[Freeipa-users] help: ipa error 4301
Shapiro, Matthew E CTR DODHRA DMDC (US)
matthew.e.shapiro.ctr at mail.mil
Wed Jul 17 21:14:28 UTC 2013
Hi ,
While running the ipa-client-install script on a RHEL 6.4 server, I get the following output (please note the indicated line with the arrow):
[root@[hostname]]# ipa-client-install
Discovery was successful!
Hostname: [hostname]
Realm: example.com
DNS Domain: example.com
IPA Server: chtvm-389.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Password for admin example com:
Enrolled in IPA realm example.com
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm example.com
SSSD enabled
Kerberos 5 enabled
----->Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete.
Also, please note that I've obfuscated the hostname, domain, and realm for security reasons. I believe I've narrowed down the problem to certificate enrollment. When I check my IPA Server Web UI, I have a notice in my host details that says "no valid certificate present." I then checked my client host by running:
[root at hostname user]# ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID '20130717205230':
status: CA_UNCONFIGURED
ca-error: Error setting up ccache for local "host" service using default keytab: Resource temporarily unavailable.
stuck: yes
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - hostname.example.com',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - hostname.example.com '
CA: IPA
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
I'm concerned about that "stuck" field, I have no idea what that means.
I have other RHEL 6.4 clients that have been able to join my IPA domain with no issue at all, but this one client baffles me. Any thoughts??
----------------------------------------------------------------------
Matthew Shapiro
Systems Administrator
Trofholz Technologies, Inc.
Defense Personnel and Security Research Center (PERSEREC)
Defense Manpower Data Center (DMDC)
Office: 831.583.2828
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130717/402ddcbc/attachment.htm>
More information about the Freeipa-users
mailing list