<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">IM in limbo here trying to solve this issue<br>
<br>
here is my out put with the debug<br>
<br>
root@se-idm-ubuntu-client-01:/var/lib/ipa-client/sysrestore# ipa-client-install -d --no-dns-sshfp --hostname=se-idm-ubuntu-client-01.boingo.com --force-join --domain=boingo.com --server=se-idm-01.boingo.com<br>
/usr/sbin/ipa-client-install was invoked with options: {'domain': 'boingo.com', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': False, 'conf_sshd': True, 'conf_ntp': True, 'on_master':
 False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': 'se-idm-ubuntu-client-01.boingo.com', 'no_ac': False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': False, 'conf_ssh':
 True, 'force_join': True, 'server': ['se-idm-01.boingo.com'], 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}<br>
missing options might be asked for interactively later<br>
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'<br>
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'<br>
WARNING: ntpd time&date synchronization service will not be configured as<br>
conflicting service (chronyd) is enabled<br>
Use --force-ntpd option to disable it and force configuration of ntpd<br>
<br>
[IPA Discovery]<br>
Starting IPA discovery with domain=boingo.com, servers=['se-idm-01.boingo.com'], hostname=se-idm-ubuntu-client-01.boingo.com<br>
Server and domain forced<br>
[Kerberos realm search]<br>
Search DNS for TXT record of _kerberos.boingo.com<br>
DNS record not found: NXDOMAIN<br>
[LDAP server check]<br>
Verifying that se-idm-01.boingo.com (realm None) is an IPA server<br>
Init LDAP connection to: se-idm-01.boingo.com<br>
Search LDAP server for IPA base DN<br>
Check if naming context 'dc=boingo,dc=com' is for IPA<br>
Naming context 'dc=boingo,dc=com' is a valid IPA context<br>
Search for (objectClass=krbRealmContainer) in dc=boingo,dc=com (sub)<br>
Found: cn=BOINGO.COM,cn=kerberos,dc=boingo,dc=com<br>
Discovery result: Success; server=se-idm-01.boingo.com, domain=boingo.com, kdc=None, basedn=dc=boingo,dc=com<br>
Validated servers: se-idm-01.boingo.com<br>
will use discovered domain: boingo.com<br>
Using servers from command line, disabling DNS discovery<br>
will use provided server: se-idm-01.boingo.com<br>
Autodiscovery of servers for failover cannot work with this configuration.<br>
If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.<br>
Proceed with fixed values and no DNS discovery? [no]: yes<br>
will use discovered realm: BOINGO.COM<br>
will use discovered basedn: dc=boingo,dc=com<br>
Hostname: se-idm-ubuntu-client-01.boingo.com<br>
Hostname source: Provided as option<br>
Realm: BOINGO.COM<br>
Realm source: Discovered from LDAP DNS records in se-idm-01.boingo.com<br>
DNS Domain: boingo.com<br>
DNS Domain source: Forced<br>
IPA Server: se-idm-01.boingo.com<br>
IPA Server source: Provided as option<br>
BaseDN: dc=boingo,dc=com<br>
BaseDN source: From IPA server ldap://se-idm-01.boingo.com:389<br>
<br>
Continue to configure the system with these values? [no]: yes<br>
Starting external process<br>
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r BOINGO.COM<br>
Process finished, return code=0<br>
stdout=<br>
stderr=Removing principal host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
<br>
Removed old keys for realm BOINGO.COM from /etc/krb5.keytab<br>
Starting external process<br>
args=/bin/hostname se-idm-ubuntu-client-01.boingo.com<br>
Process finished, return code=0<br>
stdout=<br>
stderr=<br>
Backing up system configuration file '/etc/hostname'<br>
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'<br>
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'<br>
User authorized to enroll computers: admin<br>
will use principal provided as option: admin<br>
Synchronizing time with KDC...<br>
Search DNS for SRV record of _ntp._udp.boingo.com<br>
DNS record not found: NXDOMAIN<br>
Starting external process<br>
