[Freeipa-users] ipa-client-install errors

Gady Notrica gnotrica at candeal.com
Wed Apr 20 17:13:27 UTC 2016 

Thank you Martin, I have tried many different ways. I can't seem to be able to remove anything in the file.

Gady

From: Martin Basti [mailto:mbasti at redhat.com]
Sent: April 20, 2016 12:50 PM
To: Gady Notrica; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-client-install errors


On 20.04.2016 18:00, Gady Notrica wrote:
Hello World,

I am having these errors trying to install ipa-client-install. Every other machine is fine and they IPA servers are functioning perfectly

Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Kerberos authentication failed: kinit: Improper format of Kerberos configuration file while initializing Kerberos 5 library

Then I have "Installation failed. Rolling back changes."

I have tried everything I know with no luck. Any idea on how to FIX this? Below is the full log.
-----------------------------------------------------------
Continue to configure the system with these values? [no]: yes
Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Skipping synchronizing time with NTP server.
User authorized to enroll computers: admin
Password for admin at IPA.DOMAIN.COM<mailto:admin at IPA.DOMAIN.COM>:
Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Kerberos authentication failed: kinit: Improper format of Kerberos configuration file while initializing Kerberos 5 library

Installation failed. Rolling back changes.
Failed to list certificates in /etc/ipa/nssdb: Command ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit status 255
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
---------------------------------------------------------------
Gady


Hello,

IMO you have an old invalid keytab on that machine. Can you manually remove it and try to reinstall client? (Of course only if you are sure that keytab there is not needed)

The keytab should be located here /etc/krb5.keytab

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160420/098c1c0c/attachment.htm>

More information about the Freeipa-users mailing list