[Freeipa-users] HTTP response code is 401, not 200
Rob Crittenden
rcritten at redhat.com
Mon May 2 19:14:31 UTC 2016
Jose Alvarez R. wrote:
> *Hi, Rob*
>
> **
>
> *I did what you indicated to me, but still gives the same problem.*
>
> **
>
> *Can you help me ?*
The problem is client side, not server side, so you need to install the
updated bits on the client. I don't know what the reference to PPA is.
If that doesn't fix things then it's hard to say. There are only a
couple of moving parts and you just ruled out the server since another
client can enroll ok.
The non-working log shows the server sending WWW-Authenticate: Negotiate
and the client just gives up. In the working version the client
correctly responds with an Authorization header and things proceed so I
think the problem is in either libcurl or xmlrpc-c.
rob
>
> **
>
> *Thanks, Regards*
>
> **
>
> *Jose Alvarez*
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jose Alvarez R.
> Sent: viernes 29 de abril de 2016 02:53 p.m.
> To: 'Rob Crittenden' <rcritten at redhat.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] HTTP response code is 401, not 200
>
> Hi, Rob
>
> Thanks for your response
>
> The link https://bugzilla.redhat.com/show_bug.cgi?id=719945I not have
>
> access..
>
> I tried to install xmlrpc-c-1.16.24-1210.1840.el6.src.rpm in the server
>
> PPA(Client IPA), but still shows the same error.
>
> A moment ago I added another client server with same version xmlrpc and
>
> installed correctly.
>
> Thanks Regards.
>
> [root at bk1 ~]# ipa-client-install --debug
>
> /usr/sbin/ipa-client-install was invoked with options: {'domain': None,
>
> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True,
>
> 'primary': False, 'mkhomedir'on_master': False, 'ntp_server': None,
>
> 'nisdomain': None, 'no_nisdomain': False, 'principal': None, 'hostname':
>
> None, 'no_ac': False, 'unattended': None, 'sssd': True,nf_sudo': True,
>
> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'server': None,
>
> 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd':
>
> missing options might be asked for interactively later
>
> Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> [IPA Discovery]
>
> Starting IPA discovery with domain=None, servers=None,
>
> hostname=bk1.cyberfuel.com
>
> Start searching for LDAP SRV record in "cyberfuel.com" (domain of the
>
> hostname) and its sub-domains
>
> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> DNS record found:
>
> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0,
>
> port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> [Kerberos realm search]
>
> Search DNS for TXT record of _kerberos.cyberfuel.com.
>
> DNS record found:
>
> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data:CYBERFU
>
> EL.COM}
>
> Search DNS for SRV record of _kerberos._udp.cyberfuel.com.
>
> DNS record found:
>
> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={priorit
>
> y:0,port:88,weight:50,server:freeipa.cyberfuel.com.}
>
> [LDAP server check]
>
> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA server
>
> Init LDAP connection with: ldap://freeipa.cyberfuel.com:389
>
> Search LDAP server for IPA base DN
>
> Check if naming context 'dc=cyberfuel,dc=com' is for IPA
>
> Naming context 'dc=cyberfuel,dc=com' is a valid IPA context
>
> Search for (objectClass=krbRealmContainer) in dc=cyberfuel,dc=com (sub)
>
> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com
>
> Discovery result: Success; server=freeipa.cyberfuel.com,
>
> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, basedn=dc=cyberfuel,dc=com
>
> Validated servers: freeipa.cyberfuel.com
>
> will use discovered domain: cyberfuel.com
>
> Start searching for LDAP SRV record in "cyberfuel.com" (Validating DNS
>
> Discovery) and its sub-domains
>
> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> DNS record found:
>
> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0,
>
> port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> DNS validated, enabling discovery
>
> will use discovered server: freeipa.cyberfuel.com
>
> Discovery was successful!
>
> will use discovered realm: CYBERFUEL.COM
>
> will use discovered basedn: dc=cyberfuel,dc=com
>
> Hostname: bk1.cyberfuel.com
>
> Hostname source: Machine's FQDN
>
> Realm: CYBERFUEL.COM
>
> Realm source: Discovered from LDAP DNS records in freeipa.cyberfuel.com
>
> DNS Domain: cyberfuel.com
>
> DNS Domain source: Discovered LDAP SRV records from cyberfuel.com (domain of
>
> the hostname)
>
> IPA Server: freeipa.cyberfuel.com
>
> IPA Server source: Discovered from LDAP DNS records in freeipa.cyberfuel.com
>
> BaseDN: dc=cyberfuel,dc=com
>
> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389
>
> Continue to configure the system with these values? [no]: yes
>
> args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM
>
> stdout=
>
> stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory
>
> User authorized to enroll computers: admin
>
> will use principal provided as option: admin
>
> Synchronizing time with KDC...
>
> Search DNS for SRV record of _ntp._udp.cyberfuel.com.
>
> No DNS record found
>
> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com
>
> stdout=
>
> stderr=
>
> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com
>
> stdout=
>
> stderr=
>
> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com
>
> stdout=
>
> stderr=
>
> Unable to sync time with IPA NTP server, assuming the time is in sync.
>
> Please check that 123 UDP port is opened.
>
> Writing Kerberos configuration to /tmp/tmp5msIum:
>
> #File modified by ipa-client-install
>
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [libdefaults]
>
> default_realm = CYBERFUEL.COM
>
> dns_lookup_realm = false
>
> dns_lookup_kdc = false
>
> rdns = false
>
> ticket_lifetime = 24h
>
> forwardable = yes
>
> udp_preference_limit = 0
>
> [realms]
>
> CYBERFUEL.COM = {
>
> kdc = freeipa.cyberfuel.com:88
>
> master_kdc = freeipa.cyberfuel.com:88
>
> admin_server = freeipa.cyberfuel.com:749
>
> default_domain = cyberfuel.com
>
> pkinit_anchors = FILE:/etc/ipa/ca.crt
>
> }
>
> [domain_realm]
>
> .cyberfuel.com = CYBERFUEL.COM
>
> cyberfuel.com = CYBERFUEL.COM
>
> Password for admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>:
>
> args=kinit admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>
>
> stdout=Password for admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>:
>
> stderr=
>
> trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com
>
> Successfully retrieved CA cert
>
> Subject: CN=Certificate Authority,O=CYBERFUEL.COM
>
> Issuer: CN=Certificate Authority,O=CYBERFUEL.COM
>
> Valid From: Wed Sep 30 17:46:50 2015 UTC
>
> Valid Until: Sun Sep 30 17:46:50 2035 UTC
>
> args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b dc=cyberfuel,dc=com -d
>
> stdout=
>
> stderr=XML-RPC CALL:
>
> <?xml version="1.0" encoding="UTF-8"?>\r\n
>
> <methodCall>\r\n
>
> <methodName>join</methodName>\r\n
>
> <params>\r\n
>
> <param><value><array><data>\r\n
>
> <value><string>bk1.cyberfuel.com</string></value>\r\n
>
> </data></array></value></param>\r\n
>
> <param><value><struct>\r\n
>
> <member><name>nsosversion</name>\r\n
>
> <value><string>2.6.32-573.12.1.el6.x86_64</string></value></member>\r\n
>
> <member><name>nshardwareplatform</name>\r\n
>
> <value><string>x86_64</string></value></member>\r\n