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com<br>
Process finished, return code=1<br>
stdout=<br>
stderr=<br>
Starting external process<br>
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com<br>
Process finished, return code=1<br>
stdout=<br>
stderr=<br>
Starting external process<br>
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com<br>
Process finished, return code=1<br>
stdout=<br>
stderr=<br>
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.<br>
Writing Kerberos configuration to /tmp/tmpBuP7iE:<br>
#File modified by ipa-client-install<br>
<br>
includedir /var/lib/sss/pubconf/krb5.include.d/<br>
<br>
[libdefaults]<br>
  default_realm = BOINGO.COM<br>
  dns_lookup_realm = false<br>
  dns_lookup_kdc = false<br>
  rdns = false<br>
  ticket_lifetime = 24h<br>
  forwardable = yes<br>
<br>
[realms]<br>
  BOINGO.COM = {<br>
    kdc = se-idm-01.boingo.com:88<br>
    master_kdc = se-idm-01.boingo.com:88<br>
    admin_server = se-idm-01.boingo.com:749<br>
    default_domain = boingo.com<br>
    pkinit_anchors = FILE:/etc/ipa/ca.crt<br>
  }<br>
<br>
[domain_realm]<br>
  .boingo.com = BOINGO.COM<br>
  boingo.com = BOINGO.COM<br>
<br>
Password for admin@BOINGO.COM: <br>
Starting external process<br>
args=kinit admin@BOINGO.COM<br>
Process finished, return code=0<br>
stdout=Password for admin@BOINGO.COM: <br>
<br>
stderr=<br>
trying to retrieve CA cert via LDAP from se-idm-01.boingo.com<br>
flushing ldap://se-idm-01.boingo.com:389 from SchemaCache<br>
retrieving schema for SchemaCache url=ldap://se-idm-01.boingo.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x140ff80><br>
Existing CA cert and Retrieved CA cert are identical<br>
Starting external process<br>
args=/usr/sbin/ipa-join -s se-idm-01.boingo.com -b dc=boingo,dc=com -d -h se-idm-ubuntu-client-01.boingo.com -f<br>
Process finished, return code=0<br>
stdout=<br>
stderr=XML-RPC CALL:<br>
<br>
<?xml version="1.0" encoding="UTF-8"?>\r\n<br>
<methodCall>\r\n<br>
<methodName>join</methodName>\r\n<br>
<params>\r\n<br>
<param><value><array><data>\r\n<br>
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\r\n<br>
</data></array></value></param>\r\n<br>
<param><value><struct>\r\n<br>
<member><name>nsosversion</name>\r\n<br>
<value><string>3.2.0-58-generic</string></value></member>\r\n<br>
<member><name>nshardwareplatform</name>\r\n<br>
<value><string>x86_64</string></value></member>\r\n<br>
</struct></value></param>\r\n<br>
</params>\r\n<br>
</methodCall>\r\n<br>
<br>
XML-RPC RESPONSE:<br>
<br>
<?xml version='1.0' encoding='UTF-8'?>\n<br>
<methodResponse>\n<br>
<params>\n<br>
<param>\n<br>
<value><array><data>\n<br>
<value><string>fqdn=se-idm-ubuntu-client-01.boingo.com,cn=computers,cn=accounts,dc=boingo,dc=com</string></value>\n<br>
<value><struct>\n<br>
<member>\n<br>
<name>sshpubkeyfp</name>\n<br>
<value><array><data>\n<br>
<value><string>F9:63:24:7C:AF:AF:10:F8:1E:C2:16:69:FE:EF:57:18 root@1204base (ssh-dss)</string></value>\n<br>
<value><string>85:E8:4E:22:E6:7E:73:0D:10:5C:CB:1A:FC:8B:DE:5C root@1204base (ssh-rsa)</string></value>\n<br>
<value><string>B8:BF:50:00:03:BF:AD:71:34:28:CE:83:0A:74:5E:8A root@1204base (ecdsa-sha2-nistp256)</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>has_keytab</name>\n<br>
<value><boolean>1</boolean></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>ipasshpubkey</name>\n<br>
<value><array><data>\n<br>
<value><string>ssh-dss AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
 root@1204base</string></value>\n<br>
<value><string>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
 root@1204base</string></value>\n<br>
<value><string>ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw= root@1204base</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>cn</name>\n<br>
<value><array><data>\n<br>
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>usercertificate</name>\n<br>
<value><array><data>\n<br>
<value><base64>\n<br>
