[Freeipa-users] ipa-client-install hangs on ipa-getkeytab
freeipa at noboost.org
freeipa at noboost.org
Mon May 28 06:21:20 UTC 2012
Hi All,
This one has me stumped!
For some reason my Centos 5.8 x64 Linux server hangs during
"ipa-client-install"
Server:
* ipa-admintools-2.1.3-9.el6.x86_64
* ipa-client-2.1.3-9.el6.x86_64
* ipa-pki-ca-theme-9.0.3-7.el6.noarch
* ipa-pki-common-theme-9.0.3-7.el6.noarch
* ipa-python-2.1.3-9.el6.x86_64
* ipa-server-2.1.3-9.el6.x86_64
* ipa-server-selinux-2.1.3-9.el6.x86_64
Client:
CentOS release 5.8 (Final) (x86_64)
* ipa-client-2.1.3-2.el5_8
* sssd-client-1.5.1-49.el5_8.1
Questions:
* Is there a better way to diagnose the ipa-getkeytab command? Perhaps I
can run a native kerberos command?
* Any tips welcome, I've tried straces and tcpdump to work this one out,
hmm..
Error:
"ipa-client-install" runs fine and then hangs (without reason):
[below is the chopped version]
-------------------------------------------------------------------
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Password for admin at EXAMPLE.COM:
root : DEBUG args=kinit admin at EXAMPLE.COM
root : DEBUG stdout=Password for admin at EXAMPLE.COM:
root : DEBUG stderr=
-------------------------------------------------------------------
`ps -ef` on the client side, shows that the install is getting stuck on
"ipa-getkeytab" for some reasons.
root 15842 15814 0 15:09 pts/1 00:00:00 /usr/bin/python -E
/usr/sbin/ipa-client-install -d
root 15852 15842 0 15:09 pts/1 00:00:00 /usr/sbin/ipa-join -s
ipa-server.example.com -b dc=example,dc=com -d
root 15853 15852 0 15:09 pts/1 00:00:00 /usr/sbin/ipa-getkeytab
-s ipa-server.example.com -p
host/client.example.com at EXAMPLE.COM -k /etc/krb5.keytab
cya
Craig
More information about the Freeipa-users
mailing list