>
> </struct></value></param>\r\n
>
> </params>\r\n
>
> </methodCall>\r\n
>
> * About to connect() to freeipa.cyberfuel.com port 443 (#0)
>
> * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com
>
> (192.168.20.90) port 443 (#0)
>
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
>
> * CAfile: /etc/ipa/ca.crt
>
> CApath: none
>
> * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
>
> * Server certificate:
>
> * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM
>
> * start date: Sep 30 17:52:11 2015 GMT
>
> * expire date: Sep 30 17:52:11 2017 GMT
>
> * common name: freeipa.cyberfuel.com
>
> * issuer: CN=Certificate Authority,O=CYBERFUEL.COM
>
> > POST /ipa/xml HTTP/1.1
>
> Host: freeipa.cyberfuel.com
>
> Accept: */*
>
> Content-Type: text/xml
>
> User-Agent: ipa-join/3.0.0
>
> Referer: https://freeipa.cyberfuel.com/ipa/xml
>
> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
>
> Content-Length: 478
>
> < HTTP/1.1 401 Authorization Required
>
> < Date: Fri, 29 Apr 2016 20:42:25 GMT
>
> < Server: Apache/2.2.15 (CentOS)
>
> < WWW-Authenticate: Negotiate
>
> < Last-Modified: Tue, 12 Apr 2016 23:07:44 GMT
>
> < ETag: "a0528-55a-53051ba8f7000"
>
> < Accept-Ranges: bytes
>
> < Content-Length: 1370
>
> < Connection: close
>
> < Content-Type: text/html; charset=UTF-8
>
> <
>
> * Closing connection #0
>
> * Issue another request to this URL:
>
> 'https://freeipa.cyberfuel.com:443/ipa/xml'
>
> * About to connect() to freeipa.cyberfuel.com port 443 (#0)
>
> * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com
>
> (192.168.20.90) port 443 (#0)
>
> * CAfile: /etc/ipa/ca.crt
>
> CApath: none
>
> * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
>
> * Server certificate:
>
> * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM
>
> * start date: Sep 30 17:52:11 2015 GMT
>
> * expire date: Sep 30 17:52:11 2017 GMT
>
> * common name: freeipa.cyberfuel.com
>
> * issuer: CN=Certificate Authority,O=CYBERFUEL.COM
>
> * Server auth using GSS-Negotiate with user ''
>
> > POST /ipa/xml HTTP/1.1
>
> Authorization: Negotiate
>
> YIIFFAYJKoZIhvcSAQICAQBuggUDMIIE/6ADAgEFoQMCAQ6iBwMFAAAAAACjggFiYYIBXjCCAVqg
>
> AwIBBaEPGw1DWUJFUkZVRUwuQ09NoigwJqADAgEDoR8wHRsESFRUUBsVZnJlZWlwYS5MIZbbMHqa
>
> QcuYz6zysTVwY+I/uvLznfkDrkClgtyvEIsnBopXcWBenFEbqcmRIBa7bkXiIxc1tYEzNh1rME/4
>
> ZUh0PjUjX+QQO9NDpYrAIxFLoP6b6J87wFt2Wi+Rx2LPGlcPrIwKPNwyaOqw/QQ8r11FLI5RVzpH
>
> eUL3uokQgZF6+GBoFo61lHY/W36Cb3JgxdG8Ge3TWWYgjEQKWlY48N6YNSPF2a2iKpgSuy/1Qe5E
>
> HTfpyiJWnZJnlEIHllpIIDgjCCA36gAwIBEqKCA3UEggNx1WXEz0IRl4aJlkL5Eq0bxky36jm7zI
>
> q3oiCcgWzqH9ma866TuD4ew++XcXmKZxszk6zf+c8tYhdRezxK74jF9XkpnRxTiBxOao7oPabJau
>
> yM0k637IWWzTb1m+cC46PRaysFc7x3z5CGBWNyu0DpGyw240za4cepY1J+Q+mm7bq51zCDyMU1CY
>
> 7+of3Z4Z7s6P5/x/pn8DJBegXVIYq2Wb3sQbMUJCSbCG37Xb8j2nzhAaup1l4xTINQxSSLZRIS7M
>
> H2YCE+z66P0607z7xBh7bwed97hHC2o3T0hDNnJOP7SRBUXquXCW9RbLUdOmYfcLcH8ygUWemm3A
>
> MqL+mDYN3jpe25O/7Z/wFxYiUIw/6CtHGjJ1nrDy47Y1sbsjU1XT/sJ8JqxRFwCm9ALpQP+rYZ0k
>
> v8/9OAaclw4vobu4Zmb3rVFBOzKpgRaUSvg4vSuRi/SPCzcH2PwBBSHpZuXWazWvZpnpTXYBl3nw
>
> lelW8gE1PWWeAhxbCDP/u5D6vAJ7q1287bL+UdpnCki0Ye0c1+LCsqzhscPDtWOMHAqzs5pwyyfC
>
> Qpg13GX93fHWJPRkrJbGTkGAknZkQFPtjks1C3JCRqhiz62KVLo6g5uRljHr8NNzvTBr2iRl9aK6
>
> cDAEMaW5X26ko0XtO7urcbw/w6smuJLyYjroJH5Pe41bPMaUCls3RTvhxrlMzXSXgywPr3zDFpIg
>
> CirdIfqowkF5Utq6Uub2d9wdhXXYuH3PCj3KBzsAAHFv2iI+Xg3a7+7LlWUFnTLVEzEhsKVO3lO7
>
> jFb8kKwop5o7yTyXsQmW4g0rdCam07GuRObob6yQ=
>
> Host: freeipa.cyberfuel.com
>
> Accept: */*
>
> Content-Type: text/xml
>
> User-Agent: ipa-join/3.0.0
>
> Referer: https://freeipa.cyberfuel.com/ipa/xml
>
> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
>
> Content-Length: 478
>
> < HTTP/1.1 200 Success
>
> < Date: Fri, 29 Apr 2016 20:42:25 GMT
>
> < Server: Apache/2.2.15 (CentOS)
>
> * Added cookie ipa_session="4aeb2b4e2cfacb0691a94b71e2d0a0c9" for domain
>
> freeipa.cyberfuel.com, path /ipa, expire 1461963745
>
> < Set-Cookie: ipa_session=4aeb2b4e2cfacb0691a94b71e2d0a0c9;
>
> Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:25
>
> GMT; Secure; HttpOnly
>
> < Connection: close
>
> < Transfer-Encoding: chunked
>
> < Content-Type: text/xml; charset=utf-8
>
> <
>
> * Expire cleared
>
> * Closing connection #0
>
> XML-RPC RESPONSE:
>
> <?xml version='1.0' encoding='UTF-8'?>\n
>
> <methodResponse>\n
>
> <params>\n
>
> <param>\n
>
> <value><array><data>\n
>
> <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel,
>
> dc=com</string></value>\n
>
> <value><struct>\n
>
> <member>\n
>
> <name>dn</name>\n
>
> <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel,
>
> dc=com</string></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>ipacertificatesubjectbase</name>\n
>
> <value><array><data>\n
>
> <value><string>O=CYBERFUEL.COM</string></value>\n
>
> </data></array></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>has_keytab</name>\n
>
> <value><boolean>0</boolean></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>objectclass</name>\n
>
> <value><array><data>\n
>
> <value><string>ipaobject</string></value>\n
>
> <value><string>nshost</string></value>\n
>
> <value><string>ipahost</string></value>\n
>
> <value><string>pkiuser</string></value>\n
>
> <value><string>ipaservice</string></value>\n
>
> <value><string>krbprincipalaux</string></value>\n
>
> <value><string>krbprincipal</string></value>\n
>
> <value><string>ieee802device</string></value>\n
>
> <value><string>ipasshhost</string></value>\n
>
> <value><string>top</string></value>\n
>
> <value><string>ipaSshGroupOfPubKeys</string></value>\n
>
> </data></array></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>fqdn</name>\n
>
> <value><array><data>\n
>
> <value><string>bk1.cyberfuel.com</string></value>\n
>
> </data></array></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>has_password</name>\n
>
> <value><boolean>0</boolean></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>ipauniqueid</name>\n
>
> <value><array><data>\n
>
> <value><string>e1a08eb8-0e4a-11e6-8c5b-005056b027f1</string></value>\n
>
> </data></array></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>krbprincipalname</name>\n
>
> <value><array><data>\n
>
> <value><string>host/bk1.cyberfuel.com at CYBERFUEL.COM</string></value>\n
> <mailto:host/bk1.cyberfuel.com at CYBERFUEL.COM%3c/string%3e%3c/value%3e\n>
>
> </data></array></value>\n
>
> </member>\n
>
> <member>\n
>
> <name>managedby_host</name>\n
>
> <value><array><data>\n
>
> <value><string>bk1.cyberfuel.com</string></value>\n
>
> </data></array></value>\n
>
> </member>\n
>
> </struct></value>\n
>
> </data></array></value>\n
>
> </param>\n
>
> </params>\n
>
> </methodResponse>\n
>
> Keytab successfully retrieved and stored in: /etc/krb5.keytab
>
> Certificate subject base is: O=CYBERFUEL.COM
>
> Enrolled in IPA realm CYBERFUEL.COM
>
> args=kdestroy
>
> stdout=
>
> stderr=
>
> Attempting to get host TGT...
>
> args=/usr/bin/kinit -k -t /etc/krb5.keytab
>
> host/bk1.cyberfuel.com at CYBERFUEL.COM
> <mailto:host/bk1.cyberfuel.com at CYBERFUEL.COM>
>
> stdout=
>
> stderr=
>
> Attempt 1/5 succeeded.
>
> Backing up system configuration file '/etc/ipa/default.conf'
>
> -> Not backing up - '/etc/ipa/default.conf' doesn't exist
>
> Created /etc/ipa/default.conf
>
> importing all plugin modules in
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins'...
