[Freeipa-users] Failure of ipa-client-install

Louis Coilliot louis.coilliot at think.fr
Thu Jul 21 05:38:41 UTC 2011 

Sure I can do that. It's still a test at this time.

Louis

2011/7/20 Dmitri Pal <dpal at redhat.com>:
> On 07/14/2011 04:39 AM, Louis Coilliot wrote:
>> Hello,
>>
>> The server side (station8) is a freshly installed ipa server on Fedora
>> 15 with freeipa-server-2.0.1-2.fc15.x86_64
>>
>> The client side (station7) is a RHEL 6.1 with ipa-client-2.0.0-23.el6.x86_64
>> Or another Fedora15 OS (same behaviour)
>>
>> The symptom is :
>> # ipa-client-install --server station8.example.com --domain example.com -d
>> (...)
>> Discovery was successful!
>> (...)
>> Hostname: station7.example.com
>> Realm: EXAMPLE.COM
>> DNS Domain: example.com
>> IPA Server: station8.example.com
>> BaseDN: dc=example,dc=com
>>
>> Continue to configure the system with these values? [no]: yes
>> Enrollment principal: admin
>> (...)
>> Password for admin at EXAMPLE.COM:
>> root        : DEBUG    args=kinit admin at EXAMPLE.COM
>> root        : DEBUG    stdout=
>> root        : DEBUG    stderr=kinit: Cannot contact any KDC for realm
>> 'EXAMPLE.COM' while getting initial credentials
>> root        : DEBUG    args=kdestroy
>> root        : DEBUG    stdout=
>> root        : DEBUG    stderr=kdestroy: No credentials cache found
>> while destroying cache
>>
>> kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
>> initial credentials
>>
>> I check krb5.conf, and I find :
>> [realms]
>>  EXAMPLE.COM = {
>>  kdc = kerberos.example.com
>>  admin_server = kerberos.example.com
>>  }
>>
>> If I change it manually to :
>> [realms]
>>  EXAMPLE.COM = {
>>  kdc = station8.example.com
>>  admin_server = station8.example.com
>>  }
>>
>> then the kinit is fine manually :
>> # kinit admin
>> Password for admin at EXAMPLE.COM:
>>
>> # klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: admin at EXAMPLE.COM
>>
>> Valid starting     Expires            Service principal
>> 07/13/11 13:59:09  07/14/11 13:59:05  krbtgt/EXAMPLE.COM at EXAMPLE.COM
>>        renew until 07/20/11 13:59:05
>>
>> But ipa-client-install still fails at this point
>>
>> Any idea ? Thanks in advance.
>>
>>
>> Louis Coilliot
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> We are about to release 2.1.
> Would you mind trying the latest bits?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list