ipa-client-install fails when the client is in a DNS domain that is not a subdomain of the IDM domain
Issue
When the IDM client's DOMAIN is a subdomain of the main IDM domain, ipa-client-install is able to perform IPA Discovery based on the TXT record of _kerberos.DOMAIN.
However, when the IDM client's DOMAIN is not a subdomain of the IDM domain, ipa-client-install fails:
# ipa-client-install
This program will set up FreeIPA client.
Version 4.7.2
Unable to discover domain, not provided on command line
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
and /var/log/ipaclient-install.log contains:
2019-04-23T14:02:49Z DEBUG [IPA Discovery]
2019-04-23T14:02:49Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=client.example.test
2019-04-23T14:02:49Z DEBUG Start searching for LDAP SRV record in "example.test" (domain of the hostname) and its sub-domains
2019-04-23T14:02:49Z DEBUG Search DNS for SRV record of _ldap._tcp.example.test
2019-04-23T14:02:49Z DEBUG DNS record not found: NXDOMAIN
2019-04-23T14:02:49Z DEBUG Search DNS for SRV record of _ldap._tcp.test
2019-04-23T14:02:49Z DEBUG DNS record not found: NXDOMAIN
2019-04-23T14:02:49Z DEBUG Start searching for LDAP SRV record in "example.test" (search domain from /etc/resolv.conf) and its sub-domains
2019-04-23T14:02:49Z DEBUG Already searched example.test; skipping
2019-04-23T14:02:49Z DEBUG No LDAP server found
2019-04-23T14:02:49Z DEBUG No LDAP server found
Environment
Red Hat Enterprise Linux
- 7
- 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