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
>
> args=klist -V
>
> stdout=Kerberos 5 version 1.10.3
>
> stderr=
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
>
> importing plugin module
>
> '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
>
> Backing up system configuration file '/etc/sssd/sssd.conf'
>
> -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist
>
> New SSSD config will be created
>
> Backing up system configuration file '/etc/nsswitch.conf'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> Configured sudoers in /etc/nsswitch.conf
>
> Configured /etc/sssd/sssd.conf
>
> args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
>
> /etc/ipa/ca.crt
>
> stdout=
>
> stderr=
>
> Backing up system configuration file '/etc/krb5.conf'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> Writing Kerberos configuration to /etc/krb5.conf:
>
> #File modified by ipa-client-install
>
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [libdefaults]
>
> default_realm = CYBERFUEL.COM
>
> dns_lookup_realm = true
>
> dns_lookup_kdc = true
>
> rdns = false
>
> ticket_lifetime = 24h
>
> forwardable = yes
>
> udp_preference_limit = 0
>
> [realms]
>
> CYBERFUEL.COM = {
>
> pkinit_anchors = FILE:/etc/ipa/ca.crt
>
> }
>
> [domain_realm]
>
> .cyberfuel.com = CYBERFUEL.COM
>
> cyberfuel.com = CYBERFUEL.COM
>
> Configured /etc/krb5.conf for IPA realm CYBERFUEL.COM
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=
>
> stderr=keyctl_search: Required key not available
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=
>
> stderr=keyctl_search: Required key not available
>
> failed to find session_cookie in persistent storage for principal
>
> 'host/bk1.cyberfuel.com at CYBERFUEL.COM'
>
> trying https://freeipa.cyberfuel.com/ipa/xml
>
> Created connection context.xmlclient
>
> raw: env(None, server=True)
>
> env(None, server=True, all=True)
>
> Forwarding 'env' to server u'https://freeipa.cyberfuel.com/ipa/xml'
>
> NSSConnection init freeipa.cyberfuel.com
>
> Connecting: 192.168.20.90:0
>
> auth_certificate_callback: check_sig=True is_server=False
>
> Data:
>
> Version: 3 (0x2)
>
> Serial Number: 10 (0xa)
>
> Signature Algorithm:
>
> Algorithm: PKCS #1 SHA-256 With RSA Encryption
>
> Issuer: CN=Certificate Authority,O=CYBERFUEL.COM
>
> Validity:
>
> Not Before: Wed Sep 30 17:52:11 2015 UTC
>
> Not After: Sat Sep 30 17:52:11 2017 UTC
>
> Subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM
>
> Subject Public Key Info:
>
> Public Key Algorithm:
>
> Algorithm: PKCS #1 RSA Encryption
>
> RSA Public Key:
>
> Modulus:
>
> ad:e7:d2:7f:c3:e1:91:0a:03:6d:5c:ba:54:14:3e:00:
>
> 0e:f9:e7:61:85:3c:4f:1b:8f:a8:fb:e4:b4:92:a3:7c:
>
> 7d:bb:06:b4:b8:43:8a:20:86:17:71:a2:a3:6a:a1:51:
>
> e5:89:44:0f:a1:43:67:3b:46:76:b0:81:9e:10:43:56:
>
> 86:9f:27:46:e1:5e:b3:d6:8c:17:73:e3:17:7d:e7:eb:
>
> a4:78:9c:7a:e8:6f:00:f8:36:d9:71:88:e1:90:bf:98:
>
> fa:40:0f:88:f4:2e:d8:a2:b3:a5:0c:5a:81:8b:2e:cf:
>
> 22:f9:cb:6d:bf:85:7c:c9:7f:17:de:5d:d4:1a:2b:09:
>
> 5b:1b:99:11:22:3f:1e:49:5f:26:1a:25:2f:a4:50:2a:
>
> 8b:f2:3c:12:db:45:3f:f4:06:64:a2:30:5f:f4:a1:c9:
>
> 2c:8c:60:b5:c6:aa:25:2e:1e:31:c2:ad:2c:63:b0:a4:
>
> bb:2c:fc:f8:b6:f9:13:eb:09:bc:b0:c1:4c:06:06:09:
>
> 2f:f9:08:ba:7d:a4:0a:57:d1:8e:86:87:cb:f9:3a:58:
>
> 60:f9:34:e1:5b:34:d1:2f:8e:54:87:2a:74:9c:e2:d6:
>
> 83:4f:78:6b:59:1e:95:ec:67:6e:86:25:ad:f0:d3:6c:
>
> 96:9c:db:c3:e5:3f:e5:bc:f4:ff:55:55:18:a8:3e:5d
>
> Exponent:
>
> 65537 (0x10001)
>
> Signed Extensions: (5 total)
>
> Name: Certificate Authority Key Identifier
>
> Critical: False
>
> Key ID:
>
> 31:4f:83:e1:70:d7:ea:96:e5:1b:b1:c2:2c:d8:8a:a8:
>
> d1:87:fa:ff
>
> Serial Number: None
>
> General Names: [0 total]
>
> Name: Authority Information Access
>
> Critical: False
>
> Authority Information Access: [1 total]
>
> Info [1]:
>
> Method: PKIX Online Certificate Status Protocol
>
> Location: URI: http://freeipa.cyberfuel.com:80/ca/ocsp
>
> Name: Certificate Key Usage
>
> Critical: True
>
> Usages:
>
> Digital Signature
>
> Non-Repudiation
>
> Key Encipherment
>
> Data Encipherment
>
> Name: Extended Key Usage
>
> Critical: False
>
> Usages:
>
> TLS Web Server Authentication Certificate
>
> TLS Web Client Authentication Certificate
>
> Name: Certificate Subject Key ID
>
> Critical: False
>
> Data:
>
> 73:ed:ac:87:d3:0e:04:84:66:5c:1a:e1:10:8d:f8:e1:
>
> 89:b9:1e:70
>
> Signature:
>
> Signature Algorithm:
>
> Algorithm: PKCS #1 SHA-256 With RSA Encryption
>
> Signature:
>
> 40:da:c2:6b:20:08:7c:4a:05:1a:e2:cc:49:7f:25:6c:
>
> 48:3a:73:3c:b6:ab:35:6c:1a:d9:78:15:60:48:0b:0e:
>
> c1:3c:bf:76:90:35:bf:67:b5:9d:88:1c:98:ce:3b:8a:
>
> f6:86:c7:f9:1e:7b:3c:cd:98:00:99:23:a4:06:4f:ed:
>
> 0f:ee:44:65:9d:db:b6:9d:cc:cf:cb:83:f8:7c:23:93:
>
> 2a:0b:40:bb:5b:31:c5:9e:ed:74:eb:c0:c9:cc:30:1e:
>
> 78:19:69:64:60:24:58:f5:a7:6f:3b:bb:f6:7c:72:5c:
>
> 1c:50:33:0f:df:49:b7:0a:cb:ac:3f:7b:4f:e7:42:e9:
>
> 3b:19:e0:15:a3:fe:e3:43:aa:23:69:d0:28:7a:64:b7:
>
> 19:e3:8a:a9:bc:48:3a:de:f7:c0:67:8b:02:e9:af:74:
>
> 49:33:5e:2f:21:0b:4c:f3:3d:63:ea:1e:2e:4d:e9:ed:
>
> af:ef:61:35:ad:86:2b:93:ab:b6:7d:45:ed:b1:9b:12:
>
> 57:fc:55:ef:42:46:01:63:b1:b9:84:e9:f4:46:fb:39:
>
> fa:1e:55:2e:20:32:c1:45:ad:ac:54:c9:e6:4e:ca:f1:
>
> fb:da:9a:b5:bc:8b:6c:43:86:4e:df:06:97:46:3e:9b:
>
> a2:a1:ff:41:6e:80:df:a7:bd:5d:96:2c:ba:e0:d2:56
>
> Fingerprint (MD5):
>
> 09:ad:08:87:8b:64:04:0f:d2:6c:25:ac:b1:1e:e1:48
>
> Fingerprint (SHA1):
>
> c9:a0:1f:6d:8e:f6:d9:9b:53:6e:6b:92:ea:7c:ae:79:
>
> ca:4d:09:98
>
> approved_usage = SSL Server intended_usage = SSL Server
>
> cert valid True for "CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM"
>
> handshake complete, peer = 192.168.20.90:443
>
> Protocol: TLS1.2
>
> Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
>
> received Set-Cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd;
>
> Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30
>
> GMT; Secure; HttpOnly'
>
> storing cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd;
>
> Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30
>
> GMT; Secure; HttpOnly' for prin
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=
>
> stderr=keyctl_search: Required key not available
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=
>
> stderr=keyctl_search: Required key not available
>
> args=keyctl padd user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM @s
>
> stdout=640092261
>
> stderr=
>
> Hostname (bk1.cyberfuel.com) not found in DNS
>
> Writing nsupdate commands to /etc/ipa/.dns_update.txt:
>
> zone cyberfuel.com.
