<div dir="ltr">Hello,<div><br></div><div>I am new to this community and have a FreeIPA server install that is trusted to AD using AD dns.</div><div><br></div><div>I am having problems getting my clients to work properly. Everything seems to install properly the first time i try it but i get the following logs after that:</div><div><br></div><div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158225]: Authentication Failed</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2048</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'not working'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as 'not working'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_handle_release] (0x2000): Trace: sh[0x7efdeeccb150], connected[1], ops[(nil)], ldap[0x7efdeecf6730], destructor_lock[0], release_memory[0]</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_done] (0x4000): attempting failover retry on op #1</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_step] (0x4000): beginning to connect</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status] (0x1000): Port status of port 389 for server 'homeipa01.brad.local' is 'not working'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status] (0x1000): Port status of port 0 for server 'homeipa01.brad.local' is 'not working'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_done] (0x4000): attempting failover retry on op #2</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_step] (0x4000): waiting for connection to complete</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error])</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline] (0x2000): Going offline!</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline] (0x2000): Enable check_if_online_ptask.</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 73 seconds from now [1490682941]</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_done] (0x4000): notify offline to op #1</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [ipa_subdomains_refresh_connect_done] (0x0020): Unable to connect to LDAP [11]: Resource temporarily unavailable</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [ipa_subdomains_refresh_connect_done] (0x0080): No IPA server is available, cannot get the subdomain list while offline</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done] (0x0040): Task [Subdomains Refresh]: failed with [1432158212]: SSSD is offline</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule] (0x0400): Task [Subdomains Refresh]: scheduling task 14400 seconds from now [1490697268]</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_op_connect_done] (0x4000): notify offline to op #2</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [ipa_sudo_refresh_connect_done] (0x0020): SUDO LDAP connection failed [11]: Resource temporarily unavailable</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done] (0x0040): Task [SUDO Full Refresh]: failed with [11]: Resource temporarily unavailable</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from now [1490704468]</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb] (0x0400): Back end is offline</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb] (0x0400): Back end is offline</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable] (0x0400): Task [SUDO Smart Refresh]: disabling task</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb] (0x0400): Back end is offline</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable] (0x0400): Task [SUDO Full Refresh]: disabling task</div><div>(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.IPA.BRAD.LOCAL], [2][No such file or directory]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute] (0x0400): Back end is offline</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute] (0x0400): Task [Check if online (periodic)]: executing task, timeout 60 seconds</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_run_unconditional_online_cb] (0x4000): List of unconditional online callbacks is empty, nothing to do.</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [check_if_online] (0x2000): Trying to go back online!</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_reset_services] (0x1000): Resetting all servers in all services</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'IPA' as 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local' as 'name not resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'homeipa01.brad.local' as 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'homeipa01.brad.local' as 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local' as 'name not resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req] (0x0400): DP Request [Online Check #8]: New request. Flags [0000].