<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 20.04.2016 18:00, Gady Notrica
wrote:<br>
</div>
<blockquote
cite="mid:0984AB34E553F54B8705D776686863E70ABF67D5@cd-exchange01.CD-PRD.candeal.ca"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello World,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I am having
these errors trying to install ipa-client-install. Every
other machine is fine and they IPA servers are functioning
perfectly<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:red">Error trying to
clean keytab: /usr/sbin/ipa-rmkeytab returned 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:red">Kerberos
authentication failed: kinit: Improper format of Kerberos
configuration file while initializing Kerberos 5 library<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Then I have “</span><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Installation
failed. Rolling back changes.”<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I have tried
everything I know with no luck. Any idea on how to FIX this?
Below is the full log.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-----------------------------------------------------------<o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Continue
to configure the system with these values? [no]: yes<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:red">Error
trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Skipping
synchronizing time with NTP server.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">User
authorized to enroll computers: admin<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Password
for <a class="moz-txt-link-abbreviated" href="mailto:admin@IPA.DOMAIN.COM">admin@IPA.DOMAIN.COM</a>:<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Please
make sure the following ports are opened in the firewall
settings:<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">
TCP: 80, 88, 389<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Also
note that following ports are necessary for ipa-client
working properly after enrollment:<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">
TCP: 464<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">
UDP: 464, 123 (if NTP enabled)<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:red">Kerberos
authentication failed: kinit: Improper format of Kerberos
configuration file while initializing Kerberos 5 library<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Installation
failed. Rolling back changes.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Failed
to list certificates in /etc/ipa/nssdb: Command
''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned
non-zero exit status 255<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Disabling
client Kerberos and LDAP configurations<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Redundant
SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Restoring
client configuration files<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">nscd
daemon is not installed, skip configuration<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">nslcd
daemon is not installed, skip configuration<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1F497D">Client
uninstall complete.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D">---------------------------------------------------------------<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D">Gady<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Hello,<br>
<br>
IMO you have an old invalid keytab on that machine. Can you manually
remove it and try to reinstall client? (Of course only if you are
sure that keytab there is not needed)<br>
<br>
The keytab should be located here <span
style="color:#008000;font-weight:bold;">/etc/krb5.keytab<br>
</span>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<br>
Martin<br>
</body>
</html>