[Freeipa-users] ipa-client-install errors

Martin Babinsky mbabinsk at redhat.com
Wed Apr 20 17:03:34 UTC 2016 

On 04/20/2016 06:00 PM, Gady Notrica wrote:
> Hello World,
>
> I am having these errors trying to install ipa-client-install. Every
> other machine is fine and they IPA servers are functioning perfectly
>
> Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
>
> Kerberos authentication failed: kinit: Improper format of Kerberos
> configuration file while initializing Kerberos 5 library
>
> Then I have “/Installation failed. Rolling back changes.”/
>
> I have tried everything I know with no luck. Any idea on how to FIX
> this? Below is the full log.
>
> -----------------------------------------------------------
>
> /Continue to configure the system with these values? [no]: yes/
>
> /Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1/
>
> /Skipping synchronizing time with NTP server./
>
> /User authorized to enroll computers: admin/
>
> /Password for admin at IPA.DOMAIN.COM:/
>
> /Please make sure the following ports are opened in the firewall settings:/
>
> /     TCP: 80, 88, 389/
>
> /     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)/
>
> /Also note that following ports are necessary for ipa-client working
> properly after enrollment:/
>
> /     TCP: 464/
>
> /     UDP: 464, 123 (if NTP enabled)/
>
> /Kerberos authentication failed: kinit: Improper format of Kerberos
> configuration file while initializing Kerberos 5 library/
>
> //
>
> /Installation failed. Rolling back changes./
>
> /Failed to list certificates in /etc/ipa/nssdb: Command
> ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit
> status 255/
>
> /Disabling client Kerberos and LDAP configurations/
>
> /Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted/
>
> /Restoring client configuration files/
>
> /nscd daemon is not installed, skip configuration/
>
> /nslcd daemon is not installed, skip configuration/
>
> /Client uninstall complete./
>
> /---------------------------------------------------------------/
>
> Gady
>
>
>
We would need to see the whole log, it should be located in 
'/var/log/ipaclient-install.log'

-- 
Martin^3 Babinsky

More information about the Freeipa-users mailing list