[Freeipa-users] ipa-client install error

Steven Jones Steven.Jones at vuw.ac.nz
Tue May 1 20:52:22 UTC 2012 

Hi,

sssd-1.5.1-66.el6_2.3.x86_64

KDC connections.......as far as I know....but the proof is this machine is a vm off my linux rhel6.2 server/workstation which is IPA'd itself, I can login and I manage IPA from the firefox web browser on it...so physically its the exact same cable, switches, routers, firewall and vnware hardware...so an issue makes no sense at that level unless its an issue with the KVM networking.....its DHCPing off my cat6 cable so has the same IP address range, so that leaves out networking I believe.

However I am having issues with some logins on other clients as well now so this points to IPA itself or something common I would say.

I've done sosreports under case 627913 for that.......

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Jan Zeleny [jzeleny at redhat.com]
Sent: Tuesday, 1 May 2012 6:38 p.m.
To: freeipa-users at redhat.com
Cc: Steven Jones
Subject: Re: [Freeipa-users] ipa-client install error

I don't see anything much more useful in the log file. The last line in the
traceback suggests there is something wrong with connection to your KDC, does
the connection to it work from other machines?

Also, just out of curiosity about the SSH error message - what version of SSSD
do you have installed?

Thanks
Jan

Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> encl ipa install log
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com]
> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz] Sent: Tuesday, 1 May
> 2012 2:22 p.m.
> Cc: freeipa-users at redhat.com
> Subject: [Freeipa-users] ipa-client install error
>
> I made a slight oops, I just upgraded a long un-used vm on my desktop from
> 6.2beta to 6.3beta instead of 6.2 by mistake. Anyway  since our satellite
> is down I cant correct this so I tried to add the 6.3beta client to IPA on
> 6.2 and I get an error.
>
> ==============
> [root at rhel664ws01 ~]# ipa-client-install --mkhomedir
> Discovery was successful!
> Hostname: rhel664ws01.ods.vuw.ac.nz
> Realm: ODS.VUW.AC.NZ
> DNS Domain: ods.vuw.ac.nz
> IPA Server: vuwunicoipam002.ods.vuw.ac.nz
> BaseDN: dc=ods,dc=vuw,dc=ac,dc=nz
>
>
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admjonesst1
> Synchronizing time with KDC...
> Unable to sync time with IPA NTP server, assuming the time is in sync.
> Password for admjonesst1 at ODS.VUW.AC.NZ:
>
> Enrolled in IPA realm ODS.VUW.AC.NZ
> Created /etc/ipa/default.conf
> Unable to activate the SSH service in SSSD config.
> Please make sure you have SSSD built with SSH support installed.
> Configure SSH support manually in /etc/sssd/sssd.conf.
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm ODS.VUW.AC.NZ
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 1534, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 1521, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 1358, in install
>     api.Backend.xmlclient.connect()
>   File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in
> connect conn = self.create_connection(*args, **kw)
>   File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in
> create_connection raise errors.KerberosError(major=str(krberr), minor='')
> ipalib.errors.KerberosError: Kerberos error: did not receive Kerberos
> credentials/ [root at rhel664ws01 ~]#
> ===========
>
> Is this expected when trying to connect 6.3beta? ie its simply not
> compatible?

More information about the Freeipa-users mailing list