[Freeipa-users] ipa-client-install fails
Guy Matz
gmatz at collective.com
Tue May 21 13:28:56 UTC 2013
Thanks for the reply. I *think* I'm doing this correctly . . .
On the master:
[root at ipadevmstr log]# host cpuppettest.collmedia.net
cpuppettest.collmedia.net has address 192.168.8.28
[root at ipadevmstr log]# ipa host-add cpuppettest.collmedia.net
--password=secret
--------------------------------------
Added host "cpuppettest.collmedia.net"
--------------------------------------
Host name: cpuppettest.collmedia.net
Password: True
Keytab: False
Managed by: cpuppettest.collmedia.net
But on the client:
[root at cpuppettest log]# kinit HOST/cpuppettest.collmedia.net at COLLMEDIA.NET
kinit: Client 'HOST/cpuppettest.collmedia.net at COLLMEDIA.NET' not found
in Kerberos database while getting initial credentials
Any ideas?
Thanks again,
Guy
On 05/20/2013 07:15 PM, Dmitri Pal wrote:
> On 05/20/2013 05:18 PM, Guy Matz wrote:
>> Hi! I'm trying the following ipa-client-install:
>> [root at cpuppettest log]# hostname
>> cpuppettest
>> [root at cpuppettest log]# hostname -f
>> cpuppettest.collmedia.net
>> [root at cpuppettest log]# /usr/sbin/ipa-client-install
>> --domain=collmedia.net --enable-dns-updates --mkhomedir
>> --principal=HOST/cpuppettest.collmedia.net -w=secret
> Did you pre create the client first yourself using ipa host-add?
> While creating it did you create an OTP for it?
> Is it 'secret'?
> I think it should also be -w secret without '='
>
> For more details see:
> http://docs.fedoraproject.org/en-US/Fedora/17/html-single/FreeIPA_Guide/index.html#kickstart
>> --realm=COLLMEDIA.NET --server=ipadevmstr.collmedia.net --unattended
>> Discovery was successful!
>> Hostname: cpuppettest.collmedia.net
>> Realm: COLLMEDIA.NET
>> DNS Domain: collmedia.net
>> IPA Server: ipadevmstr.collmedia.net
>> BaseDN: dc=collmedia,dc=net
>>
>>
>> Synchronizing time with KDC...
>>
>> kinit: Client 'HOST/cpuppettest.collmedia.net at COLLMEDIA.NET' not found
>> in Kerberos database while getting initial credentials
>>
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>>
>> and krb5kdc.log on the server says:
>> [root at ipadevmstr log]# tailf -n 1 krb5kdc.log
>> May 20 17:12:50 ipadevmstr.collmedia.net krb5kdc[1364](info): AS_REQ (4
>> etypes {18 17 16 23}) 192.168.8.28: CLIENT_NOT_FOUND:
>> HOST/cpuppettest.collmedia.net at COLLMEDIA.NET for
>> krbtgt/COLLMEDIA.NET at COLLMEDIA.NET, Client not found in Kerberos database
>>
>> However my IPA server does seem to know about this new client:
>> [root at ipadevmstr log]# ipa host-show cpuppettest.collmedia.net
>> Host name: cpuppettest.collmedia.net
>> Password: True
>> Keytab: False
>> Managed by: cpuppettest.collmedia.net
>>
>> Any thoughts would be greatly appreciated!
>> Thanks a lot,
>> Guy Matz
>>
>> P.S. - Does my client need to be 3.x?
>> [root at cpuppettest log]# uname -a
>> Linux cpuppettest 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC
>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>> [root at cpuppettest log]# rpm -qa | grep ipa-client
>> ipa-client-2.2.0-16.el6.x86_64
>
> It should work OK if it is latest patched 2.2 client.
>
>
>> and
>> [root at ipadevmstr log]# uname -a
>> Linux ipadevmstr.collmedia.net 2.6.32-279.22.1.el6.x86_64 #1 SMP Wed Feb
>> 6 03:10:46 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>> [root at ipadevmstr log]# rpm -qa | grep ipa-server
>> ipa-server-3.0.0-26.el6_4.2.x86_64
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list