>
> update delete bk1.cyberfuel.com. IN A
>
> send
>
> update add bk1.cyberfuel.com. 1200 IN A 192.168.20.13
>
> send
>
> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
>
> stdout=
>
> stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
>
> Minor code may provide more information, Minor = Server
>
> DNS/ns1.cyberfuel.com at CYBERFUEL.COM
> <mailto:DNS/ns1.cyberfuel.com at CYBERFUEL.COM> no
>
> nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt'
>
> returned non-zero exit status 1
>
> Failed to update DNS records.
>
> args=/sbin/service messagebus start
>
> stdout=Starting system message bus: [ OK ]
>
> stderr=
>
> args=/sbin/service messagebus status
>
> stdout=messagebus (pid 41820) is running...
>
> stderr=
>
> args=/sbin/service certmonger restart
>
> stdout=Stopping certmonger: [FAILED]
>
> Starting certmonger: [ OK ]
>
> stderr=
>
> args=/sbin/service certmonger status
>
> stdout=certmonger (pid 41859) is running...
>
> stderr=
>
> args=/sbin/service certmonger restart
>
> stdout=Stopping certmonger: [ OK ]
>
> Starting certmonger: [ OK ]
>
> stderr=
>
> args=/sbin/service certmonger status
>
> stdout=certmonger (pid 41927) is running...
>
> stderr=
>
> args=/sbin/chkconfig certmonger on
>
> stdout=
>
> stderr=
>
> args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate -
>
> bk1.cyberfuel.com -N CN=bk1.cyberfuel.com,O=CYBERFUEL.COM -K
>
> host/bk1.cyberfuel.com at CYBERFUEL.CO
> <mailto:host/bk1.cyberfuel.com at CYBERFUEL.CO>
>
> stdout=New signing request "20160429204235" added.
>
> stderr=
>
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
>
> Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
>
> raw: host_mod(u'bk1.cyberfuel.com', ipasshpubkey=[u'ssh-rsa
>
> AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA
>
> xmV14vUYyyohaIWBBi87sXwqcNsWBUWAcg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId
>
> slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL
>
> ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1a1HEED7xczbIHF/YHF7u08WBbFe0Y40QA5gfa7
>
> /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm
>
> M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BccDZfAAAAFShUVZUinN/bv
>
> 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb
>
> 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3CFIBt
>
> mZY3RF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv
>
> wfpc='], updatedns=False)
>
> host_mod(u'bk1.cyberfuel.com', random=False, ipasshpubkey=(u'ssh-rsa
>
> AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA
>
> xmV14vUYyyohaIWBBi87sXwlVqxX+L95cg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId
>
> slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL
>
> ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1aAN359BmDxbIHF/YHF7u08WBbFe0Y40QA5gfa7
>
> /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm
>
> M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BcXJiFI6Ub3ShUVZUinN/bv
>
> 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb
>
> 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3mdAXb
>
> 7imVRF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv
>
> wfpc='), rights=False, updatedns=False, all=False, raw=False,
>
> no_members=False)
>
> Forwarding 'host_mod' to server u'https://freeipa.cyberfuel.com/ipa/xml'
>
> NSSConnection init freeipa.cyberfuel.com
>
> Connecting: 192.168.20.90:0
>
> handshake complete, peer = 192.168.20.90:443
>
> Protocol: TLS1.2
>
> Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
>
> received Set-Cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0;
>
> Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35
>
> GMT; Secure; HttpOnly'
>
> storing cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0;
>
> Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35
>
> GMT; Secure; HttpOnly' for prin
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=640092261
>
> stderr=
>
> args=keyctl search @s user
>
> ipa_session_cookie:host/bk1.cyberfuel.com at CYBERFUEL.COM
>
> stdout=640092261
>
> stderr=
>
> args=keyctl pupdate 640092261
>
> stdout=
>
> stderr=
>
> Writing nsupdate commands to /etc/ipa/.dns_update.txt:
>
> zone cyberfuel.com.
>
> update delete bk1.cyberfuel.com. IN SSHFP
>
> send
>
> update add bk1.cyberfuel.com. 1200 IN SSHFP 1 1
>
> B40F0F3FF14223B021F206C3E3276AC48F6EEAF0
>
> update add bk1.cyberfuel.com. 1200 IN SSHFP 2 1
>
> 30D2331BC69452EFE65445B5C990773EA41A2FE8
>
> send
>
> args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
>
> stdout=
>
> stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
>
> Minor code may provide more information, Minor = Server
>
> DNS/ns1.cyberfuel.com at CYBERFUEL.COM
> <mailto:DNS/ns1.cyberfuel.com at CYBERFUEL.COM> no
>
> nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt'
>
> returned non-zero exit status 1
>
> Could not update DNS SSHFP records.
>
> args=/sbin/service nscd status
>
> stdout=
>
> stderr=nscd: unrecognized service
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd
>
> stdout=
>
> stderr=
>
> SSSD enabled
>
> Configuring cyberfuel.com as NIS domain
>
> args=/bin/nisdomainname
>
> stdout=(none)
>
> stderr=
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> args=/usr/sbin/authconfig --update --nisdomain cyberfuel.com
>
> stdout=
>
> stderr=
>
> args=/bin/nisdomainname cyberfuel.com
>
> stdout=
>
> stderr=
>
> args=/sbin/service sssd restart
>
> stdout=Stopping sssd: [FAILED]
>
> Starting sssd: [ OK ]
>
> stderr=cat: /var/run/sssd.pid: No such file or directory
>
> args=/sbin/service sssd status
>
> stdout=sssd (pid 42071) is running...
>
> stderr=
>
> args=/sbin/chkconfig sssd on
>
> stdout=
>
> stderr=
>
> Backing up system configuration file '/etc/openldap/ldap.conf'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> Configured /etc/openldap/ldap.conf
>
> args=getent passwd admin
>
> stdout=admin:*:1045400000:1045400000:Administrator:/home/admin:/bin/bash
>
> stderr=
>
> Backing up system configuration file '/etc/ntp/step-tickers'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> args=/usr/sbin/selinuxenabled
>
> stdout=
>
> stderr=
>
> args=/sbin/chkconfig ntpd
>
> stdout=
>
> stderr=
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> Backing up system configuration file '/etc/ntp.conf'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> args=/usr/sbin/selinuxenabled
>
> stdout=
>
> stderr=
>
> Backing up system configuration file '/etc/sysconfig/ntpd'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> args=/usr/sbin/selinuxenabled
>
> stdout=
>
> stderr=
>
> args=/sbin/chkconfig ntpd on
>
> stdout=
>
> stderr=
>
> args=/sbin/service ntpd restart
>
> stdout=Shutting down ntpd: [ OK ]
>
> Starting ntpd: [ OK ]
>
> stderr=
>
> args=/sbin/service ntpd status
>
> stdout=ntpd (pid 42133) is running...
>
> stderr=
>
> NTP enabled
>
> Backing up system configuration file '/etc/ssh/ssh_config'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> Configured /etc/ssh/ssh_config
>
> Backing up system configuration file '/etc/ssh/sshd_config'
>
> Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> args=sshd -t -f /dev/null -o AuthorizedKeysCommand=
>
> stdout=
>
> stderr=
>
> Configured /etc/ssh/sshd_config
>
> args=/sbin/service sshd status
>
> stdout=openssh-daemon (pid 46497) is running...
>
> stderr=
>
> args=/sbin/service sshd restart
>
> stdout=Stopping sshd: [ OK ]
>
> Starting sshd: [ OK ]
>
> stderr=
>
> args=/sbin/service sshd status
>
> stdout=openssh-daemon (pid 42190) is running...
>
> stderr=
>
> Client configuration complete.
>
> -----Original Message-----
>
> From: Rob Crittenden [mailto:rcritten at redhat.com]
>
> Sent: viernes 29 de abril de 2016 12:19 p.m.
>
> To: Jose Alvarez R. <jalvarez at cyberfuel.com
> <mailto:jalvarez at cyberfuel.com>>; freeipa-users at redhat.com
> <mailto:freeipa-users at redhat.com>
>
> Subject: Re: [Freeipa-users] HTTP response code is 401, not 200
>
> Jose Alvarez R. wrote:
>
> > Hi, Rob
>
> >
>
> > Thanks!!
>
> >
>
> >
>
> > The version the xmlrpc-c of my server IPA:
>
> > xmlrpc-c-1.16.24-1210.1840.el6.x86_64
>
> > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64
>
> >
>
> >
>
> > The version the xmlrpc-c of my client IPA
>
> > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64
>
> > xmlrpc-c-1.16.24-1210.1840.el6.x86_64
>
> > libiqxmlrpc-0.12.4-0.parallels.i686
>
> > xmlrpc-c-c++-1.16.24-1210.1840.el6.x86_64
>
> You need xmlrpc-c-1.16.24-1200.1840.2.el6 on the client which fixed
>
> https://bugzilla.redhat.com/show_bug.cgi?id=719945
>
> The libcurl version on the client looks ok.