</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req] (0x0400): Number of active DP request: 1</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_port_status] (0x1000): Port status of port 389 for server 'homeipa01.brad.local' is 'neutral'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [collapse_srv_lookup] (0x0100): Need to refresh SRV lookup for domain ipa.brad.local</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'ipa.brad.local'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.ipa.brad.local'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done] (0x0400): Task [Check if online (periodic)]: finished successfully</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 67 seconds from last execution time [1490683008]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_done] (0x1000): Using TTL [3600]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [request_watch_destructor] (0x0400): Deleting request watch</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_discover_srv_done] (0x0400): Got 1 servers</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'homeipa01.brad.local:389' to service 'IPA'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'IPA' as 'resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_is_address] (0x4000): [homeipa01.brad.local] does not look like an IP address</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_step] (0x2000): Querying files</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'homeipa01.brad.local' in files</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local' as 'resolving name'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_step] (0x2000): Querying files</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'homeipa01.brad.local' in files</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_step] (0x2000): Querying DNS</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'homeipa01.brad.local' in DNS</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [request_watch_destructor] (0x0400): Deleting request watch</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local' as 'name resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_resolve_server_process] (0x1000): Saving the first resolved server</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_resolve_server_process] (0x0200): Found address for server homeipa01.brad.local: [11.10.10.17] TTL 3600</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://homeipa01.brad.local'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sssd_async_socket_init_send] (0x4000): Using file descriptor [21] for the connection.</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://homeipa01.brad.local:389/??base] with fd [21].</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_print_server] (0x2000): Searching <a href="http://11.10.10.17:389">11.10.10.17:389</a></div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_add] (0x2000): New operation 1 timeout 6</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result] (0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0], ldap[0x7efdeecae060]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_entry] (0x1000): OriginalDN: [].</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorName]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorVersion]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [dataversion]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [netscapemdsuffix]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [changeLog]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [firstchangenumber]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [lastchangenumber]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipatopologypluginversion]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipatopologyismanaged]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaDomainLevel]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedExtension]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedFeatures]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range] (0x2000): No sub-attributes for [lastUSN]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result] (0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0], ldap[0x7efdeecae060]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_destructor] (0x2000): Operation 1 finished</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_rootdse_done] (0x2000): Got rootdse</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 26095 (int: 26095)</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, host/bradltest01.brad.local, IPA.BRAD.LOCAL, 86400)</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status] (0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_resolve_server_process] (0x1000): Saving the first resolved server</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_resolve_server_process] (0x0200): Found address for server homeipa01.brad.local: [11.10.10.17] TTL 3600</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 65</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [11463]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup] (0x2000): Signal handler set up for pid [11463]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result] (0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[(nil)], ldap[0x7efdeecae060]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [write_pipe_handler] (0x0400): All data has been sent!