If you don't have DNS configured then this is not a dnssec issue.
Creating this file is a no-op without bind configured. Which is fine. It
just means it isn't dnssec-related.
rob
Johnnie W Adams via FreeIPA-users wrote:
> I'm on RHEL 9 and have no /etc/named.conf file. I have tried
> creating one, both in /etc and in /etc/named, with the suggested dnssec
> configuration, but that got me no further.
>
> On Fri, Jul 19, 2024 at 2:36 PM Rob Crittenden <rcritten@redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Johnnie W Adams wrote:
> > So I adjusted my command line to point at the entire forest and not a
> > single domain controller, and got both a trust and a much more
> > interesting error:
> >
> > ipa: INFO: Response: {
> >
> > "error": {
> >
> > "code": 906,
> >
> > "data": {
> >
> > "error": "Fetching domains from trusted forest failed. See
> > details in the error_log",
> >
> > "server": "rhidm1.net.example.com
> <http://rhidm1.net.example.com>
> > <http://rhidm1.net.example.com>"
> >
> > },
> >
> > "message": "error on server 'rhidm1.net.example.com
> <http://rhidm1.net.example.com>
> > <http://rhidm1.net.example.com>': Fetching domains from trusted forest
> > failed. See details in the error_log",
> >
> > "name": "ServerCommandError"
> >
> > },
> >
> > "id": 0,
> >
> > "principal": "admin@NET.EXAMPLE.COM
> <mailto:admin@NET.EXAMPLE.COM> <mailto:admin@NET.EXAMPLE.COM
> <mailto:admin@NET.EXAMPLE.COM>>",
> >
> > "result": null,
> >
> > "version": "4.11.0"
> >
> > }
> >
> > ipa: ERROR: error on server 'rhidm1.net.example.com
> <http://rhidm1.net.example.com>
> > <http://rhidm1.net.example.com>': Fetching domains from trusted forest
> > failed. See details in the error_log
> >
> >
> > From the error_log:
> >
> >
> > [Fri Jul 19 12:31:51.363222 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: Helper fetch_domains was
> called
> > for forest ad.test.example.com <http://ad.test.example.com>
> <http://ad.test.example.com>, return code
> > is 1
> >
> > [Fri Jul 19 12:31:51.363750 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: Standard output from the
> helper:
> >
> >
> > <snip>
> >
> >
> > [Fri Jul 19 12:31:51.364596 2024] [wsgi:error] [pid 522388:tid 522652]
> > [remote <ip address>:39124] ipa: ERROR: environment: environ({'LANG':
> > 'en_US.UTF-8', 'PATH':
> > '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin', 'PIDFILE':
> > '/run/oddjobd.pid', 'INVOCATION_ID':
> '002ac795667b4ab983ffa100b2f47dd8',
> > 'JOURNAL_STREAM': '8:36642766', 'SYSTEMD_EXEC_PID': '487987',
> 'LC_ALL':
> > 'C.UTF-8', 'ODDJOB_SERVICE_NAME': 'com.redhat.idm.trust',
> > 'ODDJOB_OBJECT_PATH': '/', 'ODDJOB_INTERFACE_NAME':
> > 'com.redhat.idm.trust', 'ODDJOB_METHOD_NAME': 'fetch_domains',
> > 'ODDJOB_CALLING_USER': 'ipaapi', 'KRB5_CONFIG': '/etc/krb5.conf',
> > 'KRB5CCNAME': '/run/ipa/krb5cc_oddjob_trusts_fetch'})
> >
> >
> > What am I looking at? What am I missing?
> >
>
> Is DNSSEC enabled? See https://access.redhat.com/solutions/2263991
>
> rob
>
>
>
> --
> John Adams
> Senior Linux/Middleware Administrator | Information Technology Services
> +1-501-916-3010 | jxadams@ualr.edu <mailto:jxadams@ualr.edu> |
> http://ualr.edu/itservices
> *UA Little Rock*
> *
> *
>
> Reminder: IT Services will never ask for your password over the phone
> or in an email. Always be suspicious of requests for personal
> information that come via email, even from known contacts. For more
> information or to report suspicious email, visit IT Security
> <http://ualr.edu/itservices/security/>.**
>
>
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue