[Freeipa-users] CentOS 6.5 client install failing

Dmitri Pal dpal at redhat.com
Mon Feb 10 20:32:53 UTC 2014 

On 02/08/2014 08:48 AM, Rob Crittenden wrote:
> Dave Jablonski wrote:
>> FreeIPA Server:  Fedora 16, freeipa 2.1.4
>> Latest CentOS 6.5 client
>>
>> When running:
>>
>> ipa-client-install --mkhomedir --enable-dns-updates
>>
>> The install fails with:
>>
>> trying https://<server-name>/ipa/xml
>> Forwarding 'env' to server u'https://<server-name>/ipa/xml'
>> Traceback (most recent call last):
>>    File "/usr/sbin/ipa-client-install", line 2377, in <module>
>>      sys.exit(main())
>>    File "/usr/sbin/ipa-client-install", line 2363, in main
>>      rval = install(options, env, fstore, statestore)
>>    File "/usr/sbin/ipa-client-install", line 2167, in install
>>      remote_env = api.Command['env'](server=True)['result']
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435,
>> in __call__
>>      ret = self.run(*args, **options)
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line
>> 1073, in run
>>      return self.forward(*args, **options)
>>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769,
>> in forward
>>      return self.Backend.xmlclient.forward(self.name <http://self.name>,
>> *args, **kw)
>>    File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 736, in
>> forward
>>      raise error(message=e.faultString)
>> ipalib.errors.CCacheError: did not receive Kerberos credentials
>>
>> In /var/log/ipaclient-install.log:
>>
>> 2014-02-06T18:19:53Z DEBUG approved_usage = SSLServer intended_usage =
>> SSLServer
>> 2014-02-06T18:19:53Z DEBUG cert valid True for 
>> "CN=<server-name>,O=<domain>"
>> 2014-02-06T18:19:53Z DEBUG handshake complete, peer = 10.1.1.111:443
>> <http://10.1.1.111:443>
>> 2014-02-06T18:19:53Z DEBUG Caught fault 1101 from server
>> https://<server-name>/ipa/xml: did not receive Kerberos credentials
>
> We need to see more context from the client install log, preferably 
> the whole thing.
>
> IPA v2 doesn't support session cookies but the 3.x client should have 
> support for falling back to using TGT delegation.
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Any chance to upgrade the server to something more modern?


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list