</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler] (0x1000): Waiting for child [11463].</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler] (0x0100): child [11463] finished successfully.</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [read_pipe_handler] (0x0400): EOF received, client finished</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_IPA.BRAD.LOCAL], expired on [1490769341]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1490683841</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/bradltest01.brad.local</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]</div><div>(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server krbtgt/BRAD.LOCAL@IPA.BRAD.LOCAL not found in Kerberos database)]</div></div><div><br></div><div>If i uninstall and try to install again i get the following error:</div><div><br></div><div>







<p class="gmail-p1"><span class="gmail-s1">/usr/sbin/ipa-client-install was invoked with options: {'domain': 'ipa.brad.local', 'force': False, 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': False, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': None, 'request_cert': False, 'trust_sshfp': True, 'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'firefox_dir': None, 'server': None, 'prompt_password': False, 'permit': True, 'debug': True, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall': False}</span></p>
<p class="gmail-p1"><span class="gmail-s1">missing options might be asked for interactively later</span></p>
<p class="gmail-p1"><span class="gmail-s1">IPA version 4.4.0-14.el7.centos.6</span></p>
<p class="gmail-p1"><span class="gmail-s1">[IPA Discovery]</span></p>
<p class="gmail-p1"><span class="gmail-s1">Starting IPA discovery with domain=ipa.brad.local, servers=None, hostname=bradltest01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search for LDAP SRV record in ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search DNS for SRV record of _ldap._tcp.ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS record found: 0 100 389 homeipa01.brad.local.</span></p>
<p class="gmail-p1"><span class="gmail-s1">[Kerberos realm search]</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search DNS for TXT record of _kerberos.ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS record not found: NXDOMAIN</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search DNS for SRV record of _kerberos._udp.ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS record found: 0 100 88 homeipa01.brad.local.</span></p>
<p class="gmail-p1"><span class="gmail-s1">[LDAP server check]</span></p>
<p class="gmail-p1"><span class="gmail-s1">Verifying that homeipa01.brad.local (realm None) is an IPA server</span></p>
<p class="gmail-p1"><span class="gmail-s1">Init LDAP connection to: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search LDAP server for IPA base DN</span></p>
<p class="gmail-p1"><span class="gmail-s1">Check if naming context 'dc=ipa,dc=brad,dc=local' is for IPA</span></p>
<p class="gmail-p1"><span class="gmail-s1">Naming context 'dc=ipa,dc=brad,dc=local' is a valid IPA context</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search for (objectClass=krbRealmContainer) in dc=ipa,dc=brad,dc=local (sub)</span></p>
<p class="gmail-p1"><span class="gmail-s1">Found: cn=IPA.BRAD.LOCAL,cn=kerberos,dc=ipa,dc=brad,dc=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Discovery result: Success; server=homeipa01.brad.local, domain=ipa.brad.local, kdc=homeipa01.brad.local, basedn=dc=ipa,dc=brad,dc=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Validated servers: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">will use discovered domain: ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Start searching for LDAP SRV record in "ipa.brad.local" (Validating DNS Discovery) and its sub-domains</span></p>
<p class="gmail-p1"><span class="gmail-s1">Search DNS for SRV record of _ldap._tcp.ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS record found: 0 100 389 homeipa01.brad.local.</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS validated, enabling discovery</span></p>
<p class="gmail-p1"><span class="gmail-s1">will use discovered server: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Discovery was successful!</span></p>
<p class="gmail-p1"><span class="gmail-s1">will use discovered realm: IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">will use discovered basedn: dc=ipa,dc=brad,dc=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Client hostname: bradltest01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Hostname source: Machine's FQDN</span></p>
