[Freeipa-users] ipa-client-install error
Rob Crittenden
rcritten at redhat.com
Fri Nov 4 19:20:29 UTC 2011
Jimmy wrote:
> I'm running the ipa-client-install on a CentOS 6 client and get this error:
>
> [root at kudzu ~]# ipa-client-install
> Discovery was successful!
> Realm: PDH.CSP
> DNS Domain: pdh.csp
> IPA Server: csp-idm.pdh.csp
> BaseDN: dc=pdh,dc=csp
>
> Continue to configure the system with these values? [no]: yes
> Principal: admin
> Password for admin at PDH.CSP:
> Joining realm failed: Operation failed! unsupported extended operation
> child exited with 9
> Certificate subject base is: O=PDH.CSP
>
> The only logs I see on the server are here:
>
> Nov 04 18:52:55 csp-idm.pdh.csp krb5kdc[5354](info): AS_REQ (4 etypes
> {18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: NEEDED_PREAUTH:
> admin at PDH.CSP for krbtgt/PDH.CSP at PDH.CSP, Additional pre-authentication
> required
> Nov 04 18:53:20 csp-idm.pdh.csp krb5kdc[5354](info): AS_REQ (4 etypes
> {18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
> 1320432800, etypes {rep=18 tkt=18 ses=18}, admin at PDH.CSP for
> krbtgt/PDH.CSP at PDH.CSP
> Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
> {18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
> 1320432800, etypes {rep=18 tkt=18 ses=18}, admin at PDH.CSP for
> HTTP/csp-idm.pdh.csp at PDH.CSP
> Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (1 etypes
> {18}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
> 1320432800, etypes {rep=18 tkt=18 ses=18}, admin at PDH.CSP for
> krbtgt/PDH.CSP at PDH.CSP
> Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
> {18 17 16 23}) 192.168.201.102 <http://192.168.201.102>: ISSUE: authtime
> 1320432800, etypes {rep=18 tkt=18 ses=18}, admin at PDH.CSP for
> ldap/csp-idm.pdh.csp at PDH.CSP
> Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
> {18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
> 1320432800, etypes {rep=18 tkt=18 ses=18}, admin at PDH.CSP for
> ldap/csp-idm.pdh.csp at PDH.CSP
>
You need a newer ipa-client package. The extended operation we used for
enrollment changed. This was fixed in ipa-client-2.0-9.1 in RHEL 6.0.
rob
More information about the Freeipa-users
mailing list