>
> This is only a client-side issue so no changes on the servers should be
>
> necessary IIRC. This appears to be EL 6.1 which at this point is quite old.
>
> rob
>
> >
>
> > The versions are the same, but the libcurl is different
>
> >
>
> > It's the version curl IPA server
>
> > [root at freeipa log]# rpm -qa | grep curl
>
> > python-pycurl-7.19.0-8.el6.x86_64
>
> > curl-7.19.7-46.el6.x86_64
>
> > libcurl-7.19.7-46.el6.x86_64
>
> > [root at freeipa log]#
>
> >
>
> >
>
> > It's the version curl PPA server(IPA Client) [root at ppa named]# rpm -qa
>
> > | grep curl
>
> > curl-7.31.0-1.el6.x86_64
>
> > python-pycurl-7.19.0-8.el6.x86_64
>
> > libcurl-7.31.0-1.el6.x86_64
>
> > libcurl-7.31.0-1.el6.i686
>
> >
>
> > Sorry, my english is not very well
>
> >
>
> >
>
> > Regards.
>
> >
>
> >
>
> >
>
> > -----Original Message-----
>
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>
> > Sent: viernes 29 de abril de 2016 11:14 a.m.
>
>> To: Jose Alvarez R. <jalvarez at cyberfuel.com <mailto:jalvarez at cyberfuel.com>>;
> freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>
> > Subject: Re: [Freeipa-users] HTTP response code is 401, not 200
>
> >
>
> > Jose Alvarez R. wrote:
>
> >> Hi Rob, Thanks for your response
>
> >>
>
> >> Yes, It's with admin.
>
> >
>
> > I assume this is a problem with your version of xmlrpc-c. We use
>
> > standard calls xmlrpc-c calls to setup authentication and IIRC that
>
> > links against libcurl which provides the Kerberos/GSSAPI support. On
>
> > EL6 you need xmlrpc-c
>
> >> = 1.16.24-1200.1840.2
>
> >
>
> > I'm confused about the versions. You mention PPA but include what look
>
> > like RPM versions that seem to point to RHEL 6.
>
> >
>
> > rob
>
> >
>
> >>
>
> >> I execute the command "ipa-client-install --debug"
>
> >> ---------------------------------------------------------------------
>
> >> -
>
> >> ---
>
> >>
>
> >>
>
> >> [root at ppa named]# ipa-client-install --debug
>
> >> /usr/sbin/ipa-client-install was invoked with options: {'domain':
>
> >> None,
>
> >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True,
>
> >> 'primary': False, 'mkhomedir
>
> >> ': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True,
>
> >> 'on_master': False, 'ntp_server': None, 'nisdomain': None,
>
> 'no_nisdomain':
>
> >> False, 'principal': None
>
> >> , 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True,
>
> >> 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False,
>
> >> 'conf_sudo': True, 'conf_ssh': Tr
>
> >> ue, 'force_join': False, 'ca_cert_file': None, 'server': None,
>
> >> 'prompt_password': False, 'permit': False, 'debug': True,
>
> 'preserve_sssd':
>
> >> False, 'uninstall': False}
>
> >> missing options might be asked for interactively later Loading Index
>
> >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> >> [IPA Discovery]
>
> >> Starting IPA discovery with domain=None, servers=None,
>
> >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in
>
> >> "cyberfuel.com" (domain of the
>
> >> hostname) and its sub-domains
>
> >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio
>
> >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> >> [Kerberos realm search]
>
> >> Search DNS for TXT record of _kerberos.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data:
>
> >> C
>
> >> YBERFU
>
> >> EL.COM}
>
> >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={
>
> >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.}
>
> >> [LDAP server check]
>
> >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA
>
> >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389
>
> >> Search LDAP server for IPA base DN Check if naming context
>
> >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com'
>
> >> is a valid IPA context Search for (objectClass=krbRealmContainer) in
>
> >> dc=cyberfuel,dc=com (sub)
>
> >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com
>
> >> Discovery result: Success; server=freeipa.cyberfuel.com,
>
> >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com,
>
> >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com
>
> >> will use discovered domain: cyberfuel.com Start searching for LDAP
>
> >> SRV record in "cyberfuel.com" (Validating DNS
>
> >> Discovery) and its sub-domains
>
> >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio
>
> >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> >> DNS validated, enabling discovery
>
> >> will use discovered server: freeipa.cyberfuel.com Discovery was
>
> >> successful!
>
> >> will use discovered realm: CYBERFUEL.COM will use discovered basedn:
>
> >> dc=cyberfuel,dc=com
>
> >> Hostname: ppa.cyberfuel.com
>
> >> Hostname source: Machine's FQDN
>
> >> Realm: CYBERFUEL.COM
>
> >> Realm source: Discovered from LDAP DNS records in
>
> >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source:
>
> >> Discovered LDAP SRV records from cyberfuel.com (domain of the
>
> >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source:
>
> >> Discovered from LDAP DNS records in freeipa.cyberfuel.com
>
> >> BaseDN: dc=cyberfuel,dc=com
>
> >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389
>
> >>
>
> >> Continue to configure the system with these values? [no]: no
>
> >> Installation failed. Rolling back changes.
>
> >> IPA client is not configured on this system.
>
> >> [root at ppa named]#
>
> >> [root at ppa named]# ipa-client-install --debug
>
> >> /usr/sbin/ipa-client-install was invoked with options: {'domain':
>
> >> None,
>
> >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True,
>
> >> 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd':
>
> >> True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None,
>
> > 'nisdomain':
>
> >> None, 'no_nisdomain': False, 'principal': None, 'hostname': None,
>
> 'no_ac':
>
> >> False, 'unattended': None, 'sssd': True, 'trust_sshfp': False,
>
> >> 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True,
> 'conf_ssh':
>
> >> True, 'force_join': False, 'ca_cert_file': None, 'server': None,
>
> >> 'prompt_password': False, 'permit': False, 'debug': True,
>
> 'preserve_sssd':
>
> >> False, 'uninstall': False}
>
> >> missing options might be asked for interactively later Loading Index
>
> >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>
> >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
>
> >> [IPA Discovery]
>
> >> Starting IPA discovery with domain=None, servers=None,
>
> >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in
>
> >> "cyberfuel.com" (domain of the
>
> >> hostname) and its sub-domains
>
> >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio
>
> >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> >> [Kerberos realm search]
>
> >> Search DNS for TXT record of _kerberos.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data:
>
> >> C
>
> >> YBERFU
>
> >> EL.COM}
>
> >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={
>
> >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.}
>
> >> [LDAP server check]
>
> >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA
>
> >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389
>
> >> Search LDAP server for IPA base DN Check if naming context
>
> >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com'
>
> >> is a valid IPA context Search for (objectClass=krbRealmContainer) in
>
> >> dc=cyberfuel,dc=com (sub)
>
> >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com
>
> >> Discovery result: Success; server=freeipa.cyberfuel.com,
>
> >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com,
>
> >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com
>
> >> will use discovered domain: cyberfuel.com Start searching for LDAP
>
> >> SRV record in "cyberfuel.com" (Validating DNS
>
> >> Discovery) and its sub-domains
>
> >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com.
>
> >> DNS record found:
>
> >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio
>
> >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.}
>
> >> DNS validated, enabling discovery
>
> >> will use discovered server: freeipa.cyberfuel.com Discovery was
>
> >> successful!
>
> >> will use discovered realm: CYBERFUEL.COM will use discovered basedn:
>
> >> dc=cyberfuel,dc=com
>
> >> Hostname: ppa.cyberfuel.com
>
> >> Hostname source: Machine's FQDN
>
> >> Realm: CYBERFUEL.COM
>
> >> Realm source: Discovered from LDAP DNS records in
>
> >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source:
>
> >> Discovered LDAP SRV records from cyberfuel.com (domain of the
>
> >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source:
>
> >> Discovered from LDAP DNS records in freeipa.cyberfuel.com
>
> >> BaseDN: dc=cyberfuel,dc=com
>
> >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389
>
> >>
>
> >> Continue to configure the system with these values? [no]: yes
>
> >> args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM
>
> >> stdout= stderr=Failed to open keytab '/etc/krb5.keytab': No such file
>
> >> or directory
>
> >>
>
> >> User authorized to enroll computers: admin will use principal
>
> >> provided as option: admin Synchronizing time with KDC...
>
> >> Search DNS for SRV record of _ntp._udp.cyberfuel.com.