<p class="gmail-p1"><span class="gmail-s1">Realm: IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">Realm source: Discovered from LDAP DNS records in homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS Domain: ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">DNS Domain source: Discovered LDAP SRV records from ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">IPA Server: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">IPA Server source: Discovered from LDAP DNS records in homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">BaseDN: dc=ipa,dc=brad,dc=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">BaseDN source: From IPA server ldap://homeipa01.brad.local:389</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Continue to configure the system with these values? [no]: yes</span></p>
<p class="gmail-p1"><span class="gmail-s1">Starting external process</span></p>
<p class="gmail-p1"><span class="gmail-s1">args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">Process finished, return code=5</span></p>
<p class="gmail-p1"><span class="gmail-s1">stdout=</span></p>
<p class="gmail-p1"><span class="gmail-s1">stderr=realm not found</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Skipping synchronizing time with NTP server.</span></p>
<p class="gmail-p1"><span class="gmail-s1">Starting external process</span></p>
<p class="gmail-p1"><span class="gmail-s1">args=keyctl get_persistent @s 0</span></p>
<p class="gmail-p1"><span class="gmail-s1">Process finished, return code=0</span></p>
<p class="gmail-p1"><span class="gmail-s1">stdout=104729494</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">stderr=</span></p>
<p class="gmail-p1"><span class="gmail-s1">Enabling persistent keyring CCACHE</span></p>
<p class="gmail-p1"><span class="gmail-s1">Writing Kerberos configuration to /tmp/tmpsd7Fyb:</span></p>
<p class="gmail-p1"><span class="gmail-s1">#File modified by ipa-client-install</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">includedir /etc/krb5.conf.d/</span></p>
<p class="gmail-p1"><span class="gmail-s1">includedir /var/lib/sss/pubconf/krb5.include.d/</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">[libdefaults]</span></p>
<p class="gmail-p1"><span class="gmail-s1">  default_realm = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">  dns_lookup_realm = false</span></p>
<p class="gmail-p1"><span class="gmail-s1">  dns_lookup_kdc = false</span></p>
<p class="gmail-p1"><span class="gmail-s1">  rdns = false</span></p>
<p class="gmail-p1"><span class="gmail-s1">  ticket_lifetime = 24h</span></p>
<p class="gmail-p1"><span class="gmail-s1">  forwardable = true</span></p>
<p class="gmail-p1"><span class="gmail-s1">  udp_preference_limit = 0</span></p>
<p class="gmail-p1"><span class="gmail-s1">  default_ccache_name = KEYRING:persistent:%{uid}</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">[realms]</span></p>
<p class="gmail-p1"><span class="gmail-s1">  IPA.BRAD.LOCAL = {</span></p>
<p class="gmail-p1"><span class="gmail-s1">    kdc = homeipa01.brad.local:88</span></p>
<p class="gmail-p1"><span class="gmail-s1">    master_kdc = homeipa01.brad.local:88</span></p>
<p class="gmail-p1"><span class="gmail-s1">    admin_server = homeipa01.brad.local:749</span></p>
<p class="gmail-p1"><span class="gmail-s1">    kpasswd_server = homeipa01.brad.local:464</span></p>
<p class="gmail-p1"><span class="gmail-s1">    default_domain = ipa.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">    pkinit_anchors = FILE:/etc/ipa/ca.crt</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">  }</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">[domain_realm]</span></p>
<p class="gmail-p1"><span class="gmail-s1">  .ipa.brad.local = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">  ipa.brad.local = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">  bradltest01.brad.local = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">  .brad.local = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">  brad.local = IPA.BRAD.LOCAL</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Initializing principal admin@IPA.BRAD.LOCAL using password</span></p>
<p class="gmail-p1"><span class="gmail-s1">Starting external process</span></p>
<p class="gmail-p1"><span class="gmail-s1">args=/usr/bin/kinit admin@IPA.BRAD.LOCAL -c /tmp/krbccfpGaQu/ccache</span></p>
<p class="gmail-p1"><span class="gmail-s1">Process finished, return code=0</span></p>
<p class="gmail-p1"><span class="gmail-s1">stdout=Password for admin@IPA.BRAD.LOCAL: </span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">stderr=</span></p>
<p class="gmail-p1"><span class="gmail-s1">trying to retrieve CA cert via LDAP from homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">get_ca_certs_from_ldap() error: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server krbtgt/BRAD.LOCAL@IPA.BRAD.LOCAL not found in Kerberos database)</span></p>
