[Freeipa-users] ipa-client-install hangs on ipa-getkeytab

freeipa at noboost.org freeipa at noboost.org
Mon May 28 06:21:20 UTC 2012


Hi All,

This one has me stumped!
For some reason my Centos 5.8 x64 Linux server hangs during
"ipa-client-install"

Server:
* ipa-admintools-2.1.3-9.el6.x86_64
* ipa-client-2.1.3-9.el6.x86_64
* ipa-pki-ca-theme-9.0.3-7.el6.noarch
* ipa-pki-common-theme-9.0.3-7.el6.noarch
* ipa-python-2.1.3-9.el6.x86_64
* ipa-server-2.1.3-9.el6.x86_64
* ipa-server-selinux-2.1.3-9.el6.x86_64

Client:
CentOS release 5.8 (Final) (x86_64)
* ipa-client-2.1.3-2.el5_8
* sssd-client-1.5.1-49.el5_8.1

Questions:
* Is there a better way to diagnose the ipa-getkeytab command? Perhaps I
  can run a native kerberos command? 
* Any tips welcome, I've tried straces and tcpdump to work this one out,
  hmm..


Error:
"ipa-client-install" runs fine and then hangs (without reason):
[below is the chopped version]

-------------------------------------------------------------------
[libdefaults]
  default_realm = EXAMPLE.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  EXAMPLE.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM


Password for admin at EXAMPLE.COM: 
root        : DEBUG    args=kinit admin at EXAMPLE.COM
root        : DEBUG    stdout=Password for admin at EXAMPLE.COM: 

root        : DEBUG    stderr=
-------------------------------------------------------------------

`ps -ef` on the client side, shows that the install is getting stuck on
"ipa-getkeytab" for some reasons.

root     15842 15814  0 15:09 pts/1    00:00:00 /usr/bin/python -E
/usr/sbin/ipa-client-install -d

root     15852 15842  0 15:09 pts/1    00:00:00 /usr/sbin/ipa-join -s
ipa-server.example.com -b dc=example,dc=com -d

root     15853 15852  0 15:09 pts/1    00:00:00 /usr/sbin/ipa-getkeytab
-s ipa-server.example.com -p
host/client.example.com at EXAMPLE.COM -k /etc/krb5.keytab


cya

Craig




More information about the Freeipa-users mailing list