[Freeipa-users] Split enrollment (adding hosts via kickstart)
Ian Levesque
ian at crystal.harvard.edu
Tue May 15 22:47:57 UTC 2012
On May 15, 2012, at 6:14 PM, Rob Crittenden wrote:
>> # /usr/sbin/ipa-client-install --domain=in.hwlab --principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG --server=sbgrid-directory.in.hwlab --unattended
>> DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup.
>> KDC address will be set to fixed value.
>>
>> Discovery was successful!
>> Hostname: ian-ultra24-dmz.in.hwlab
>> Realm: SBGRID.ORG
>> DNS Domain: in.hwlab
>> IPA Server: sbgrid-directory.in.hwlab
>> BaseDN: dc=sbgrid,dc=org
>>
>>
>> Synchronizing time with KDC...
>> Unable to sync time with IPA NTP server, assuming the time is in sync.
>>
>> kinit: Client not found in Kerberos database while getting initial credentials
>>
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>>
>> Any help would be appreciated.
>
> Don't set the principal and it will work, just drop the --principal bit. The principal doesn't exist yet which is why things are failing (or more precisely, the principal with that principal key doesn't exist yet).
No luck:
Joining realm failed: Incorrect password.
Installation failed. Rolling back changes.
I thought the point of doing the host-add was to setup a host principal with a one-time password. Without specifying the host principal, isn't the ipa-client-install trying to use the specified password to auth me, and not the host?
Thanks,
Ian
More information about the Freeipa-users
mailing list