<p class="gmail-p1"><span class="gmail-s1">Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server krbtgt/BRAD.LOCAL@IPA.BRAD.LOCAL not found in Kerberos database)</span></p>
<p class="gmail-p1"><span class="gmail-s1">Unable to download CA cert from LDAP.</span></p>
<p class="gmail-p1"><span class="gmail-s1">Do you want to download the CA cert from <a href="http://homeipa01.brad.local/ipa/config/ca.crt">http://homeipa01.brad.local/ipa/config/ca.crt</a>?</span></p>
<p class="gmail-p1"><span class="gmail-s1">(this is INSECURE) [no]: yes</span></p>
<p class="gmail-p1"><span class="gmail-s1">Downloading the CA certificate via HTTP, this is INSECURE</span></p>
<p class="gmail-p1"><span class="gmail-s1">trying to retrieve CA cert via HTTP from <a href="http://homeipa01.brad.local/ipa/config/ca.crt">http://homeipa01.brad.local/ipa/config/ca.crt</a></span></p>
<p class="gmail-p1"><span class="gmail-s1">Starting external process</span></p>
<p class="gmail-p1"><span class="gmail-s1">args=/usr/bin/curl -o - <a href="http://homeipa01.brad.local/ipa/config/ca.crt">http://homeipa01.brad.local/ipa/config/ca.crt</a></span></p>
<p class="gmail-p1"><span class="gmail-s1">Process finished, return code=0</span></p>
<p class="gmail-p1"><span class="gmail-s1">stdout=-----BEGIN CERTIFICATE-----</span></p>
<p class="gmail-p1"><span class="gmail-s1">MIIFazCCA1OgAwIBAgIQYau2KCRYq5hGa+sV/gII8zANBgkqhkiG9w0BAQUFADBI</span></p>
<p class="gmail-p1"><span class="gmail-s1">MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFkMRkw</span></p>
<p class="gmail-p1"><span class="gmail-s1">FwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDEyMTAwMTAzOVoXDTIyMDEy</span></p>
<p class="gmail-p1"><span class="gmail-s1">MTAwMjAzOFowSDEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRQwEgYKCZImiZPyLGQB</span></p>
<p class="gmail-p1"><span class="gmail-s1">GRYEYnJhZDEZMBcGA1UEAxMQYnJhZC1IT01FQ0EwMS1DQTCCAiIwDQYJKoZIhvcN</span></p>
<p class="gmail-p1"><span class="gmail-s1">AQEBBQADggIPADCCAgoCggIBAJ8vxTTGRThnp8sYvOPNMs6t/PtfP/Bd5W0JYT/4</span></p>
<p class="gmail-p1"><span class="gmail-s1">zpFE1pL6zHQ7BlyVyxVKg91YaYy/HgLoFQ6FfIaI15SWre5GSGmlZwR3NgRu0PCx</span></p>
<p class="gmail-p1"><span class="gmail-s1">EoCOBisSMCiIrSTAPJV745d7hArlPi9faeKpqaBSmsu3OE5uDdSqy2FiNCfUNmv+</span></p>
<p class="gmail-p1"><span class="gmail-s1">oEJHqIk16eg+MvMCMHeOk/7fWrCC3hG+Maalo9u62cyo/xJ+EQa1YSfllPxgGE3r</span></p>
<p class="gmail-p1"><span class="gmail-s1">AV/+jKo3vq2LV6sEEYtoNOnTeGxwixhaC6p2Qxq2DD4IYmRPerz8FQiJiWDEuIyL</span></p>
<p class="gmail-p1"><span class="gmail-s1">L8jRiF2tKW2CF2OLreVxBSQ56NT5NyPDz2qsnV6Kz9PPaG+NFznG7FFNNaZ9nSaX</span></p>
<p class="gmail-p1"><span class="gmail-s1">YqiyHhhIuTdE8LIr7fBbLhW2aYT4Mrj4xRiuzpaAxCn9zoDIgk95XsSpjP/upG2n</span></p>
<p class="gmail-p1"><span class="gmail-s1">B2RzwmY/vAigE7XsR3Qr4HNuUQUfqJj+M+lp+OmLiQhXKDEqnM8YAPnJv/TTUlKL</span></p>
<p class="gmail-p1"><span class="gmail-s1">Q8dABrL/nAsm7hbIz1CBHQGIU9ScGDgi1xmxGV5VfOd70OqJN1U2TbwL+oHh8kSw</span></p>
<p class="gmail-p1"><span class="gmail-s1">6hBkYniUqHFfedBWTYwjMDUlh2fXco9VDJFV9I8CDUSXi+l6MYuwYYN8xZjEAFj1</span></p>
<p class="gmail-p1"><span class="gmail-s1">bCib7vLrCj6W2rDjzuRF+AJF3nWF/WekyoPk+Y9NI27EgcR587GlFvSA0Iiy38Hk</span></p>
<p class="gmail-p1"><span class="gmail-s1">sROtAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud</span></p>
<p class="gmail-p1"><span class="gmail-s1">DgQWBBQQ1Sn0uCerKAA+WfPUL0Y6fJ6OxDAQBgkrBgEEAYI3FQEEAwIBADANBgkq</span></p>
<p class="gmail-p1"><span class="gmail-s1">hkiG9w0BAQUFAAOCAgEActCFolsyfeyp0AzspbmIiqb7q3/wId/arbX+TsKeR+Pd</span></p>
<p class="gmail-p1"><span class="gmail-s1">8nrUuSTaCASnbjRi069uZ/+CYeZDWuUqnUeOcmsX5iRsdwHztf5F5ON5Qlhsat2y</span></p>
<p class="gmail-p1"><span class="gmail-s1">RQyclB8yC52Yv+opCxU5kWgL/j8S0uDfm/XIhIAMwtBim22Wvt/2b82ceWGNdmd5</span></p>
<p class="gmail-p1"><span class="gmail-s1">/PReO7tNO7pDVyAd5Ltren8hIOxfAGNztU/oKz3ph36qKyNYL3lA3UYVMMFKLn4o</span></p>
<p class="gmail-p1"><span class="gmail-s1">HzJjObISHBJfS+n+T0yntSMevt/yjbg5a/0t8I63IvsZlMqFJJakZ+Vxr4amtHHS</span></p>
<p class="gmail-p1"><span class="gmail-s1">CsS5eGIAvTzTsU5uQ9H59WFbKlUsH39uSESKIvtE5RnPZmfyIxuD+Ol+l9qcikEL</span></p>
<p class="gmail-p1"><span class="gmail-s1">E3hp3LoPNx/t75oR+NkMwfBt4pYB0goeYiEt7T0OJKPSlrq3fY2iJW4X0zcaRrFX</span></p>
<p class="gmail-p1"><span class="gmail-s1">1Dm5pZv3KOUcn7vIjATMui6KfNWgmnIUNX2t0mIfwJ84NQhNRvuePgNn1449mUpo</span></p>
<p class="gmail-p1"><span class="gmail-s1">DCNgWbhofQD2uLWX0HPQJmrBf0xOlLAMpubVVgVCVp+2qUVWDBq+HkjsqZRphnHk</span></p>
<p class="gmail-p1"><span class="gmail-s1">xXE2k8Ze/SUtHzP1DafThtP28991GY70aboIbls7MrZvOGaT5IlCKk65BTqT66/W</span></p>
<p class="gmail-p1"><span class="gmail-s1">DYznMTU0p1BAPritw7yBQVQXWh1EBAbT0Zz+fGIzBcxoeGV44tXpWpLZwcwhJo8=</span></p>
<p class="gmail-p1"><span class="gmail-s1">-----END CERTIFICATE-----</span></p>
