[Freeipa-users] ipa-client-install does not seem to like the ipa's ntp
Mauricio Tavares
raubvogel at gmail.com
Sat Feb 8 13:34:51 UTC 2014
Even though I already have a ntp server, I setup my newly
created freeipa kdc to do that too (it is a slave to my primary ntp).
I then build a centos host to be the test client. Just to make sure it
can see and use auth's ntp, I tested with ntpdate:
[root at centos64 ~]# ntpdate auth
8 Feb 08:13:35 ntpdate[3251]: adjust time server 10.0.0.11 offset -0.003097 sec
[root at centos64 ~]#
so far so good, so how about running ipa-client-install?
[root at centos64 ~]# hostname
centos64
[root at centos64 ~]# ipa-client-install --hostname=`hostname -f`
Discovery was successful!
Hostname: centos64.in.domain.com
Realm: DOMAIN.COM
DNS Domain: domain.com
IPA Server: auth.in.domain.com
BaseDN: dc=domain,dc=com
[so far so good!]
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.
Please check that 123 UDP port is opened.
Password for admin at DOMAIN.COM:
But, it had not problems using ntpdate against auth. to add insult to
injury, the log claims it is using ntpdate:
2014-02-08T13:14:31Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
auth.in.domain.com
2014-02-08T13:14:31Z DEBUG stdout=
2014-02-08T13:14:31Z DEBUG stderr=
2014-02-08T13:14:31Z WARNING Unable to sync time with IPA NTP server,
assuming the time is in sync. Please check that 123 UDP port is
opened.
Could it be it is pissed because it was in sync to begin with? I mean,
if we run the exact command the log file claims to have run,
[root at centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v auth.in.domain.com| echo $?
0
[root at centos64 ~]#
We see it was successful.
I am feeling rather clueless here...
More information about the Freeipa-users
mailing list