[Freeipa-users] ipa-client-install fails

Dmitri Pal dpal at redhat.com
Mon May 20 23:14:34 UTC 2013


On 05/20/2013 05:18 PM, Guy Matz wrote:
> Hi!  I'm trying the following ipa-client-install:
> [root at cpuppettest log]# hostname
> cpuppettest
> [root at cpuppettest log]# hostname -f
> cpuppettest.collmedia.net
> [root at cpuppettest log]# /usr/sbin/ipa-client-install
> --domain=collmedia.net --enable-dns-updates --mkhomedir
> --principal=HOST/cpuppettest.collmedia.net -w=secret

Did you pre create the client first yourself using ipa host-add?
While creating it did you create an OTP for it?
Is it 'secret'?
I think it should also be -w secret without '='

For more details see:
http://docs.fedoraproject.org/en-US/Fedora/17/html-single/FreeIPA_Guide/index.html#kickstart
> --realm=COLLMEDIA.NET --server=ipadevmstr.collmedia.net --unattended
> Discovery was successful!
> Hostname: cpuppettest.collmedia.net
> Realm: COLLMEDIA.NET
> DNS Domain: collmedia.net
> IPA Server: ipadevmstr.collmedia.net
> BaseDN: dc=collmedia,dc=net
>
>
> Synchronizing time with KDC...
>
> kinit: Client 'HOST/cpuppettest.collmedia.net at COLLMEDIA.NET' not found
> in Kerberos database while getting initial credentials
>
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
>
> and krb5kdc.log on the server says:
> [root at ipadevmstr log]# tailf -n 1 krb5kdc.log
> May 20 17:12:50 ipadevmstr.collmedia.net krb5kdc[1364](info): AS_REQ (4
> etypes {18 17 16 23}) 192.168.8.28: CLIENT_NOT_FOUND:
> HOST/cpuppettest.collmedia.net at COLLMEDIA.NET for
> krbtgt/COLLMEDIA.NET at COLLMEDIA.NET, Client not found in Kerberos database
>
> However my IPA server does seem to know about this new client:
> [root at ipadevmstr log]# ipa host-show cpuppettest.collmedia.net
>   Host name: cpuppettest.collmedia.net
>   Password: True
>   Keytab: False
>   Managed by: cpuppettest.collmedia.net
>
> Any thoughts would be greatly appreciated!
> Thanks a lot,
> Guy Matz
>
> P.S. - Does my client need to be 3.x?
> [root at cpuppettest log]# uname -a
> Linux cpuppettest 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC
> 2012 x86_64 x86_64 x86_64 GNU/Linux
> [root at cpuppettest log]# rpm -qa | grep ipa-client
> ipa-client-2.2.0-16.el6.x86_64


It should work OK if it is latest patched 2.2 client.


> and
> [root at ipadevmstr log]# uname -a
> Linux ipadevmstr.collmedia.net 2.6.32-279.22.1.el6.x86_64 #1 SMP Wed Feb
> 6 03:10:46 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> [root at ipadevmstr log]# rpm -qa | grep ipa-server
> ipa-server-3.0.0-26.el6_4.2.x86_64
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-users mailing list