IdM client is not able to join IdM domain: Realm <REALM> does not match any realm in LDAP database
Issue
IdM client is not able to join IdM domain: Realm "<REALM>" does not match any realm in LDAP database.
-
IdM client is attempting to join IdM domain.
-
Error message
Realm "<REALM>" does not match any realm in LDAP databaseis recorded in/var/log/ipaclient-install.log. -
Below log messages are recorded in
/var/log/ipaclient-install.log:DEBUG [IPA Discovery] DEBUG Starting IPA discovery with domain=idm.example.com, servers=['server.idm.example.com'], hostname=client.idm.example.com DEBUG Server and domain forced DEBUG [Kerberos realm search] DEBUG Search DNS for TXT record of _kerberos.idm.example.com DEBUG DNS record found: "\"IDM.EXAMPLE.COM\"" DEBUG [LDAP server check] DEBUG Verifying that server.idm.example.com (realm "IDM.EXAMPLE.COM") is an IPA server DEBUG Init LDAP connection to: ldap://server.idm.example.com:389 DEBUG Search LDAP server for IPA base DN DEBUG Check if naming context 'dc=idm,dc=example,dc=com' is for IPA DEBUG Naming context 'dc=idm,dc=example,dc=com' is a valid IPA context DEBUG Search for (objectClass=krbRealmContainer) in dc=idm,dc=example,dc=com (sub) DEBUG Found: cn=IDM.EXAMPLE.COM,cn=kerberos,dc=idm,dc=example,dc=com DEBUG Realm "IDM.EXAMPLE.COM" does not match any realm in LDAP database WARNING Skip server.idm.example.com: cannot verify if this is an IPA server DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=idm.example.com, kdc=server.idm.example.com, basedn=dc=idm,dc=example,dc=com DEBUG Validated servers: ERROR Failed to verify that server.idm.example.com is an IPA Server. ERROR This may mean that the remote server is not up or is not reachable due to network or firewall settings. INFO Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) DEBUG (server.idm.example.com: Provided interactively) -
No connectivity issue, as confirmed by
ldapsearch:# ldapsearch -x -h server.idm.example.com -
IdM client on RHEL 7.8 (or later) is able to join to the same IdM domain without any issue.
-
IdM integrated DNS server is not installed. DNS records were added manually to an external DNS server.
Environment
- Red Hat Enterprise Linux 7.7 or earlier
- Red Hat Identity Management (IdM) / FreeIPA
- ipa-server
- ipa-client
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