MIIDqTCCApGgAwIBAgIBGjANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpCT0lOR08uQ09NMR4w\n<br>
HAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTQwMjIxMTc1MzI5WhcNMTYwMjIyMTc1\n<br>
MzI5WjBCMRMwEQYDVQQKEwpCT0lOR08uQ09NMSswKQYDVQQDEyJzZS1pZG0tdWJ1bnR1LWNsaWVu\n<br>
dC0wMS5ib2luZ28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2f//2Wz6UwUp\n<br>
EErhWDHE+maebFuN82TQnYoAkrDGkebMOmtbLIy8fa7BdY5VNf+bJrLZkoGVq5us9aTc+s1YX63P\n<br>
rmbPjFbO8+vL9I8IVIUutkUTNEhpVm0xiFe+n6jF7OXnjo/sfYZ1zT2QUyLN3TMF97hU2+QBItuJ\n<br>
XY7ChOWk++YeYjgPK0xkcjbMZkNGKxKFF1qURmZVvj0VLgUxX8UwwFQZZK2XEg1Iexa+4SsKhdJN\n<br>
wNagw1x99CiUXChn7V4lYZe8Uk7QDalGrgQTCVAIT+/9IpR94H6N68bHYA/hdBmV1JshTrL2Uhr0\n<br>
Z2eNSjv3bpHC7BqeyWLllLw55wIDAQABo4G2MIGzMB8GA1UdIwQYMBaAFC53PmsjH7HOB4yeCQkD\n<br>
z3yaIEbNMEIGCCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3NlLWlkbS0wMS5ib2lu\n<br>
Z28uY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n<br>
BgEFBQcDAjAdBgNVHQ4EFgQU7XOSHg+lb/Yizi5G81VQAT0VPQswDQYJKoZIhvcNAQELBQADggEB\n<br>
AGL9mbEyxQSv9d1dbMIW1V4NOBOJFKYmEXKxuQtrOEUDTN7H7IGNm7grMgOMYzrLYs1ftRxXrySF\n<br>
d8k/B3q8LBV2RQ7d0pT67cRH+YV6csmtpZ+YSOYSR+0e6F6BIsMCAU8lsjA7qvVYuaFCc+wvdiIp\n<br>
rea4piqV+lxWp1m0b/mdFuCbLyXao+pr2F5JhCHueHnn14I3k+E78f07hQUccOuS0BELWo9chy+l\n<br>
co7djPuzeG8MKTTr7+9L47dqhKhrY4sHyS+LhaUf3Y+irbLxgeqiBIjkV4TVkfZNZg4b6NvajgKM\n<br>
L9bj5XRwrSAhv1YccwzE1GDOOrp2j3LRYIcEUok=\n<br>
</base64></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>krbextradata</name>\n<br>
<value><array><data>\n<br>
<value><base64>\n<br>
AAKVkgdTaG9zdC9zZS1pZG0tdWJ1bnR1LWNsaWVudC0wMS5ib2luZ28uY29tQEJPSU5HTy5DT00A\n<br>
</base64></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>has_password</name>\n<br>
<value><boolean>0</boolean></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>subject</name>\n<br>
<value><string>CN=se-idm-ubuntu-client-01.boingo.com,O=BOINGO.COM</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>ipacertificatesubjectbase</name>\n<br>
<value><array><data>\n<br>
<value><string>O=BOINGO.COM</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>sha1_fingerprint</name>\n<br>
<value><string>60:5c:7f:f5:e7:77:b7:3c:0c:c8:c0:07:3f:c3:00:18:c1:dd:9d:af</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>krblastsuccessfulauth</name>\n<br>
<value><array><data>\n<br>
<value><string>20140221181453Z</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>serial_number</name>\n<br>
<value><string>26</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>managedby_host</name>\n<br>
<value><array><data>\n<br>
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>enrolledby_user</name>\n<br>
<value><array><data>\n<br>
<value><string>admin</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>dn</name>\n<br>
<value><string>fqdn=se-idm-ubuntu-client-01.boingo.com,cn=computers,cn=accounts,dc=boingo,dc=com</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>issuer</name>\n<br>
<value><string>CN=Certificate Authority,O=BOINGO.COM</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>ipauniqueid</name>\n<br>
<value><array><data>\n<br>
<value><string>459b077c-9b20-11e3-89c9-782bcb03bc6d</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>krbprincipalname</name>\n<br>
<value><array><data>\n<br>
<value><string>host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>serverhostname</name>\n<br>
<value><array><data>\n<br>
<value><string>se-idm-ubuntu-client-01</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>objectclass</name>\n<br>
<value><array><data>\n<br>
<value><string>ipaobject</string></value>\n<br>
<value><string>nshost</string></value>\n<br>
<value><string>ipahost</string></value>\n<br>
<value><string>pkiuser</string></value>\n<br>
<value><string>ipaservice</string></value>\n<br>
<value><string>krbprincipalaux</string></value>\n<br>
<value><string>krbprincipal</string></value>\n<br>
<value><string>ieee802device</string></value>\n<br>
<value><string>ipasshhost</string></value>\n<br>
