[Freeipa-users] Error trying to enroll new client
Andrew Lau
andrew at andrewklau.com
Thu Sep 26 12:55:16 UTC 2013
Unable to sync time normally means you've got the ntpd service running on
the client (or the port is blocked). Try turn that off and then run ntpdate
ipaserver or ipa-client-install again. I noticed this happened to me too a
few times. I think it's because the new host you're trying to enroll is in
the past and kerberos keys aren't active until x time.
I may be wrong..
On Thu, Sep 26, 2013 at 10:30 PM, Bret Wortman <bret.wortman at damascusgrp.com
> wrote:
> # ipa-client-install --enable-dns-updates --mkhomedir
> Discovery was successful!
> Hostname: os105.foo.net
> Realm: FOO.NET
> DNS Domain: foo.net
> IPA Server: osipa.foo.net
> BaseDN: dc=foo,dc=net
>
>
> Continue to configure the system with these values? [no]: yes
> User authrozied to enroll computers: admin
> Synchronizing time with KDC...
> Unable to sync time with IPA NTP server, assuming the time is in sync.
> Password for admin at FOO.NET
>
> Enrolled in IPA realm FOO.NET
> Created /etc/ipa/default.conf
> COnfigured /etc/sssd/sssd.conf
> COnfigured /etc/krb5.conf for IPA realm FOO.NET
> Failed to obtain host TGT.
> Installation failed. Rolling back changes.
> #
>
> I've seen the "unable to sync time" error before and have still been able
> to enroll, but something's different with this host. It also does this when
> I try to enroll with other replicas as well. Thoughts?
>
> *
> *
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130926/134f35ec/attachment.htm>
More information about the Freeipa-users
mailing list