[Freeipa-users] ipa-client-install errors

Martin Basti mbasti at redhat.com
Wed Apr 20 16:49:41 UTC 2016 


On 20.04.2016 18:00, Gady Notrica wrote:
>
> Hello World,
>
> I am having these errors trying to install ipa-client-install. Every 
> other machine is fine and they IPA servers are functioning perfectly
>
> Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
>
> Kerberos authentication failed: kinit: Improper format of Kerberos 
> configuration file while initializing Kerberos 5 library
>
> Then I have “/Installation failed. Rolling back changes.”/
>
> I have tried everything I know with no luck. Any idea on how to FIX 
> this? Below is the full log.
>
> -----------------------------------------------------------
>
> /Continue to configure the system with these values? [no]: yes/
>
> /Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1/
>
> /Skipping synchronizing time with NTP server./
>
> /User authorized to enroll computers: admin/
>
> /Password for admin at IPA.DOMAIN.COM:/
>
> /Please make sure the following ports are opened in the firewall 
> settings:/
>
> /TCP: 80, 88, 389/
>
> /UDP: 88 (at least one of TCP/UDP ports 88 has to be open)/
>
> /Also note that following ports are necessary for ipa-client working 
> properly after enrollment:/
>
> /TCP: 464/
>
> /UDP: 464, 123 (if NTP enabled)/
>
> /Kerberos authentication failed: kinit: Improper format of Kerberos 
> configuration file while initializing Kerberos 5 library/
>
> //
>
> /Installation failed. Rolling back changes./
>
> /Failed to list certificates in /etc/ipa/nssdb: Command 
> ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero 
> exit status 255/
>
> /Disabling client Kerberos and LDAP configurations/
>
> /Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to 
> /etc/sssd/sssd.conf.deleted/
>
> /Restoring client configuration files/
>
> /nscd daemon is not installed, skip configuration/
>
> /nslcd daemon is not installed, skip configuration/
>
> /Client uninstall complete./
>
> /---------------------------------------------------------------/
>
> Gady
>
>
>
Hello,

IMO you have an old invalid keytab on that machine. Can you manually 
remove it and try to reinstall client? (Of course only if you are sure 
that keytab there is not needed)

The keytab should be located here /etc/krb5.keytab

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160420/43a88cd9/attachment.htm>

More information about the Freeipa-users mailing list