[Freeipa-users] Ubuntu Client HELL
Rob Crittenden
rcritten at redhat.com
Fri Feb 21 23:29:51 UTC 2014
Todd Maugh wrote:
> thanks Rob! the main issue I am having is that the install is not completing and setting this ubuntu host up as a client.
>
> I cleared out the old cert as you suggested, the ssh keys were copied over from a previous attempt. IM not using IPA as DNS and I understand the ntp part.
>
>
> so now my install finishes up like this:
>
> Forwarding 'host_mod' to server u'https://se-idm-01.boingo.com/ipa/xml'
> NSSConnection init se-idm-01.boingo.com
> Connecting: 66.103.90.130:0
> handshake complete, peer = 66.103.90.130:443
> received Set-Cookie 'ipa_session=8df7bbb20b25f2d7ede3c6df88f4832b; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 20:25:02 GMT; Secure; HttpOnly'
> storing cookie 'ipa_session=8df7bbb20b25f2d7ede3c6df88f4832b; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 20:25:02 GMT; Secure; HttpOnly' for principal host/se-idm-ubuntu-client-01.boingo.com at BOINGO.COM
> Starting external process
> args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com at BOINGO.COM
> Process finished, return code=1
> stdout=
> stderr=keyctl_search: Required key not available
>
> Starting external process
> args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com at BOINGO.COM
> Process finished, return code=1
> stdout=
> stderr=keyctl_search: Required key not available
>
> Starting external process
> args=keyctl padd user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com at BOINGO.COM @s
> Process finished, return code=0
> stdout=700576616
>
> stderr=
> Caught fault 4202 from server https://se-idm-01.boingo.com/ipa/xml: no modifications to be performed
> Writing nsupdate commands to /etc/ipa/.dns_update.txt:
> zone boingo.com.
> update delete se-idm-ubuntu-client-01.boingo.com. IN SSHFP
> send
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 1 1 AD5C9E4F7AEA55418455D54D84862A2B6EC16AB4
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 1 2 B1BE4E3E3B4A79CFFCE5B3BBCC31DFB9979F6A1D97EF4E3EF8F8295C2595033A
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 2 1 D456E5C237736406CB5F4B4C24C836217B6D977E
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 2 2 8125272934E18BFDDA77D5B03BBBF600A0833C37669C568A3476D623A191C457
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 3 1 270551D349212B7112D4A9079FF490C8D6733041
> update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 3 2 0BC5F5FA7155A03BD9B05DDD5882FD907A0FC8C6D6F6F3341521D4F7B57D3662
> send
>
> Starting external process
> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
> Process finished, return code=1
> stdout=
> stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/ns-1454.awsdns-53.org at BOINGO.COM not found in Kerberos database.
>
> nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1
> Could not update DNS SSHFP records.
> Starting external process
> args=/usr/sbin/service nscd status
> Process finished, return code=1
> stdout=
> stderr=nscd: unrecognized service
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
It's hard to say based on this. The next thing it would do in Fedora is
run authconfig. I'm unfamiliar with the Ubuntu port, particularly the
upstream version it is based on.
It isn't possible to know why it is failing without more information.
There is no clear indication in the log of why it died. strace might be
handy here.
rob
More information about the Freeipa-users
mailing list