[Freeipa-users] Problem with Free IPA Client Ubuntu Precise (12.04) authenticating with AD account

James Harrison jamesaharrisonuk at yahoo.co.uk
Thu Dec 8 15:02:08 UTC 2016 

Hi,I would prefer not to compile anything. It means we have to maintain the package, rather than the distro maintainers.

Trusty has a completely different set of errors to Precise.  

Xenial works with no problems.

I run a script that allows the system to join the IPA domain (the same script regardless of Ubuntu distro):
( $P_W is read in from stdin)

ipa-client-install \
     --server="$IPA_SERVER" \
     --domain=dns.domain.com \
     --principal=admin \
     --password="$P_W" \
     --preserve-sssd \
     --mkhomedir \
     --no-ntp \
     -U


Enter (Admins) Password:   
Confirm Password: 
Hostname: jamestrusty.dns.domain.com
Realm: IPA.REALM.COM
DNS Domain: dns.domain.com
IPA Server: pul-lv-ipa-01.dns.domain.com
BaseDN: dc=int,dc=worldfirst,dc=com

Synchronizing time with KDC...
Dec  8 14:50:58 jamestrusty ntpdate[2448]: ntpdate 4.2.6p5 at 1.2349-o Wed Oct  5 12:35:26 UTC 2016 (1)
Dec  8 14:50:58 jamestrusty ntpdate[2448]: the NTP socket is in use, exiting
...
...
...
...
...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Successfully retrieved CA cert
    Subject:     CN=SOMECERT
    Issuer:      CN=SOMECERT
    Valid From:  Wed Mar 12 00:00:00 2014 UTC
    Valid Until: Sun Mar 11 23:59:59 3029 UTC

Enrolled in IPA realm IPA.REALM.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Failed to add CA to the default NSS database.
Installation failed. Rolling back changes.
Unenrolling client from IPA server
Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm.

Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
SSSD service could not be stopped
Client uninstall complete.


      From: Lukas Slebodnik <lslebodn at redhat.com>
 To: James Harrison <jamesaharrisonuk at yahoo.co.uk> 
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
 Sent: Thursday, 8 December 2016, 11:22
 Subject: Re: [Freeipa-users] Problem with Free IPA Client Ubuntu Precise (12.04) authenticating with AD account
   
On (07/12/16 18:19), James Harrison wrote:
>Hi all,
>
>I am trying to authenticate an ubuntu Precise (12.06) fully patched system. Its enrolled into a FreeIPA server. The following trace is the output of syslog auth sssd/*.log and full debug (-ddd) from the sshd service.
>
Are you able to reproduce with ubuntu 14.04
and sssd from trusty-updates(1.11.8-0ubuntu0.3)
You might also consig=der to test sssd-1.13.4 (in ubuntu 16.04)
or at least 1.12.5-1~trusty1 from ppa
https://launchpad.net/~sssd

LS


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161208/eff3a937/attachment.htm>

More information about the Freeipa-users mailing list