<html><head></head><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:16px"><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481206740141_4015"><div id="yui_3_16_0_ym19_1_1481206740141_4422"><br></div><div id="yui_3_16_0_ym19_1_1481206740141_4423">Hi,</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4361">I would prefer not to compile anything. It means we have to maintain the package, rather than the distro maintainers.<br></div><div id="yui_3_16_0_ym19_1_1481206740141_4355"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4354">Trusty has a completely different set of errors to Precise.  <br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4190"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4424">Xenial works with no problems.<br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4433"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4425">I run a script that allows the system to join  the IPA domain (the same script regardless of Ubuntu distro):</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4426"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4353">( $P_W is read in from stdin)<br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4308"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4227">ipa-client-install \<br id="yui_3_16_0_ym19_1_1481206740141_4218">     --server="$IPA_SERVER" \<br id="yui_3_16_0_ym19_1_1481206740141_4219">     --domain=dns.domain.com \<br id="yui_3_16_0_ym19_1_1481206740141_4220">     --principal=admin \<br id="yui_3_16_0_ym19_1_1481206740141_4221">     --password="$P_W" \<br id="yui_3_16_0_ym19_1_1481206740141_4222">     --preserve-sssd \<br id="yui_3_16_0_ym19_1_1481206740141_4223">     --mkhomedir \<br id="yui_3_16_0_ym19_1_1481206740141_4224">     --no-ntp \<br id="yui_3_16_0_ym19_1_1481206740141_4225">     -U<br id="yui_3_16_0_ym19_1_1481206740141_4226"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4228"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_4189">Enter (Admins) Password:   <br id="yui_3_16_0_ym19_1_1481206740141_4090">Confirm Password: <br id="yui_3_16_0_ym19_1_1481206740141_4091">Hostname: jamestrusty.dns.domain.com<br id="yui_3_16_0_ym19_1_1481206740141_4092">Realm: IPA.REALM.COM<br id="yui_3_16_0_ym19_1_1481206740141_4093">DNS Domain: dns.domain.com<br id="yui_3_16_0_ym19_1_1481206740141_4094">IPA Server: pul-lv-ipa-01.dns.domain.com<br id="yui_3_16_0_ym19_1_1481206740141_4095">BaseDN: dc=int,dc=worldfirst,dc=com<br id="yui_3_16_0_ym19_1_1481206740141_4096"><br id="yui_3_16_0_ym19_1_1481206740141_4097">Synchronizing time with KDC...<br id="yui_3_16_0_ym19_1_1481206740141_4098">Dec  8 14:50:58 jamestrusty ntpdate[2448]: ntpdate 4.2.6p5@1.2349-o Wed Oct  5 12:35:26 UTC 2016 (1)<br id="yui_3_16_0_ym19_1_1481206740141_4099">Dec  8 14:50:58 jamestrusty ntpdate[2448]: the NTP socket is in use, exiting<br id="yui_3_16_0_ym19_1_1481206740141_4100">...<br id="yui_3_16_0_ym19_1_1481206740141_4101">...<br id="yui_3_16_0_ym19_1_1481206740141_4102">...<br id="yui_3_16_0_ym19_1_1481206740141_4103">...<br id="yui_3_16_0_ym19_1_1481206740141_4104">...<br id="yui_3_16_0_ym19_1_1481206740141_4105">Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.<br id="yui_3_16_0_ym19_1_1481206740141_4106">Successfully retrieved CA cert<br id="yui_3_16_0_ym19_1_1481206740141_4107">    Subject:     CN=SOMECERT<br id="yui_3_16_0_ym19_1_1481206740141_4108">    Issuer:      CN=SOMECERT<br id="yui_3_16_0_ym19_1_1481206740141_4109">    Valid From:  Wed Mar 12 00:00:00 2014 UTC<br id="yui_3_16_0_ym19_1_1481206740141_4110">    Valid Until: Sun Mar 11 23:59:59 3029 UTC<br id="yui_3_16_0_ym19_1_1481206740141_4111"><br id="yui_3_16_0_ym19_1_1481206740141_4112">Enrolled in IPA realm IPA.REALM.COM<br id="yui_3_16_0_ym19_1_1481206740141_4113">Created /etc/ipa/default.conf<br id="yui_3_16_0_ym19_1_1481206740141_4114">New SSSD config will be created<br id="yui_3_16_0_ym19_1_1481206740141_4115">Configured /etc/sssd/sssd.conf<br id="yui_3_16_0_ym19_1_1481206740141_4116">Failed to add CA to the default NSS database.<br id="yui_3_16_0_ym19_1_1481206740141_4117">Installation failed. Rolling back changes.<br id="yui_3_16_0_ym19_1_1481206740141_4118">Unenrolling client from IPA server<br id="yui_3_16_0_ym19_1_1481206740141_4119">Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm.<br id="yui_3_16_0_ym19_1_1481206740141_4120"><br id="yui_3_16_0_ym19_1_1481206740141_4121">Removing Kerberos service principals from /etc/krb5.keytab<br id="yui_3_16_0_ym19_1_1481206740141_4122">Disabling client Kerberos and LDAP configurations<br id="yui_3_16_0_ym19_1_1481206740141_4123">Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted<br id="yui_3_16_0_ym19_1_1481206740141_4124">SSSD service could not be stopped<br id="yui_3_16_0_ym19_1_1481206740141_4125">Client uninstall complete.<br id="yui_3_16_0_ym19_1_1481206740141_4126"><br></div><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1481206740141_3932" style="display: block;">  <div style="font-family: verdana, helvetica, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1481206740141_3931"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1481206740141_3930"> <div dir="ltr" id="yui_3_16_0_ym19_1_1481206740141_3989"> <font id="yui_3_16_0_ym19_1_1481206740141_3988" size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Lukas Slebodnik <lslebodn@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> James Harrison <jamesaharrisonuk@yahoo.co.uk> <br><b><span style="font-weight: bold;">Cc:</span></b> "freeipa-users@redhat.com" <freeipa-users@redhat.com><br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, 8 December 2016, 11:22<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Problem with Free IPA Client Ubuntu Precise (12.04) authenticating with AD account<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1481206740141_3929"><br>On (07/12/16 18:19), James Harrison wrote:<br clear="none">>Hi all,<br clear="none">><br clear="none">>I am trying to authenticate an ubuntu Precise (12.06) fully patched system. Its enrolled into a FreeIPA server. The following trace is the output of syslog auth sssd/*.log and full debug (-ddd) from the sshd service.<br clear="none">><br clear="none">Are you able to reproduce with ubuntu 14.04<br clear="none">and sssd from trusty-updates(1.11.8-0ubuntu0.3)<br clear="none">You might also consig=der to test sssd-1.13.4 (in ubuntu 16.04)<br clear="none">or at least 1.12.5-1~trusty1 from ppa<br clear="none"><a shape="rect" href="https://launchpad.net/~sssd" target="_blank">https://launchpad.net/~sssd</a><div class="yqt8623214856" id="yqtfd66642"><br clear="none"><br clear="none">LS<br clear="none"></div><br><br></div> </div> </div>  </div></div></body></html>