[Freeipa-users] EXTERNAL: Re: Client Installation Error

Joseph, Matthew (EXP) matthew.joseph at lmco.com
Wed Apr 3 11:35:27 UTC 2013 

Hey Rob,

I updated my client's ipa, libcurl, and xmlrpc to what the server is using that I listed below.
I am now getting the following error;

Joining realm failed: HTTP response code is 401, not 200

On the server I looked at the krb5kdc.log to see if there was any errors and I'm getting the following error;

IPA_Server.domain.ca krb5kdc[2029](info): TGS_REQ (4 etypes {18 17 16 23}) IP_ADDRESS_OF_CLIENT: UNKNOWN_SERVER: authtime 0, admin at DOMAIN.CA for HTTP/IPA_Server at DOMAIN.CA, Server not found in Kerberos Database.

I've checked on the server side and the client I'm trying to add is in DNS and the host table. He can ping him fine so there is no issue with communication.

Any ideas? Any other logs/information I can provide you?


Thanks,

Matt

-----Original Message-----
From: Joseph, Matthew (EXP) 
Sent: Tuesday, April 02, 2013 3:01 PM
To: 'Rob Crittenden'; freeipa-users at redhat.com
Subject: RE: EXTERNAL: Re: [Freeipa-users] Client Installation Error

Hey Rob,

I'm running 2.0.0-23.el6.x86-64.
So if I upgrade to the version you listed below then I should be all good?

Is this a known problem with just 2.0.0-23 or is it also previous versions?

Thanks,

Matt

-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com] 
Sent: Tuesday, April 02, 2013 2:58 PM
To: Joseph, Matthew (EXP); freeipa-users at redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Client Installation Error

Joseph, Matthew (EXP) wrote:
> Hey,
>
> I'm trying to add a client to IPA and I'm getting the following error;
>
> Joining realm failed because of failing XML-RPC request
>
> This error may be caused by incompatible server/client major versions.
>
> Client is running Red Hat 6.1 with the following IPA and Curl packages 
> installed;
>
> Ipa-*-2.0.0-23
>
> Curl-7.19.7-26
>
> Libcurl-7.19.7-26
>
> Server is running Red Hat 6.3 with the following IPA and Curl Packages 
> installed;
>
> Ipa-*-2.2.0-16
>
> Curl-7.19.7-26
>
> Libcurl-7.19.7-26
>
>  From what I've seen from other people is that the issue is with 
> libcurl blocking GSSAPI requests. Is that still the case?
>
> If so what are my options here to get around this problem? I assume I 
> can downgrade my Curl but will that affect anything major?
>
> Thanks,
>
> Matt

Exactly what version of ipa-client do you have installed? You need
2.0.0-23.el6_1.2 to fix ticket delegation.

rob

More information about the Freeipa-users mailing list