<p class="gmail-p1"><span class="gmail-s1">-----BEGIN CERTIFICATE-----</span></p>
<p class="gmail-p1"><span class="gmail-s1">MIIGvjCCBKagAwIBAgITHQAAAAnwrIVvC23kXwAAAAAACTANBgkqhkiG9w0BAQUF</span></p>
<p class="gmail-p1"><span class="gmail-s1">ADBIMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFk</span></p>
<p class="gmail-p1"><span class="gmail-s1">MRkwFwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDMyNTIwNDUzN1oXDTE5</span></p>
<p class="gmail-p1"><span class="gmail-s1">MDMyNTIwNTUzN1owOTEXMBUGA1UEChMOSVBBLkJSQUQuTE9DQUwxHjAcBgNVBAMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">FUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC</span></p>
<p class="gmail-p1"><span class="gmail-s1">AQoCggEBAKAZxtb8lGt3TPxT2hMY1u+tWb8nMDdewoVcpKh3ejvEN16cnpyb8BM+</span></p>
<p class="gmail-p1"><span class="gmail-s1">nr+pjmtANHZ70X9rhyJI7K4lnYgeurE4+ORt1HBRsBqbYMu3NYRCU6R9mlKtJMbg</span></p>
<p class="gmail-p1"><span class="gmail-s1">S6wja3Vp3HmlWhv8eU9g+AH+CALQ5hlJJJTIifUcX79B3ZJdlUSdnWnRkVi48h5P</span></p>
<p class="gmail-p1"><span class="gmail-s1">Min9Ek3IAy8JBfPSzzZQkfPBd0iBqvg887Di1wS8QkOaIP1lz0GkxDEbLBbVyXKE</span></p>
<p class="gmail-p1"><span class="gmail-s1">PndEIhiSDjMitv3cSuLzdortajSUPGkchsX01DCQQWkj5LLY/uSrq35p/HF55mbA</span></p>
<p class="gmail-p1"><span class="gmail-s1">6o/I4fTNWNe0aXTS0GGdCO8tLljbGfUCAwEAAaOCAq4wggKqMBkGCSsGAQQBgjcU</span></p>
<p class="gmail-p1"><span class="gmail-s1">AgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG</span></p>
<p class="gmail-p1"><span class="gmail-s1">MB0GA1UdDgQWBBRAxpShbiY7S1phNzVlNnpYo/4DGDAfBgNVHSMEGDAWgBQQ1Sn0</span></p>
<p class="gmail-p1"><span class="gmail-s1">uCerKAA+WfPUL0Y6fJ6OxDCCAQkGA1UdHwSCAQAwgf0wgfqggfeggfSGgbdsZGFw</span></p>
<p class="gmail-p1"><span class="gmail-s1">Oi8vL0NOPWJyYWQtSE9NRUNBMDEtQ0EsQ049aG9tZWNhMDEsQ049Q0RQLENOPVB1</span></p>
<p class="gmail-p1"><span class="gmail-s1">YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRp</span></p>
<p class="gmail-p1"><span class="gmail-s1">b24sREM9YnJhZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh</span></p>
<p class="gmail-p1"><span class="gmail-s1">c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGOGh0dHA6Ly9ob21l</span></p>
<p class="gmail-p1"><span class="gmail-s1">Y2EwMS5icmFkLmxvY2FsL0NlcnREYXRhL2JyYWQtSE9NRUNBMDEtQ0EuY3JsMIIB</span></p>
<p class="gmail-p1"><span class="gmail-s1">HQYIKwYBBQUHAQEEggEPMIIBCzCBrgYIKwYBBQUHMAKGgaFsZGFwOi8vL0NOPWJy</span></p>
<p class="gmail-p1"><span class="gmail-s1">YWQtSE9NRUNBMDEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2Vz</span></p>
<p class="gmail-p1"><span class="gmail-s1">LENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YnJhZCxEQz1sb2NhbD9j</span></p>
<p class="gmail-p1"><span class="gmail-s1">QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv</span></p>
<p class="gmail-p1"><span class="gmail-s1">cml0eTBYBggrBgEFBQcwAoZMaHR0cDovL2hvbWVjYTAxLmJyYWQubG9jYWwvQ2Vy</span></p>
<p class="gmail-p1"><span class="gmail-s1">dERhdGEvaG9tZWNhMDEuYnJhZC5sb2NhbF9icmFkLUhPTUVDQTAxLUNBLmNydDAN</span></p>
<p class="gmail-p1"><span class="gmail-s1">BgkqhkiG9w0BAQUFAAOCAgEANfSlBa5FmsEt6bx4lbPP6EJ2OvKLq8K5SVvrLosa</span></p>
<p class="gmail-p1"><span class="gmail-s1">JpiFx6qdN33JeSyKsyRKyfbK6Pigolj9cCZuBpyGdyD64cd7HSPwjH1FFRNbYDCc</span></p>
<p class="gmail-p1"><span class="gmail-s1">CvCgpAgRHYejPmuVemp1bRb05ZS8EFsJz18UWRyO4U9GJIXArGJ7ZWumzsfndtm1</span></p>
<p class="gmail-p1"><span class="gmail-s1">qAolNCMusweMytboWt/gjO5FFUn4B7Z8Q+EEi9SxOBGoyHNzZS7ZsBxpq4zvG+oh</span></p>
<p class="gmail-p1"><span class="gmail-s1">bBq3QH00lOnfPGlY9M8mYCBkDBsw/6Pp+3ffOOqlCM4ncdBmrsZyiJYprb+zsEKM</span></p>
<p class="gmail-p1"><span class="gmail-s1">1K8H2+l7DNl/f818LG0AUYXM++lKjn5HOq9dvHGCRwngGtn16W6ujxYaiALB5Gxl</span></p>
<p class="gmail-p1"><span class="gmail-s1">sQMs5JggGV48cAEjDpxtK5+WZUe1Kpas32sgKr3vCfSTham9/KbOxXiBq2T19h6h</span></p>
<p class="gmail-p1"><span class="gmail-s1">/tZUxv7t75EncTYc2KR8/Dd7VvrIbctPatUJvN83yIWnLgzJIWskCN8LRQbD7T3y</span></p>
<p class="gmail-p1"><span class="gmail-s1">9EjdG/7Nv+WDfo7SBeXxtJbcXOHFW4C3CcQTZAsGxfzSHl1WknowtmifoM4tdq0o</span></p>
<p class="gmail-p1"><span class="gmail-s1">GPa5+D3p/fmJNz6yhdzTjPRVngwTMJIK2dXTeSQfSKDCHQHp4GHQN0L3eYTmBR0z</span></p>
<p class="gmail-p1"><span class="gmail-s1">pjEX1C56uFr4hMSd49cQKMW2FXUld3QIKrpo6SMso8myGe6C52If8BjAhsXGBv1V</span></p>
<p class="gmail-p1"><span class="gmail-s1">gr8=</span></p>
<p class="gmail-p1"><span class="gmail-s1">-----END CERTIFICATE-----</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">stderr=  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current</span></p>
<p class="gmail-p1"><span class="gmail-s1">                                 Dload  Upload   Total   Spent    Left  Speed</span></p>