>
> >> No DNS record found
>
> >> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout=
>
> >> stderr= Writing Kerberos configuration to /tmp/tmpqWSatK:
>
> >> #File modified by ipa-client-install
>
> >>
>
> >> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> >>
>
> >> [libdefaults]
>
> >> default_realm = CYBERFUEL.COM
>
> >> dns_lookup_realm = false
>
> >> dns_lookup_kdc = false
>
> >> rdns = false
>
> >> ticket_lifetime = 24h
>
> >> forwardable = yes
>
> >> udp_preference_limit = 0
>
> >>
>
> >>
>
> >> [realms]
>
> >> CYBERFUEL.COM = {
>
> >> kdc = freeipa.cyberfuel.com:88
>
> >> master_kdc = freeipa.cyberfuel.com:88
>
> >> admin_server = freeipa.cyberfuel.com:749
>
> >> default_domain = cyberfuel.com
>
> >> pkinit_anchors = FILE:/etc/ipa/ca.crt
>
> >>
>
> >> }
>
> >>
>
> >>
>
> >> [domain_realm]
>
> >> .cyberfuel.com = CYBERFUEL.COM
>
> >> cyberfuel.com = CYBERFUEL.COM
>
> >>
>
> >>
>
> >>
>
>>> Password foradmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>:
>
>>> args=kinitadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>
>
>>> stdout=Password foradmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>:
>
> >>
>
> >> stderr=
>
> >> trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com
>
> >> Existing CA cert and Retrieved CA cert are identical
>
> >> args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b
>
> >> dc=cyberfuel,dc=com -d stdout= stderr=XML-RPC CALL:
>
> >>
>
> >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n
>
> >> <methodName>join</methodName>\r\n <params>\r\n
>
> >> <param><value><array><data>\r\n
>
> >> <value><string>ppa.cyberfuel.com</string></value>\r\n
>
> >> </data></array></value></param>\r\n
>
> >> <param><value><struct>\r\n
>
> >> <member><name>nsosversion</name>\r\n
>
> >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\
>
> >> n <member><name>nshardwareplatform</name>\r\n
>
> >> <value><string>x86_64</string></value></member>\r\n
>
> >> </struct></value></param>\r\n
>
> >> </params>\r\n
>
> >> </methodCall>\r\n
>
> >>
>
> >> * About to connect() to freeipa.cyberfuel.com port 443 (#0)
>
> >> * Trying 192.168.20.90...
>
> >> * Adding handle: conn: 0x10bb2f0
>
> >> * Adding handle: send: 0
>
> >> * Adding handle: recv: 0
>
> >> * Curl_addHandleToPipeline: length: 1
>
> >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0
>
> >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0)
>
> >> * successfully set certificate verify locations:
>
> >> * CAfile: /etc/ipa/ca.crt
>
> >> CApath: none
>
> >> * SSL connection using AES256-SHA
>
> >> * Server certificate:
>
> >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com
>
> >> * start date: 2015-09-30 17:52:11 GMT
>
> >> * expire date: 2017-09-30 17:52:11 GMT
>
> >> * common name: freeipa.cyberfuel.com (matched)
>
> >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority
>
> >> * SSL certificate verify ok.
>
> >>> POST /ipa/xml HTTP/1.1
>
> >> Host: freeipa.cyberfuel.com
>
> >> Accept: */*
>
> >> Content-Type: text/xml
>
> >> User-Agent: ipa-join/3.0.0
>
>>> Referer:https://freeipa.cyberfuel.com/ipa/xml
>
> >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
>
> >> Content-Length: 477
>
> >>
>
> >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401
>
> >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT
>
> >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server:
>
> >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified:
>
> >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000"
>
> >> < Accept-Ranges: bytes
>
> >> < Content-Length: 1370
>
> >> < Connection: close
>
> >> < Content-Type: text/html; charset=UTF-8 <
>
> >> * Closing connection 0
>
> >> HTTP response code is 401, not 200
>
> >>
>
> >> Joining realm failed: XML-RPC CALL:
>
> >>
>
> >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n
>
> >> <methodName>join</methodName>\r\n <params>\r\n
>
> >> <param><value><array><data>\r\n
>
> >> <value><string>ppa.cyberfuel.com</string></value>\r\n
>
> >> </data></array></value></param>\r\n
>
> >> <param><value><struct>\r\n
>
> >> <member><name>nsosversion</name>\r\n
>
> >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\
>
> >> n <member><name>nshardwareplatform</name>\r\n
>
> >> <value><string>x86_64</string></value></member>\r\n
>
> >> </struct></value></param>\r\n
>
> >> </params>\r\n
>
> >> </methodCall>\r\n
>
> >>
>
> >> * About to connect() to freeipa.cyberfuel.com port 443 (#0)
>
> >> * Trying 192.168.20.90...
>
> >> * Adding handle: conn: 0x10bb2f0
>
> >> * Adding handle: send: 0
>
> >> * Adding handle: recv: 0
>
> >> * Curl_addHandleToPipeline: length: 1
>
> >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0
>
> >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0)
>
> >> * successfully set certificate verify locations:
>
> >> * CAfile: /etc/ipa/ca.crt
>
> >> CApath: none
>
> >> * SSL connection using AES256-SHA
>
> >> * Server certificate:
>
> >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com
>
> >> * start date: 2015-09-30 17:52:11 GMT
>
> >> * expire date: 2017-09-30 17:52:11 GMT
>
> >> * common name: freeipa.cyberfuel.com (matched)
>
> >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority
>
> >> * SSL certificate verify ok.
>
> >>> POST /ipa/xml HTTP/1.1
>
> >> Host: freeipa.cyberfuel.com
>
> >> Accept: */*
>
> >> Content-Type: text/xml
>
> >> User-Agent: ipa-join/3.0.0
>
>>> Referer:https://freeipa.cyberfuel.com/ipa/xml
>
> >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
>
> >> Content-Length: 477
>
> >>
>
> >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401
>
> >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT
>
> >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server:
>
> >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified:
>
> >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000"
>
> >> < Accept-Ranges: bytes
>
> >> < Content-Length: 1370
>
> >> < Connection: close
>
> >> < Content-Type: text/html; charset=UTF-8 <
>
> >> * Closing connection 0
>
> >> HTTP response code is 401, not 200
>
> >>
>
> >> Installation failed. Rolling back changes.
>
> >> IPA client is not configured on this system.
>
> >>
>
> >> -------------------------------------------------
>
> >>
>
> >> It's the version curl IPA server
>
> >>
>
> >> [root at freeipa log]# rpm -qa | grep curl
>
> >> python-pycurl-7.19.0-8.el6.x86_64
>
> >> curl-7.19.7-46.el6.x86_64
>
> >> libcurl-7.19.7-46.el6.x86_64
>
> >> [root at freeipa log]#
>
> >>
>
> >>
>
> >> It's the version curl PPA server(IPA Client)
>
> >>
>
> >> [root at ppa named]# rpm -qa | grep curl
>
> >> curl-7.31.0-1.el6.x86_64
>
> >> python-pycurl-7.19.0-8.el6.x86_64
>
> >> libcurl-7.31.0-1.el6.x86_64
>
> >> libcurl-7.31.0-1.el6.i686
>
> >>
>
> >>
>
> >> The version curl is different, but the version curl PPA is the
>
> >> repository Odin Plesk.
