[Freeipa-users] kinit working, but ipa-client-install not (client not found)
Rob Crittenden
rcritten at redhat.com
Fri Jun 24 12:48:12 UTC 2011
Pieter Baele wrote:
> On Thu, Jun 23, 2011 at 19:59, Rob Crittenden<rcritten at redhat.com> wrote:
>> Pieter Baele wrote:
>>>
>>> My new freeipa installation is working (server + kinit on a host where
>>> I configured krb5.conf manually)
>>> but ipa-client-install gives the typical Kerberos error:
>>>
>>> kinit: Client not found in Kerberos database while getting initial
>>> credentials
>>>
>>> Both hosts are resolvable
>>
>> I'd suggest looking at /var/log/krb5kdc.log on the server after trying a
>> kinit. This should tell you the name it is trying to resolve.
>>
>> rob
>>
>
> About this issue, nothing is logged in /var/log/krb5kdc.log.....
>
> I used this command now:
> ipa-client-install --server ipa1.example.org --domain example.org -p
> pieterb -W -d
>
> User 'pieterb' exists and has admin privileges
>
>
> Password for pieterb at EXAMPLE.ORG
> root : DEBUG args=kinit pieterb at EXAMPLE.ORG
> root : DEBUG stdout=
> root : DEBUG stderr=kinit: Client not found in Kerberos
> database while getting initial credentials
>
>
> root : DEBUG args=kdestroy
> root : DEBUG stdout=
> root : DEBUG stderr=kdestroy: No credentials cache found
> while destroying cache
>
> kinit: Client not found in Kerberos database while getting initial credentials
If you aren't seeing anything in the kerberos logs I wonder if this is
talking to the wrong KDC. ipa-client-install should include a copy of
the krb5.conf it is using, does it match your working manual install?
rob
More information about the Freeipa-users
mailing list