<p class="gmail-p1"><span class="gmail-s1">100  4402  100  4402    0     0   597k      0 --:--:-- --:--:-- --:--:--  614k</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Successfully retrieved CA cert</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Subject:     CN=brad-HOMECA01-CA,DC=brad,DC=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Issuer:      CN=brad-HOMECA01-CA,DC=brad,DC=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Valid From:  Sat Jan 21 00:10:39 2017 UTC</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Valid Until: Fri Jan 21 00:20:38 2022 UTC</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">    Subject:     CN=Certificate Authority,O=IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Issuer:      CN=brad-HOMECA01-CA,DC=brad,DC=local</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Valid From:  Sat Mar 25 20:45:37 2017 UTC</span></p>
<p class="gmail-p1"><span class="gmail-s1">    Valid Until: Mon Mar 25 20:55:37 2019 UTC</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Starting external process</span></p>
<p class="gmail-p1"><span class="gmail-s1">args=/usr/sbin/ipa-join -s homeipa01.brad.local -b dc=ipa,dc=brad,dc=local -h bradltest01.brad.local -d</span></p>
<p class="gmail-p1"><span class="gmail-s1">Process finished, return code=17</span></p>
<p class="gmail-p1"><span class="gmail-s1">stdout=</span></p>
<p class="gmail-p1"><span class="gmail-s1">stderr=XML-RPC CALL:</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1"><?xml version="1.0" encoding="UTF-8"?>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><methodCall>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><methodName>join</methodName>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><params>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><param><value><array><data>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>bradltest01.brad.local</string></value>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></data></array></value></param>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><param><value><struct>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><member><name>nsosversion</name>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><member><name>nshardwareplatform</name>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>x86_64</string></value></member>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></struct></value></param>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></params>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></methodCall>\r\n</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">* About to connect() to homeipa01.brad.local port 443 (#0)</span></p>
<p class="gmail-p1"><span class="gmail-s1">*   Trying 11.10.10.17...</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Initializing NSS with certpath: sql:/etc/pki/nssdb</span></p>
<p class="gmail-p1"><span class="gmail-s1">*   CAfile: /etc/ipa/ca.crt</span></p>
<p class="gmail-p1"><span class="gmail-s1">  CApath: none</span></p>
<p class="gmail-p1"><span class="gmail-s1">* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Server certificate:</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>start date: Mar 25 21:13:09 2017 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>expire date: Mar 25 20:55:37 2019 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>common name: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">> POST /ipa/xml HTTP/1.1</span></p>
<p class="gmail-p1"><span class="gmail-s1">Host: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Accept: */*</span></p>
<p class="gmail-p1"><span class="gmail-s1">Content-Type: text/xml</span></p>
<p class="gmail-p1"><span class="gmail-s1">User-Agent: ipa-join/4.4.0</span></p>
<p class="gmail-p1"><span class="gmail-s1">Referer: <a href="https://homeipa01.brad.local/ipa/xml">https://homeipa01.brad.local/ipa/xml</a></span></p>
<p class="gmail-p1"><span class="gmail-s1">X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0</span></p>
<p class="gmail-p1"><span class="gmail-s1">Content-Length: 482</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">* upload completely sent off: 482 out of 482 bytes</span></p>
<p class="gmail-p1"><span class="gmail-s1">< HTTP/1.1 401 Unauthorized</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Date: Tue, 28 Mar 2017 12:57:48 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5</span></p>
<p class="gmail-p1"><span class="gmail-s1">* gss_init_sec_context() failed: : Server krbtgt/BRAD.LOCAL@IPA.BRAD.LOCAL not found in Kerberos database</span></p>
<p class="gmail-p1"><span class="gmail-s1">< WWW-Authenticate: Negotiate</span></p>
<p class="gmail-p1"><span class="gmail-s1">< X-Frame-Options: DENY</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Security-Policy: frame-ancestors 'none'</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Accept-Ranges: bytes</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Length: 1474</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Type: text/html; charset=UTF-8</span></p>
<p class="gmail-p1"><span class="gmail-s1">< </span></p>