>
> >>
>
> >> -----------------------------------------------------
>
> >>
>
> >>
>
> >> [root at ppa tmp]# cat kerberos_trace.log
>
> >>
>
> >> [12118] 1461855578.809966: ccselect module realm chose cache
>
>>> FILE:/tmp/tmptSoqDX with client principaladmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>for
>
>>> server principalldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>
>
>>> [12118] 1461855578.810171: Retrievingadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not
>
> >> found [12118] 1461855578.810252: Getting credentials
>
>>>admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>using
>
> >> ccache FILE:/tmp/tmptSoqDX [12118] 1461855578.810369: Retrieving
>
>>>admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>from
>
> >> FILE:/tmp/tmptSoqDX with
>
> >> result: -1765328243/Matching credential not found [12118]
>
>>> 1461855578.810451: Retrievingadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
>
>>>krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
> <mailto:krbtgt/CYBERFUEL.COM at CYBERFUEL.COM>from FILE:/tmp/tmptSoqDX with
> result:
>
> >> 0/Success
>
> >> [12118] 1461855578.810476: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM> ->
> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
> <mailto:krbtgt/CYBERFUEL.COM at CYBERFUEL.COM>
>
> >> [12118] 1461855578.810509: Requesting tickets for
>
>>>ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>, referrals on [12118]
>
> >> 1461855578.810612: Generated subkey for TGS request: aes256-cts/7377
>
> >> [12118] 1461855578.810679: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [12118]
>
> >> 1461855578.810913: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [12118] 1461855578.811239: Resolving hostname freeipa.cyberfuel.com
>
> >> [12118] 1461855578.811466: Initiating TCP connection to stream
>
> >> 192.168.0.90:88
>
> >> [12118] 1461855578.811935: Sending TCP request to stream
>
> >> 192.168.0.90:88 [12118] 1461855578.816404: Received answer from
>
> >> stream
>
> >> 192.168.0.90:88 [12118] 1461855578.816714: Response was from master
>
>>> KDC [12118] 1461855578.816906: TGS reply is foradmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>
>
>>> ->ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>with session key
>
> >> aes256-cts/BEB2 [12118] 1461855578.816977: TGS request result:
>
> >> 0/Success [12118] 1461855578.817018: Received creds for desired
>
>>> serviceldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>
>
>>> [12118] 1461855578.817066: Removingadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
>
>>>ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>from FILE:/tmp/tmptSoqDX
>
>>> [12118] 1461855578.817107: Storingadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
>
>>>ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>in FILE:/tmp/tmptSoqDX
>
> >> [12118] 1461855578.817413: Creating authenticator for
>
> >> admin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM> ->
> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>,
>
> >> seqnum 299651167, subkey aes256-cts/98D3, session key aes256-cts/BEB2
>
> >> [12118] 1461855578.874786: ccselect module realm chose cache
>
>>> FILE:/tmp/tmptSoqDX with client principaladmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>for
>
>>> server principalldap/freeipa.cyberfuel.com at CYBERFUEL.COM
> <mailto:ldap/freeipa.cyberfuel.com at CYBERFUEL.COM>
>
>>> [12118] 1461855578.874938: Retrievingadmin at CYBERFUEL.COM <mailto:admin at CYBERFUEL.COM>->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not
>
> >> found [12118] 1461855578.875079: Read AP-REP, time 1461855578.817442,
>
> >> subkey aes256-cts/4B32, seqnum 706045221 [17304] 1461858424.873888:
>
> >> ccselect module realm chose cache FILE:/tmp/tmpH0QF6P with client
>
> >> principal admin at CYBERFUEL.COM for server principal
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [17304] 1461858424.874126: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not
>
> >> found [17304] 1461858424.874220: Getting credentials
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM using
>
> >> ccache FILE:/tmp/tmpH0QF6P [17304] 1461858424.874413: Retrieving
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from
>
> >> FILE:/tmp/tmpH0QF6P with
>
> >> result: -1765328243/Matching credential not found [17304]
>
> >> 1461858424.874531: Retrieving admin at CYBERFUEL.COM ->
>
> >> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM from FILE:/tmp/tmpH0QF6P with result:
>
> >> 0/Success
>
> >> [17304] 1461858424.874603: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM -> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
>
> >> [17304] 1461858424.874631: Requesting tickets for
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM, referrals on [17304]
>
> >> 1461858424.874747: Generated subkey for TGS request: aes256-cts/8C33
>
> >> [17304] 1461858424.874788: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [17304]
>
> >> 1461858424.875121: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [17304] 1461858424.875525: Resolving hostname freeipa.cyberfuel.com
>
> >> [17304] 1461858424.875805: Initiating TCP connection to stream
>
> >> 192.168.20.90:88
>
> >> [17304] 1461858424.877976: Sending TCP request to stream
>
> >> 192.168.20.90:88 [17304] 1461858424.882385: Received answer from
>
> >> stream 192.168.20.90:88 [17304] 1461858424.882531: Response was from
>
> >> master KDC [17304] 1461858424.882775: TGS reply is for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM with
>
> >> session key aes256-cts/20DA [17304] 1461858424.882850: TGS request
>
> >> result: 0/Success [17304] 1461858424.882883: Received creds for
>
> >> desired service ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [17304] 1461858424.882918: Removing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from FILE:/tmp/tmpH0QF6P
>
> >> [17304] 1461858424.882951: Storing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM in FILE:/tmp/tmpH0QF6P
>
> >> [17304] 1461858424.883271: Creating authenticator for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM,
>
> >> seqnum 443746416, subkey aes256-cts/13DE, session key aes256-cts/20DA
>
> >> [17304] 1461858424.898190: ccselect module realm chose cache
>
> >> FILE:/tmp/tmpH0QF6P with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [17304] 1461858424.898401: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not
>
> >> found [17304] 1461858424.898615: Read AP-REP, time 1461858424.883334,
>
> >> subkey aes256-cts/A0F5, seqnum 906104721 [23457] 1461863053.621386:
>
> >> ccselect module realm chose cache
>
> >> FILE:/tmp/tmp576FE3 with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23457] 1461863053.621602: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not
>
> >> found [23457] 1461863053.621719: Getting credentials
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM using
>
> >> ccache FILE:/tmp/tmp576FE3 [23457] 1461863053.621918: Retrieving
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from
>
> >> FILE:/tmp/tmp576FE3 with
>
> >> result: -1765328243/Matching credential not found [23457]
>
> >> 1461863053.622097: Retrieving admin at CYBERFUEL.COM ->
>
> >> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM from FILE:/tmp/tmp576FE3 with result:
>
> >> 0/Success
>
> >> [23457] 1461863053.622144: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM -> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
>
> >> [23457] 1461863053.622176: Requesting tickets for
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM, referrals on [23457]
>
> >> 1461863053.622288: Generated subkey for TGS request: aes256-cts/897C
>
> >> [23457] 1461863053.622331: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23457]
>
> >> 1461863053.622662: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [23457] 1461863053.623133: Resolving hostname freeipa.cyberfuel.com
>
> >> [23457] 1461863053.623367: Initiating TCP connection to stream
>
> >> 192.168.20.90:88
>
> >> [23457] 1461863053.623866: Sending TCP request to stream
>
> >> 192.168.20.90:88 [23457] 1461863053.627939: Received answer from
>
> >> stream 192.168.20.90:88 [23457] 1461863053.628229: Response was from
>
> >> master KDC [23457] 1461863053.628485: TGS reply is for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM with
>
> >> session key aes256-cts/9E88 [23457] 1461863053.628560: TGS request
>
> >> result: 0/Success [23457] 1461863053.628610: Received creds for
>
> >> desired service ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23457] 1461863053.628655: Removing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from FILE:/tmp/tmp576FE3
>
> >> [23457] 1461863053.628689: Storing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM in FILE:/tmp/tmp576FE3
>
> >> [23457] 1461863053.629119: Creating authenticator for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM,
>
> >> seqnum 13046067, subkey aes256-cts/BAC3, session key aes256-cts/9E88
>
> >> [23457] 1461863053.640471: ccselect module realm chose cache
>
> >> FILE:/tmp/tmp576FE3 with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23457] 1461863053.640721: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not
>
> >> found [23457] 1461863053.640909: Read AP-REP, time 1461863053.629208,
>
> >> subkey aes256-cts/8866, seqnum 421358565 [23749] 1461863277.525338:
>
> >> ccselect module realm chose cache FILE:/tmp/tmprfuOsj with client
>
> >> principal admin at CYBERFUEL.COM for server principal
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23749] 1461863277.525435: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not
>
> >> found [23749] 1461863277.525469: Getting credentials
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM using
>
> >> ccache FILE:/tmp/tmprfuOsj [23749] 1461863277.525529: Retrieving
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from
>
> >> FILE:/tmp/tmprfuOsj with
>
> >> result: -1765328243/Matching credential not found [23749]
>
> >> 1461863277.525572: Retrieving admin at CYBERFUEL.COM ->
>
> >> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM from FILE:/tmp/tmprfuOsj with result:
>
> >> 0/Success
>
> >> [23749] 1461863277.525584: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM -> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
>