<value><string>top</string></value>\n<br>
<value><string>ipaSshGroupOfPubKeys</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>valid_not_before</name>\n<br>
<value><string>Fri Feb 21 17:53:29 2014 UTC</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>valid_not_after</name>\n<br>
<value><string>Mon Feb 22 17:53:29 2016 UTC</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>fqdn</name>\n<br>
<value><array><data>\n<br>
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>managing_host</name>\n<br>
<value><array><data>\n<br>
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>md5_fingerprint</name>\n<br>
<value><string>bb:dc:38:b3:19:ab:7c:07:27:31:f9:a7:78:a4:98:16</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>serial_number_hex</name>\n<br>
<value><string>0x1A</string></value>\n<br>
</member>\n<br>
<member>\n<br>
<name>krblastpwdchange</name>\n<br>
<value><array><data>\n<br>
<value><string>20140221175325Z</string></value>\n<br>
</data></array></value>\n<br>
</member>\n<br>
</struct></value>\n<br>
</data></array></value>\n<br>
</param>\n<br>
</params>\n<br>
</methodResponse>\n<br>
<br>
Keytab successfully retrieved and stored in: /etc/krb5.keytab<br>
Certificate subject base is: O=BOINGO.COM<br>
<br>
Enrolled in IPA realm BOINGO.COM<br>
Starting external process<br>
args=kdestroy<br>
Process finished, return code=0<br>
stdout=<br>
stderr=<br>
Starting external process<br>
args=/usr/bin/kinit -k -t /etc/krb5.keytab host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=0<br>
stdout=<br>
stderr=<br>
Backing up system configuration file '/etc/ipa/default.conf'<br>
  -> Not backing up - '/etc/ipa/default.conf' doesn't exist<br>
Created /etc/ipa/default.conf<br>
importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/entitle.py'<br>
skipping plugin module ipalib.plugins.entitle: No module named rhsm.connection<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'<br>
Starting external process<br>
args=klist -V<br>
Process finished, return code=0<br>
stdout=Kerberos 5 version 1.10-beta1<br>
<br>
stderr=<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'<br>
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'<br>
Backing up system configuration file '/etc/sssd/sssd.conf'<br>
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'<br>
Domain boingo.com is already configured in existing SSSD config, creating a new one.<br>
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.<br>
Configured /etc/sssd/sssd.conf<br>
Starting external process<br>
args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt<br>
Process finished, return code=0<br>
stdout=<br>
stderr=<br>
Backing up system configuration file '/etc/krb5.conf'<br>
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'<br>
Writing Kerberos configuration to /etc/krb5.conf:<br>
#File modified by ipa-client-install<br>
<br>
includedir /var/lib/sss/pubconf/krb5.include.d/<br>
<br>
[libdefaults]<br>
  default_realm = BOINGO.COM<br>
  dns_lookup_realm = false<br>
  dns_lookup_kdc = false<br>
  rdns = false<br>
  ticket_lifetime = 24h<br>
  forwardable = yes<br>
<br>
[realms]<br>
  BOINGO.COM = {<br>
    kdc = se-idm-01.boingo.com:88<br>
    master_kdc = se-idm-01.boingo.com:88<br>
    admin_server = se-idm-01.boingo.com:749<br>
    default_domain = boingo.com<br>
    pkinit_anchors = FILE:/etc/ipa/ca.crt<br>
  }<br>
<br>
[domain_realm]<br>
  .boingo.com = BOINGO.COM<br>
  boingo.com = BOINGO.COM<br>
<br>
Configured /etc/krb5.conf for IPA realm BOINGO.COM<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
failed to find session_cookie in persistent storage for principal 'host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM'<br>
trying https://se-idm-01.boingo.com/ipa/xml<br>
Created connection context.xmlclient<br>
raw: env(None, server=True)<br>
env(None, server=True, all=True)<br>
Forwarding 'env' to server u'https://se-idm-01.boingo.com/ipa/xml'<br>
