[Freeipa-users] EXTERNAL: Re: Client Installation Error
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Wed Apr 3 13:24:17 UTC 2013
Awesome that was the issue Rob.
Thanks!
Matt
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: Wednesday, April 03, 2013 10:14 AM
To: Joseph, Matthew (EXP); freeipa-users at redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Client Installation Error
Joseph, Matthew (EXP) wrote:
> Hey Rob,
>
> I updated my client's ipa, libcurl, and xmlrpc to what the server is using that I listed below.
> I am now getting the following error;
>
> Joining realm failed: HTTP response code is 401, not 200
>
> On the server I looked at the krb5kdc.log to see if there was any
> errors and I'm getting the following error;
>
> IPA_Server.domain.ca krb5kdc[2029](info): TGS_REQ (4 etypes {18 17 16 23}) IP_ADDRESS_OF_CLIENT: UNKNOWN_SERVER: authtime 0, admin at DOMAIN.CA for HTTP/IPA_Server at DOMAIN.CA, Server not found in Kerberos Database.
>
> I've checked on the server side and the client I'm trying to add is in DNS and the host table. He can ping him fine so there is no issue with communication.
>
> Any ideas? Any other logs/information I can provide you?
It may be your obfuscation, but is it a FQDN in the HTTP service principal? It should be.
If you're using /etc/hosts be sure that the FQDN version is first (so "foo.example.com foo" rather than "foo foo.example.com").
rob
More information about the Freeipa-users
mailing list