[ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit

Martin Perina mperina at redhat.com
Wed Sep 24 09:42:48 UTC 2014 


----- Original Message -----
> From: "Grzegorz Szypa" <grzegorz.szypa at gmail.com>
> To: "Martin Perina" <mperina at redhat.com>, users at ovirt.org
> Sent: Wednesday, September 24, 2014 11:19:27 AM
> Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit
> 
> Hi.
> 
> It's a little strange, because I can easily attach clients (VMs) to the
> Microsoft AD domain. Only sometimes there are problems with connectivity,
> but I will solve this in two ways: add the DNS suffix or adds a static
> primary DNS, which indicates domain.
> 
> /etc/resolv.conf
> nameserver 172.30.30.253        # DNS and AD server
> nameserver 172.30.30.1            # Router -  DHCP
> search szypa.net
> 
> By the way, is also one strange thing:
> 
> Every time when I inserted record "nameserver 172.30.30.253" to file
> "resolv.conf" from time to time the file is overwritten / changed (I have
> no idea how) and record "nameserver 172.30.30.253" disappears (just as you
> would in general not been added).

It depends what is your network configuration. If you are using static IP,
then network configuration is defined in /etc/sysconfig/network-scripts/ifcfg-XXX
(XXX is the name of device) using DNSx params. In you case

DNS1=172.30.30.25
DNS2=172.30.30.1

If you are using DHCP, then /etc/resolv.conf is usually altered on IP address
renewal.


> 
> *And in all this is the cause that generates the problem.*
> 
> *So I think that the problem are solved, but i do not know how to resolve a
> problem with hidding configuration in /etc/resolv.conf*
> 
> Regards,
> 
> *Grzegorz Szypa*
> 
> 
> 2014-09-24 8:03 GMT+02:00 Martin Perina <mperina at redhat.com>:
> 
> > Hi,
> >
> > I looked at the logs and you have serious DNS problems:
> >
> > 2014-09-24 07:32:24,984 ERROR
> > [org.ovirt.engine.core.bll.adbroker.GetRootDSE]
> > (DefaultQuartzScheduler_Worker-15) Failed to query rootDSE for LDAP server
> > ldap://szypa.net:389 due to szypa.net:389
> > 2014-09-24 07:32:24,984 ERROR
> > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> > (DefaultQuartzScheduler_Worker-15) Failed ldap search server ldap://
> > szypa.net:389 using user ovirt at SZYPA.NET due to
> > javax.naming.CommunicationException: szypa.net:389 [Root exception is
> > java.net.UnknownHostException: szypa.net]. We should try the next server
> >
> > You cannot authenticate your users, because LDAP server ldap://
> > szypa.net:389
> > cannot be resolved. Are you able to resolve szypa.net on you engine host?
> >
> >
> >
> > ----- Original Message -----
> > > From: "Grzegorz Szypa" <grzegorz.szypa at gmail.com>
> > > To: "Martin Perina" <mperina at redhat.com>, users at ovirt.org
> > > Sent: Wednesday, September 24, 2014 7:32:56 AM
> > > Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for
> > domain... after using engine-manage-domains edit
> > >
> > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._
> > > tcp.szypa.net
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65248
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > >
> > > ;; QUESTION SECTION:
> > > ;_kerberos._tcp.szypa.net.      IN      SRV
> > >
> > > ;; AUTHORITY SECTION:
> > > net.                    890     IN      SOA     a.gtld-servers.net.
> > > nstld.verisign-grs.com. 1411536712 1800 900 604800 86400
> > >
> > > ;; Query time: 28 msec
> > > ;; SERVER: 172.30.30.1#53(172.30.30.1)
> > > ;; WHEN: Wed Sep 24 07:32:23 2014
> > > ;; MSG SIZE  rcvd: 115
> >
> >
> > This looks like that szypa.net domain doesn't exist at all. Do you really
> > have
> > correct DNS configuration on engine host?
> >
> > >
> > >
> > > 2014-09-24 7:06 GMT+02:00 Martin Perina <mperina at redhat.com>:
> > >
> > > > Hi,
> > > >
> > > > the error message mean, that we cannot find any KDC servers
> > > > in DNS. Could you please post results of the following command:
> > > >
> > > >   dig SRV _kerberos._tcp.szypa.net
> > > >
> > > > Regarding the errors after oVirt restart, could you please post
> > > > your engine.log?
> > > >
> > > > Thanks
> > > >
> > > > Martin Perina
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Grzegorz Szypa" <grzegorz.szypa at gmail.com>
> > > > > To: fkobzik at redhat.com, users at ovirt.org
> > > > > Sent: Tuesday, September 23, 2014 3:41:02 PM
> > > > > Subject: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for
> > > > domain... after using engine-manage-domains edit
> > > > >
> > > > > Hi.
> > > > >
> > > > > I have a problem with losting connetction to Windows Active
> > Directory.
> > > > >
> > > > > Normaly I connect ovirt with AD like this:
> > > > >
> > > > > "engine-manage-domains add --domain= szypa.net --provider=ad
> > > > --user=ovirt
> > > > > --add-permissions"
> > > > >
> > > > > After period time, example when i restart ovirt, connection is lost
> > > > becouse i
> > > > > cannot add new user created in AD, so i thinking that i refresh conf.
> > > > > connection to ad:
> > > > >
> > > > > "engine-manage-domains edit --domain= szypa.net --provider=ad
> > > > --user=ovirt
> > > > > --add-permissions"
> > > > >
> > > > > and i get this error:
> > > > >
> > > > > No KDC can be obtained for domain szypa.net
> > > > >
> > > > > have any idea?
> > > > >
> > > > > I read that this problem is resolved in previous ovirt version
> > > > >
> > > > > --
> > > > > G.Sz.
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at ovirt.org
> > > > > http://lists.ovirt.org/mailman/listinfo/users
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > G.Sz.
> > >
> >
> 
> 
> 
> --
> G.Sz.
>

More information about the Users mailing list