[Freeipa-users] FreeIpa client can't execute any command

[Petr Vobornik]

On 01/09/2017 02:56 PM, Андрей Ривкин wrote:
> Hello everyone!
> 
> I'm new to FreeIpa, so if my question is very simple just point me to the 
> documentation.
> 
> I've installed FreeIpa on host demo3.xxx.com <http://demo3.xxx.com>.
> Then registred some other host demo5.xxx.com <http://demo5.xxx.com>. I've used 
> ipa add host command.
> Then installed ipa-client and ipa-admin-tools demo5.
> Checked that they worked and were able to execute commands like kinit and ipa 
> host-find.
> 
> On the host demo3 I've restarted service ipa (service ipa restart).
> Now I'm able to execute  ipa host-find on demo3, but not able to execute this 
> command on demo3.
> I've done kinit by 'someadmin'.
> All ipa commands not working:
> 
> 
> [root at demo5 ~]# ipa -v -d
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:someadmin at XXX.COM 
> <mailto:ipa_session_cookie%3Asomeadmin at XXX.COM>
> ipa: DEBUG: Process finished, return code=1
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=keyctl_search: Required key not available
> 
> ipa: DEBUG: failed to find session_cookie in persistent storage for principal 
> 'someadmin at XXX.COM <mailto:someadmin at XXX.COM>'
> ipa: INFO: trying https://demo3.xxx.com/ipa/json
> ipa: DEBUG: Created connection context.rpcclient_41215888
> ipa: INFO: Forwarding 'schema' to json server 'https://demo3.xxx.com/ipa/json'
> ipa: DEBUG: Destroyed connection context.rpcclient_41215888
> ipa: ERROR: Service 'HTTP at demo3.xxx.com <mailto:HTTP at demo3.xxx.com>' not found 
> in Kerberos database
> 
> 
> It looks like my client is not connected to my server.
> Any ideas how to debug this situation?
> 
> P.S. Hosts - Centos 7. DNS on demo3.
> 
> Regards,
> Andrey
> 


Does following sequence work the same way on both demo3 and demo5?

 $ kdestroy -A
 $ kinit someadmin
 $ kvno HTTP/demo3.xxx.com

Does `ipactl status` show that all services are running fine?

-- 
Petr Vobornik