[Freeipa-users] Failure of ipa-client-install

[Louis Coilliot]

Hello,

The server side (station8) is a freshly installed ipa server on Fedora
15 with freeipa-server-2.0.1-2.fc15.x86_64

The client side (station7) is a RHEL 6.1 with ipa-client-2.0.0-23.el6.x86_64
Or another Fedora15 OS (same behaviour)

The symptom is :
# ipa-client-install --server station8.example.com --domain example.com -d
(...)
Discovery was successful!
(...)
Hostname: station7.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: station8.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
(...)
Password for admin at EXAMPLE.COM:
root        : DEBUG    args=kinit admin at EXAMPLE.COM
root        : DEBUG    stdout=
root        : DEBUG    stderr=kinit: Cannot contact any KDC for realm
'EXAMPLE.COM' while getting initial credentials
root        : DEBUG    args=kdestroy
root        : DEBUG    stdout=
root        : DEBUG    stderr=kdestroy: No credentials cache found
while destroying cache

kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials

I check krb5.conf, and I find :
[realms]
 EXAMPLE.COM = {
 kdc = kerberos.example.com
 admin_server = kerberos.example.com
 }

If I change it manually to :
[realms]
 EXAMPLE.COM = {
 kdc = station8.example.com
 admin_server = station8.example.com
 }

then the kinit is fine manually :
# kinit admin
Password for admin at EXAMPLE.COM:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM

Valid starting     Expires            Service principal
07/13/11 13:59:09  07/14/11 13:59:05  krbtgt/EXAMPLE.COM at EXAMPLE.COM
       renew until 07/20/11 13:59:05

But ipa-client-install still fails at this point

Any idea ? Thanks in advance.


Louis Coilliot