[Freeipa-users] CentOS 6.5 client install failing
Rob Crittenden
rcritten at redhat.com
Sat Feb 8 13:48:21 UTC 2014
Dave Jablonski wrote:
> FreeIPA Server: Fedora 16, freeipa 2.1.4
> Latest CentOS 6.5 client
>
> When running:
>
> ipa-client-install --mkhomedir --enable-dns-updates
>
> The install fails with:
>
> trying https://<server-name>/ipa/xml
> Forwarding 'env' to server u'https://<server-name>/ipa/xml'
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 2377, in <module>
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 2363, in main
> rval = install(options, env, fstore, statestore)
> File "/usr/sbin/ipa-client-install", line 2167, in install
> remote_env = api.Command['env'](server=True)['result']
> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435,
> in __call__
> ret = self.run(*args, **options)
> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line
> 1073, in run
> return self.forward(*args, **options)
> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769,
> in forward
> return self.Backend.xmlclient.forward(self.name <http://self.name>,
> *args, **kw)
> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 736, in
> forward
> raise error(message=e.faultString)
> ipalib.errors.CCacheError: did not receive Kerberos credentials
>
> In /var/log/ipaclient-install.log:
>
> 2014-02-06T18:19:53Z DEBUG approved_usage = SSLServer intended_usage =
> SSLServer
> 2014-02-06T18:19:53Z DEBUG cert valid True for "CN=<server-name>,O=<domain>"
> 2014-02-06T18:19:53Z DEBUG handshake complete, peer = 10.1.1.111:443
> <http://10.1.1.111:443>
> 2014-02-06T18:19:53Z DEBUG Caught fault 1101 from server
> https://<server-name>/ipa/xml: did not receive Kerberos credentials
We need to see more context from the client install log, preferably the
whole thing.
IPA v2 doesn't support session cookies but the 3.x client should have
support for falling back to using TGT delegation.
rob
More information about the Freeipa-users
mailing list