[Freeipa-users] Very slow enrolment process
William Muriithi
william.muriithi at gmail.com
Mon Aug 22 01:42:22 UTC 2016
Hello,
I have systems that were previously using openLDAP and plan to migrate
them to freeIPA. I have a problem I have been struggling with since
Thursday. The client take 10 to 15 minutes to finish the enrolment
process.
I can't find anything in the logs, have disabled nscd, the DNS and
hostname is set up write and nothing on the message logs point me to
the problem. Have put se-linux to permissive and done all the basic
checks I can think of.
Its always stalling at this point. What usually happen after the end
of the log below?
---
2016-08-22T01:12:07Z INFO Synchronizing time with KDC...
2016-08-22T01:12:07Z DEBUG Search DNS for SRV record of
_ntp._udp.eng.example.com.
2016-08-22T01:12:07Z DEBUG DNS record found:
DNSResult::name:_ntp._udp.eng.example.com.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:hydrogen.eng.example.com.}
2016-08-22T01:12:08Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
hydrogen.eng.example.com
2016-08-22T01:12:08Z DEBUG stdout=
2016-08-22T01:12:08Z DEBUG stderr=
2016-08-22T01:12:08Z DEBUG Writing Kerberos configuration to /tmp/tmpYLpzuV:
2016-08-22T01:12:08Z DEBUG #File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = ENG.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
[realms]
ENG.EXAMPLE.COM = {
kdc = hydrogen.eng.example.com:88
master_kdc = hydrogen.eng.example.com:88
admin_server = hydrogen.eng.example.com:749
default_domain = eng.example.com
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.eng.example.com = ENG.EXAMPLE.COM
eng.example.com = ENG.EXAMPLE.COM
Regards,
William
More information about the Freeipa-users
mailing list