[Freeipa-users] Scientific Linux 6.1 client issues

[Rob Crittenden]

~Stack~ wrote:
> On 10/27/2011 02:50 PM, Rob Crittenden wrote:
>> Building 2.1.3 from source is going to require the same set of
>> dependencies as building from the src.rpm. Note though that upstream
>> development of freeipa is done in Fedora, not RHEL.
>
> I gave compiling it from the src.rpm a try. I was OK compiling all the
> dependencies that were directly related (and there were a good lot of
> them), however, by the time I got into compiling other random libraries
> for gtk3 I gave up and just modified the spec file to allow me to use
> the libraries I had just compiled. I didn't expect it to work, so I was
> a bit surprised when it compiled just fine. I was soon let down when I
> ran into the *exact* same problem. :-/
>
> I can force the clients to join but I can't log into them as a user.
>
> I have reasons for needing to stay with Scientific Linux. Since this was
> just a because-I-am-interested project I may have to wait till someone
> far more familiar with the project at Red Hat pushes out updated
> binaries (which I fully understand may be a while). I am certain to keep
> an eye on this project because it seems to be a _much_ easier and better
> way to manage users then the LDAP solution I currently have setup.
>
> Thanks for the help Rob!
>
> ~Stack~

Look in /var/log/ipaclient-install.log for more details. We do a lot 
more logging in 2.1.3.

The original problem was due to how we set up a temporary krb5.conf in 
order to enrollment. We discovered (automatically or via the user) the 
environment then wrote out a krb5.conf that did not include all this 
data so it was re-discovered, sometimes incorrectly.

The temporary krb5.conf should both be specific to the IPA server and 
also be included in the client install log.

It might be an interesting exercise to set a one-time password on a host 
and see if you can enroll successfully using that.

rob