Ipa Client Error/Warning = Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status -6

Latest response

Date: 16 Dec 2013

Try to install ipa-client with command:
ipa-client-install --enable-dns-updates --mkhomedir -p admin -w xxxxyyyy

and got error / warning:
Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status -6)

Detail Output:

Discovery was successful!
Hostname: testserver3.ipa.xxxxxx.com
Realm: ipa.xxxxxx.com
DNS Domain: ipa.xxxxxx.com
IPA Server: svripampr01.ipa.xxxxxx.com
BaseDN: dc=ipa,dc=xxxxxx,dc=co,dc=id


Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...

Enrolled in IPA realm ipa.xxxxxx.com
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm ipa.xxxxxx.com
Warning: Hostname (testserver3.ipa.xxxxxx.com) not found in DNS
Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status -6)
Failed to stop the nscd daemon
SSSD enabled
NTP enabled
Client configuration complete.

Expected Result:
No Error, warning

isnuryusuf-gls's picture
Log in to join the conversation

Responses

james.radtke@siriusxm.com's picture Guru 6863 points
18 December 2013 9:16 PM

Does your SOA for the ipa.xxxxxx.com domain allow dynamic updates? Is your SOA your IdM host, or are you using an existing name server?

Depending on how you set up your environment, you may need to update your /etc/resolv.conf to point to your IdM hosts (instead of existing/legacy name servers you had).

If your DNS configuration is correct on the client and you are pointing at your IdM systems, I would check if SElinux is enabled on that systems (and make sure it allows dynamica updates to zone files) and also check the basic file level permissions. I assumed that the IdM installation would have taken care of such things, so I am not confident that is the issue.

Also, if you could post the output from your client for these commands:

  nslookup -type=SRV _ldap._tcp.example.com
  host -t SRV _ldap._tcp.example.com
  dig SRV _kerberos._udp.example.com

That may help us determine where the issue is.

isnuryusuf-gls's picture Active Contributor 148 points
19 December 2013 9:30 AM

Hi James

Dynamic update is set to True from iDM Web Bassed Management, im using iDM as DNS Server
Selinux is disabled, and on client DNS is pointing to iDM DNS Server

[root@myqhelmpr01 ~]# nslookup -type=SRV _ldap._tcp.ipa.xxxxxx.co.id
Server: 10.1.71.145
Address: 10.1.71.145#53

_ldap._tcp.ipa.xxxxxx.co.id service = 0 100 389 svripastl01.ipa.xxxxxx.co.id.
_ldap._tcp.ipa.xxxxxx.co.id service = 0 100 389 svripampr01.ipa.xxxxxx.co.id.

[root@myqhelmpr01 ~]# host -t SRV _ldap._tcp.ipa.xxxxxx.co.id
_ldap._tcp.ipa.bankbtpn.co.id has SRV record 0 100 389 svripampr01.ipa.xxxxxx.co.id.
_ldap._tcp.ipa.bankbtpn.co.id has SRV record 0 100 389 svripastl01.ipa.xxxxxx.co.id.

[root@myqhelmpr01 ~]# dig SRV _kerberos._udp.ipa.xxxxxx.co.id +short
0 100 88 svripastl01.ipa.xxxxxx.co.id.
0 100 88 svripampr01.ipa.xxxxxx.co.id.
[root@myqhelmpr01 ~]#

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.