> >> [23749] 1461863277.525593: Requesting tickets for
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM, referrals on [23749]
>
> >> 1461863277.525645: Generated subkey for TGS request: aes256-cts/C22D
>
> >> [23749] 1461863277.525662: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23749]
>
> >> 1461863277.525806: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [23749] 1461863277.526052: Resolving hostname freeipa.cyberfuel.com
>
> >> [23749] 1461863277.526161: Initiating TCP connection to stream
>
> >> 192.168.20.90:88
>
> >> [23749] 1461863277.526440: Sending TCP request to stream
>
> >> 192.168.20.90:88 [23749] 1461863277.530652: Received answer from
>
> >> stream 192.168.20.90:88 [23749] 1461863277.530737: Response was from
>
> >> master KDC [23749] 1461863277.530881: TGS reply is for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM with
>
> >> session key aes256-cts/79C3 [23749] 1461863277.530931: TGS request
>
> >> result: 0/Success [23749] 1461863277.530948: Received creds for
>
> >> desired service ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23749] 1461863277.530962: Removing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from FILE:/tmp/tmprfuOsj
>
> >> [23749] 1461863277.530971: Storing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM in FILE:/tmp/tmprfuOsj
>
> >> [23749] 1461863277.531133: Creating authenticator for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM,
>
> >> seqnum 1019693263, subkey aes256-cts/B3E0, session key
>
> >> aes256-cts/79C3 [23749] 1461863277.542808: ccselect module realm
>
> >> chose cache FILE:/tmp/tmprfuOsj with client principal
>
> >> admin at CYBERFUEL.COM for server principal
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [23749] 1461863277.542889: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not
>
> >> found [23749] 1461863277.542988: Read AP-REP, time 1461863277.531150,
>
> >> subkey aes256-cts/5194, seqnum 376027188 [25544] 1461864401.258277:
>
> >> ccselect module realm chose cache FILE:/tmp/tmpbzX7EN with client
>
> >> principal admin at CYBERFUEL.COM for server principal
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [25544] 1461864401.258584: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not
>
> >> found [25544] 1461864401.258678: Getting credentials
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM using
>
> >> ccache FILE:/tmp/tmpbzX7EN [25544] 1461864401.258873: Retrieving
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from
>
> >> FILE:/tmp/tmpbzX7EN with
>
> >> result: -1765328243/Matching credential not found [25544]
>
> >> 1461864401.259040: Retrieving admin at CYBERFUEL.COM ->
>
> >> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM from FILE:/tmp/tmpbzX7EN with result:
>
> >> 0/Success
>
> >> [25544] 1461864401.259076: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM -> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
>
> >> [25544] 1461864401.259102: Requesting tickets for
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM, referrals on [25544]
>
> >> 1461864401.259244: Generated subkey for TGS request: aes256-cts/277A
>
> >> [25544] 1461864401.259291: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [25544]
>
> >> 1461864401.259676: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [25544] 1461864401.260108: Resolving hostname freeipa.cyberfuel.com
>
> >> [25544] 1461864401.260361: Initiating TCP connection to stream
>
> >> 192.168.20.90:88
>
> >> [25544] 1461864401.260980: Sending TCP request to stream
>
> >> 192.168.20.90:88 [25544] 1461864401.264399: Received answer from
>
> >> stream 192.168.20.90:88 [25544] 1461864401.264593: Response was from
>
> >> master KDC [25544] 1461864401.264893: TGS reply is for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM with
>
> >> session key aes256-cts/9106 [25544] 1461864401.264966: TGS request
>
> >> result: 0/Success [25544] 1461864401.264996: Received creds for
>
> >> desired service ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [25544] 1461864401.265029: Removing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from FILE:/tmp/tmpbzX7EN
>
> >> [25544] 1461864401.265058: Storing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM in FILE:/tmp/tmpbzX7EN
>
> >> [25544] 1461864401.265581: Creating authenticator for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM,
>
> >> seqnum 921501424, subkey aes256-cts/99EA, session key aes256-cts/9106
>
> >> [25544] 1461864401.275884: ccselect module realm chose cache
>
> >> FILE:/tmp/tmpbzX7EN with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [25544] 1461864401.276059: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not
>
> >> found [25544] 1461864401.276196: Read AP-REP, time 1461864401.265627,
>
> >> subkey aes256-cts/0E9F, seqnum 871496824 [18097] 1461937028.664354:
>
> >> ccselect module realm chose cache
>
> >> FILE:/tmp/tmpF9x_o8 with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [18097] 1461937028.664456: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not
>
> >> found [18097] 1461937028.664490: Getting credentials
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM using
>
> >> ccache FILE:/tmp/tmpF9x_o8 [18097] 1461937028.664549: Retrieving
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from
>
> >> FILE:/tmp/tmpF9x_o8 with
>
> >> result: -1765328243/Matching credential not found [18097]
>
> >> 1461937028.664590: Retrieving admin at CYBERFUEL.COM ->
>
> >> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM from FILE:/tmp/tmpF9x_o8 with result:
>
> >> 0/Success
>
> >> [18097] 1461937028.664601: Found cached TGT for service realm:
>
> >> admin at CYBERFUEL.COM -> krbtgt/CYBERFUEL.COM at CYBERFUEL.COM
>
> >> [18097] 1461937028.664611: Requesting tickets for
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM, referrals on [18097]
>
> >> 1461937028.664700: Generated subkey for TGS request: aes256-cts/6372
>
> >> [18097] 1461937028.664727: etypes requested in TGS request:
>
> >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [18097]
>
> >> 1461937028.664865: Sending request (704 bytes) to CYBERFUEL.COM
>
> >> [18097] 1461937028.665035: Resolving hostname freeipa.cyberfuel.com
>
> >> [18097] 1461937028.665136: Initiating TCP connection to stream
>
> >> 192.168.20.90:88
>
> >> [18097] 1461937028.665510: Sending TCP request to stream
>
> >> 192.168.20.90:88 [18097] 1461937028.668919: Received answer from
>
> >> stream 192.168.20.90:88 [18097] 1461937028.668984: Response was from
>
> >> master KDC [18097] 1461937028.669109: TGS reply is for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM with
>
> >> session key aes256-cts/9592 [18097] 1461937028.669136: TGS request
>
> >> result: 0/Success [18097] 1461937028.669156: Received creds for
>
> >> desired service ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [18097] 1461937028.669167: Removing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM from FILE:/tmp/tmpF9x_o8
>
> >> [18097] 1461937028.669176: Storing admin at CYBERFUEL.COM ->
>
> >> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM in FILE:/tmp/tmpF9x_o8
>
> >> [18097] 1461937028.669304: Creating authenticator for
>
> >> admin at CYBERFUEL.COM -> ldap/freeipa.cyberfuel.com at CYBERFUEL.COM,
>
> >> seqnum 940175329, subkey aes256-cts/53B9, session key aes256-cts/9592
>
> >> [18097] 1461937028.676414: ccselect module realm chose cache
>
> >> FILE:/tmp/tmpF9x_o8 with client principal admin at CYBERFUEL.COM for
>
> >> server principal ldap/freeipa.cyberfuel.com at CYBERFUEL.COM
>
> >> [18097] 1461937028.676470: Retrieving admin at CYBERFUEL.COM ->
>
> >> krb5_ccache_conf_data/proxy_impersonator at X-CACHECONF: from
>
> >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not
>
> >> found [18097] 1461937028.676534: Read AP-REP, time 1461937028.669328,
>
> >> subkey aes256-cts/26C4, seqnum 864174069
>
> >>
>
> >> -----------------------------------
>
> >>
>
> >>
>
> >> Regards
>
> >>
>
> >> Jose Alvarez
>
> >>
>
> >>
>
> >> -----Original Message-----
>
> >> From: Rob Crittenden [mailto:rcritten at redhat.com]
>
> >> Sent: viernes 29 de abril de 2016 09:34 a.m.
>
> >> To: Jose Alvarez R. <jalvarez at cyberfuel.com>;
>
> >> freeipa-users at redhat.com
>
> >> Subject: Re: [Freeipa-users] HTTP response code is 401, not 200
>
> >>
>
> >> Jose Alvarez R. wrote:
>
> >>> Hi Users
>
> >>>
>
> >>> You can help me?
>
> >>>
>
> >>> I have the problem for join a client to my FREEIPA Server. The
>
> >>> version IPA Server is 3.0 and IP client is 3.0
>
> >>>
>
> >>> When I join my client to IPA server show these errors:
>
> >>>
>
> >>> [root at ppa ~]# tail -f /var/log/ipaclient-install.log
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG stderr=
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG trying to retrieve CA cert via LDAP from
>
> >>> ldap://freeipa.cyberfuel.com
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG Existing CA cert and Retrieved CA cert
>
> >>> are identical
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG args=/usr/sbin/ipa-join -s
>
> >>> freeipa.cyberfuel.com -b dc=cyberfuel,dc=com
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG stdout=
>
> >>>
>
> >>> 2016-04-28T17:26:41Z DEBUG stderr=HTTP response code is 401, not 200
>
> >>>
>
> >>> 2016-04-28T17:26:41Z ERROR Joining realm failed: HTTP response code
>
> >>> is 401, not 200
>
> >>>
>
> >>> 2016-04-28T17:26:41Z ERROR Installation failed. Rolling back changes.
>
> >>>
>
> >>> 2016-04-28T17:26:41Z ERROR IPA client is not configured on this system.
>
> >>
>
> >> I'd look in the 389-ds access and error logs on the IPA server to see
>
> >> if there are any more details. Look for the BIND from the client and
>
> >> see what happens.
>
> >>
>
> >> More context from the log file might be helpful. I believe if you run
>
> >> the client installer with --debug then additional flags are passed to
>
> >> ipa-join to include the XML-RPC conversation and that might be useful
>
> too.
>
> >>
>
> >> What account are you using to enroll with, admin?
>
> >>
>
> >> rob
>
> >>
>
> >
>
> >
>
> --
>
> Manage your subscription for the Freeipa-users mailing list:
>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> Go to http://freeipa.org for more info on the project
>
More information about the Freeipa-users
mailing list