[Freeipa-users] Error while Enrolling Client

Jakub Hrozek jhrozek at redhat.com
Tue Aug 11 15:51:22 UTC 2015 

On Tue, Aug 11, 2015 at 08:43:49PM +0530, Yogesh Sharma wrote:
> Hi Team,
> 
> While registering to IPA Server we are getting below error. Any suggestion
> Please.
> 
> [root at client ~]# ipa-client-install --mkhomedir --no-ntp
> Discovery was successful!
> Hostname: client.domain.int
> Realm: domain.INT
> DNS Domain: domain.int
> IPA Server: ldap.domain.int
> BaseDN: dc=domain,dc=int
> 
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admin
> Synchronizing time with KDC...
> Unable to sync time with IPA NTP server, assuming the time is in sync.
> Please check that 123 UDP port is opened.
> Password for admin at domain.INT:
> Enrolled in IPA realm domain.INT
> Attempting to get host TGT...
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm domain.INT
> trying https://ldap.domain.int/ipa/xml
> Forwarding 'env' to server u'https://ldap.domain.int/ipa/xml'
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 2567, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 2553, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 2346, in install
>     remote_env = api.Command['env'](server=True)['result']
>   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in
> __call__
>     ret = self.run(*args, **options)
>   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1076, in
> run
>     return self.forward(*args, **options)
>   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 772, in
> forward
>     return self.Backend.xmlclient.forward(self.name, *args, **kw)
>   File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 731, in
> forward
>     raise error(message=e.faultString)
> ipalib.errors.ACIError: Insufficient access: SASL(-1): generic failure:
> GSSAPI Error: Unspecified GSS failure.  Minor code may provide more
> information (Ticket not yet valid)
               ~~~~~~~~~~~~~~~~~~~~
                Check the time on your machines..

More information about the Freeipa-users mailing list