[Freeipa-users] RHEL5 IPA client for RHEL6.3 IPA server?

Rob Crittenden rcritten at redhat.com
Wed Oct 17 17:29:09 UTC 2012 

David Summers wrote:
> On 10/17/2012 7:49 AM, Rob Crittenden wrote:
>> David Summers wrote:
>>>
>>> I have looked back through the last year of mail archives for this list
>>> and haven't yet found anything on this.
>>>
>>> I spent a day or so trying to get a RHEL6.3 server set up with several
>>> clients,
>>>
>>> Clients:
>>> RHEL 6.3 32-bit
>>> RHEL 6.3 64-bit
>>> RHEL 5.8 32-bit
>>> RHEL 5.8 64-bit
>>>
>>> So far I've been able to get the RHEL 6.3 clients to register and setup
>>> up as a client for RHEL 6.3 IPA server but whenever I try to install the
>>> ipa-client on RHEL 5.8 I just get the following error:
>>>
>>> [root at rh5 ~]# ipa-client-install
>>> Discovery was successful!
>>> Hostname: rh5.summersoft
>>> Realm: SUMMERSOFT
>>> DNS Domain: summersoft
>>> IPA Server: ipaserver.summersoft
>>> BaseDN: dc=summersoft
>>>
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> User authorized to enroll computers: admin
>>> Synchronizing time with KDC...
>>> Unable to sync time with IPA NTP server, assuming the time is in sync.
>>> Password for admin at SUMMERSOFT:
>>>
>>> Joining realm failed: SASL Bind failed Local error (-2) !
>>> child exited with 9
>>> Installation failed. Rolling back changes.
>>> IPA client is not configured on this system.
>>>
>>> In the install log:
>>>
>>> 2012-10-16 23:16:34,410 DEBUG stderr=
>>> 2012-10-16 23:16:35,032 DEBUG args=/usr/sbin/ipa-join -s
>>> ipaserver.summersoft -b
>>>   dc=summersoft
>>> 2012-10-16 23:16:35,032 DEBUG stdout=
>>> 2012-10-16 23:16:35,032 DEBUG stderr=SASL Bind failed Local error (-2) !
>>> child exited with 9
>>>
>>>
>>> Is RHEL 5.8 a supported client for RHEL 6.3 IPA server?
>>>
>>> If so, what am I doing wrong?  I tried following both the RHEL 5.8 and
>>> RHEL 6.3 install instructions but
>>> nothing I have tried is working so far!
>>>
>>> Thanks in advance for any help or pointers you can provide.
>>>
>>>     - David Summers
>>
>> What is the version of the 5.8 ipa-client package? You want
>> ipa-client-2.1.3-2.el5_8
>>
>> rob
>>
>
> Yes, I have ipa-client-2.1.3-2.el5_8 but I have not been able to get it
> to join the IPA server.
> I've turned off all firewalls.
>
> I am running IPv6, does that make a difference?
>
> Any ideas?
>
>     - Thanks
>     - David Summers

It is failing trying to get a keytab for the newly enrolled host.

Can you provide /var/log/ipaclient-install.log?

Can you look in the 389-ds error and access logs for the BIND request 
and/or other errors when the client enrollment happens 
(/var/log/dirsrv/slapd-REALM, access buffers for 30 seconds) and the KDC 
logs in /var/log/krb5kdc?

rob

More information about the Freeipa-users mailing list