[Freeipa-users] help: ipa error 4301

Shapiro, Matthew E CTR DODHRA DMDC (US) matthew.e.shapiro.ctr at mail.mil
Wed Jul 17 21:14:28 UTC 2013 

Hi ,

While running the ipa-client-install script on a RHEL 6.4 server, I get the following output (please note the indicated line with the arrow):

[root@[hostname]]# ipa-client-install
Discovery was successful!
Hostname: [hostname]
Realm: example.com
DNS Domain: example.com
IPA Server: chtvm-389.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Password for admin example com:

Enrolled in IPA realm example.com
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm example.com
SSSD enabled
Kerberos 5 enabled
----->Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete.

Also, please note that I've obfuscated the hostname, domain, and realm for security reasons.    I believe I've narrowed down the problem to certificate enrollment.  When I check my IPA Server Web UI, I have a notice in my host details that says "no valid certificate present."  I then checked my client host by running:

[root at hostname user]# ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID '20130717205230':
        status: CA_UNCONFIGURED
        ca-error: Error setting up ccache for local "host" service using default keytab: Resource temporarily unavailable.
        stuck: yes
        key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - hostname.example.com',token='NSS Certificate DB'
        certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - hostname.example.com '
        CA: IPA
        issuer:
        subject:
        expires: unknown
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

I'm concerned about that "stuck" field, I have no idea what that means.
I have other RHEL 6.4 clients that have been able to join my IPA domain with no issue at all, but this one client baffles me.  Any thoughts??

----------------------------------------------------------------------
Matthew Shapiro
Systems Administrator

Trofholz Technologies, Inc.
Defense Personnel and Security Research Center (PERSEREC)
Defense Manpower Data Center (DMDC)
Office: 831.583.2828

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130717/402ddcbc/attachment.htm>

More information about the Freeipa-users mailing list