[Freeipa-users] EXTERNAL: Re: Client Installation Error
Rob Crittenden
rcritten at redhat.com
Wed Apr 3 13:13:54 UTC 2013
Joseph, Matthew (EXP) wrote:
> Hey Rob,
>
> I updated my client's ipa, libcurl, and xmlrpc to what the server is using that I listed below.
> I am now getting the following error;
>
> Joining realm failed: HTTP response code is 401, not 200
>
> On the server I looked at the krb5kdc.log to see if there was any errors and I'm getting the following error;
>
> IPA_Server.domain.ca krb5kdc[2029](info): TGS_REQ (4 etypes {18 17 16 23}) IP_ADDRESS_OF_CLIENT: UNKNOWN_SERVER: authtime 0, admin at DOMAIN.CA for HTTP/IPA_Server at DOMAIN.CA, Server not found in Kerberos Database.
>
> I've checked on the server side and the client I'm trying to add is in DNS and the host table. He can ping him fine so there is no issue with communication.
>
> Any ideas? Any other logs/information I can provide you?
It may be your obfuscation, but is it a FQDN in the HTTP service
principal? It should be.
If you're using /etc/hosts be sure that the FQDN version is first (so
"foo.example.com foo" rather than "foo foo.example.com").
rob
More information about the Freeipa-users
mailing list