[Freeipa-users] Joining realm failed: SASL Bind failed Local error (-2)
Rashard.Kelly at sita.aero
Rashard.Kelly at sita.aero
Sat Mar 8 06:39:49 UTC 2014
Hello all!!
I cannot get a RHEL5.10 client to install!
[root at hostname ~]# ipa-client-install --hostname=hostname.domain.com
--no-ntp --ca-cert-file=/etc/ipa/ca.crt
DNS domain 'doman.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Discovery was successful!
Hostname:hostname.com
Realm:DOMAIN.COM
DNS Domain: domain.com
IPA Server: ipaserver.com
BaseDN: dc=ipa,dc=dc,dc=sita,dc=com
Joining realm failed: SASL Bind failed Local error (-2) !
child exited with 9
Installation failed. Rolling back changes.
This is what the krb log had to say
Mar 08 06:24:00 ipaserver at domain.com krb5kdc[29358](info): TGS_REQ (1
etypes {18}) 10.226.124.10: ISSUE: authtime 1394259840, etypes {rep=18
tkt=18 ses=18}, rkelly at DOMAIN.COM for krbtgt/DOMAIN.COM at DOMAIN.COM
Mar 08 06:24:00 ipaserver at domain.com krb5kdc[29357](info): TGS_REQ (4
etypes {18 17 16 23}) 10.226.20.31: ISSUE: authtime 1394259840, etypes
{rep=18 tkt=18 ses=18}, rkelly at DOMAIN.COM for
ldap/ipaserver.domain.com at DOMAIN.COM
krb5kdc: Cannot determine realm for numeric host address - unable to find
realm of host
Mar 08 06:24:00 ipaserver at domain.como krb5kdc[29358](info): TGS_REQ (7
etypes {18 17 16 23 1 3 2}) 10.22.22.10: UNKNOWN_SERVER: authtime 0,
rkelly at IPA2.DC.SITA.AERO for ldap/10.226.20.31 at DOMAIN.COM, Server not
found in Kerberos database
Mar 08 06:24:00 ipaserver at domain.com krb5kdc[29357](info): TGS_REQ (7
etypes {18 17 16 23 1 3 2}) 10.22.22.10: UNKNOWN_SERVER: authtime 0,
rkelly at IPA2.DC.SITA.AERO for ldap/10.226.20.31 at DOMAIN.COM, Server not
found in Kerberos database
After reviewing the https://access.redhat.com/site/solutions/231543 post
IPA: Joining realm failed: SASL Bind failed Local error (-2) ! child
exited with 9. I checked all my DNS info via dig and took a working DNS
config from another server. Everything appears to be setup right.
What could I be overlooking?
Thank You,
Rashard Kelly
SITA Senior Linux Specialist
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140308/83ddf298/attachment.htm>
More information about the Freeipa-users
mailing list