<p class="gmail-p1"><span class="gmail-s1">* Connection #0 to host homeipa01.brad.local left intact</span></p>
<p class="gmail-p1"><span class="gmail-s1">HTTP response code is 401, not 200</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Joining realm failed: XML-RPC CALL:</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1"><?xml version="1.0" encoding="UTF-8"?>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><methodCall>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><methodName>join</methodName>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><params>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><param><value><array><data>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>bradltest01.brad.local</string></value>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></data></array></value></param>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><param><value><struct>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><member><name>nsosversion</name>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><member><name>nshardwareplatform</name>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"><value><string>x86_64</string></value></member>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></struct></value></param>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></params>\r\n</span></p>
<p class="gmail-p1"><span class="gmail-s1"></methodCall>\r\n</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">* About to connect() to homeipa01.brad.local port 443 (#0)</span></p>
<p class="gmail-p1"><span class="gmail-s1">*   Trying 11.10.10.17...</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Initializing NSS with certpath: sql:/etc/pki/nssdb</span></p>
<p class="gmail-p1"><span class="gmail-s1">*   CAfile: /etc/ipa/ca.crt</span></p>
<p class="gmail-p1"><span class="gmail-s1">  CApath: none</span></p>
<p class="gmail-p1"><span class="gmail-s1">* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></p>
<p class="gmail-p1"><span class="gmail-s1">* Server certificate:</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>start date: Mar 25 21:13:09 2017 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>expire date: Mar 25 20:55:37 2019 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>common name: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">* <span class="gmail-Apple-tab-span">        </span>issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL</span></p>
<p class="gmail-p1"><span class="gmail-s1">> POST /ipa/xml HTTP/1.1</span></p>
<p class="gmail-p1"><span class="gmail-s1">Host: homeipa01.brad.local</span></p>
<p class="gmail-p1"><span class="gmail-s1">Accept: */*</span></p>
<p class="gmail-p1"><span class="gmail-s1">Content-Type: text/xml</span></p>
<p class="gmail-p1"><span class="gmail-s1">User-Agent: ipa-join/4.4.0</span></p>
<p class="gmail-p1"><span class="gmail-s1">Referer: <a href="https://homeipa01.brad.local/ipa/xml">https://homeipa01.brad.local/ipa/xml</a></span></p>
<p class="gmail-p1"><span class="gmail-s1">X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0</span></p>
<p class="gmail-p1"><span class="gmail-s1">Content-Length: 482</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">* upload completely sent off: 482 out of 482 bytes</span></p>
<p class="gmail-p1"><span class="gmail-s1">< HTTP/1.1 401 Unauthorized</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Date: Tue, 28 Mar 2017 12:57:48 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5</span></p>
<p class="gmail-p1"><span class="gmail-s1">* gss_init_sec_context() failed: : Server krbtgt/BRAD.LOCAL@IPA.BRAD.LOCAL not found in Kerberos database</span></p>
<p class="gmail-p1"><span class="gmail-s1">< WWW-Authenticate: Negotiate</span></p>
<p class="gmail-p1"><span class="gmail-s1">< X-Frame-Options: DENY</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Security-Policy: frame-ancestors 'none'</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Accept-Ranges: bytes</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Length: 1474</span></p>
<p class="gmail-p1"><span class="gmail-s1">< Content-Type: text/html; charset=UTF-8</span></p>
<p class="gmail-p1"><span class="gmail-s1">< </span></p>
<p class="gmail-p1"><span class="gmail-s1">* Connection #0 to host homeipa01.brad.local left intact</span></p>
<p class="gmail-p1"><span class="gmail-s1">HTTP response code is 401, not 200</span></p>
<p class="gmail-p2"><span class="gmail-s1"></span><br></p>
<p class="gmail-p1"><span class="gmail-s1">Installation failed. Rolling back changes.</span></p>
<p class="gmail-p1"><span class="gmail-s1">IPA client is not configured on this system.</span></p><p class="gmail-p1"><br></p><p class="gmail-p1">Kinda at loss on what to try next and where to look so any direction would be much appreciated.</p><p class="gmail-p1"><br></p><p class="gmail-p1">Thank you,</p><p class="gmail-p1">Bradley Bishop</p></div></div>