa_automount_location = laptop [sssd] services = nss, pam, ssh, sudo, autofs domains = example.com http://example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording]
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi,
can you check if the zones allow dynamic dns updates (for the forward and reverse zones)? $ kinit admin $ ipa dnszone-show $ZONE --all | grep Dynamic Dynamic update: TRUE
For troubleshooting, please have a look at https://www.freeipa.org/page/Troubleshooting/DNS as it explains where to find the relevant logs.
flo
freeipa-users@lists.fedorahosted.org