NSSConnection init se-idm-01.boingo.com<br>
Connecting: 66.103.90.130:0<br>
auth_certificate_callback: check_sig=True is_server=False<br>
Data:<br>
        Version: 3 (0x2)<br>
        Serial Number: 10 (0xa)<br>
        Signature Algorithm:<br>
            Algorithm: PKCS #1 SHA-256 With RSA Encryption<br>
        Issuer: CN=Certificate Authority,O=BOINGO.COM<br>
        Validity:<br>
            Not Before: Wed Jan 22 23:22:58 2014 UTC<br>
            Not After : Sat Jan 23 23:22:58 2016 UTC<br>
        Subject: CN=se-idm-01.boingo.com,O=BOINGO.COM<br>
        Subject Public Key Info:<br>
            Public Key Algorithm:<br>
                Algorithm: PKCS #1 RSA Encryption<br>
            RSA Public Key:<br>
                Modulus:<br>
                    da:61:36:ca:15:d7:7f:e1:8d:6d:8b:16:f1:36:66:db:<br>
                    52:77:cb:54:45:24:70:ec:fb:f7:e9:3b:65:e3:39:65:<br>
                    fe:56:90:8c:f6:6c:da:2c:7e:e4:96:6d:f8:60:57:02:<br>
                    93:db:91:7e:96:d1:03:03:34:ab:0a:90:39:6d:8a:e0:<br>
                    92:a1:1c:62:3c:61:24:51:b8:e0:87:96:5f:a0:24:85:<br>
                    2b:c5:43:4e:52:fd:a8:f9:28:25:00:84:53:31:51:e0:<br>
                    01:02:57:3d:48:26:b4:99:c4:aa:5a:51:36:f6:0f:14:<br>
                    b2:ad:f1:15:10:05:86:ee:d1:d0:32:5b:c4:7b:4c:db:<br>
                    82:28:3d:62:36:43:e0:c3:7b:ed:c9:b9:c4:58:34:a1:<br>
                    be:c5:1e:c0:b6:c7:9c:5b:1e:1d:48:b6:22:41:0e:e2:<br>
                    4f:43:e0:1b:e2:64:f4:57:69:67:10:64:04:7a:a4:0a:<br>
                    73:c5:6e:39:28:0b:76:9b:2b:b8:36:6a:59:e3:5e:84:<br>
                    50:ce:b6:e3:19:43:c0:f4:85:02:81:39:74:91:f5:22:<br>
                    04:c3:1f:49:64:39:b9:29:64:de:c4:69:76:56:a1:78:<br>
                    58:fd:33:28:62:77:1f:4a:3f:9d:8d:11:d2:00:0a:c0:<br>
                    73:1f:4f:42:89:26:a5:f2:93:a3:07:ef:3e:80:50:45<br>
                Exponent: 65537 (0x10001)<br>
    Signed Extensions: (5)<br>
        Name: Certificate Authority Key Identifier<br>
        Critical: False<br>
        Key ID:<br>
            2e:77:3e:6b:23:1f:b1:ce:07:8c:9e:09:09:03:cf:7c:<br>
            9a:20:46:cd<br>
        Serial Number: None<br>
        General Names: [0 total]<br>
<br>
        Name: Authority Information Access<br>
        Critical: False<br>
<br>
        Name: Certificate Key Usage<br>
        Critical: True<br>
        Usages:<br>
            Digital Signature<br>
            Non-Repudiation<br>
            Key Encipherment<br>
            Data Encipherment<br>
<br>
        Name: Extended Key Usage<br>
        Critical: False<br>
        Usages:<br>
            TLS Web Server Authentication Certificate<br>
            TLS Web Client Authentication Certificate<br>
<br>
        Name: Certificate Subject Key ID<br>
        Critical: False<br>
        Data:<br>
            c5:83:cc:e3:c4:64:6f:f1:67:47:f3:cd:6a:bd:f5:2c:<br>
            ac:91:1e:0c<br>
<br>
    Signature:<br>
        Signature Algorithm:<br>
            Algorithm: PKCS #1 SHA-256 With RSA Encryption<br>
        Signature:<br>
            b1:5d:69:6a:52:2a:42:4c:f7:4c:1e:f5:6e:4c:87:30:<br>
            f5:f5:ab:9c:ad:e5:7e:8c:e1:54:95:1d:53:56:8f:8f:<br>
            fc:a7:de:f2:61:f7:cd:a9:79:a7:a2:53:dd:8d:19:89:<br>
            ce:fb:92:bb:ca:d7:4f:84:e2:63:9b:b6:b6:a0:aa:24:<br>
            10:ac:7c:ce:17:09:d1:4e:2a:8e:ae:55:fc:0a:11:52:<br>
            ab:23:8b:25:85:15:3c:f3:bb:0a:51:11:4f:fc:87:e1:<br>
            0e:ca:12:cc:15:d4:36:57:a8:a4:db:42:0e:d1:1e:dc:<br>
            1f:64:33:34:da:58:4d:a6:39:ff:b5:2c:50:6c:99:67:<br>
            ff:af:c0:65:d1:f6:d9:33:d5:a8:c9:9c:e3:6e:fa:b7:<br>
            96:09:cd:73:eb:80:21:7d:04:af:ce:fb:76:d8:b1:ef:<br>
            b0:23:50:85:1c:34:9c:a2:9c:d7:c2:fd:0d:f0:bd:1f:<br>
            98:ec:19:03:00:47:17:9b:a2:1d:09:3f:04:3c:59:4c:<br>
            81:51:38:f0:e8:1e:74:49:5e:76:a1:d6:9a:9b:3d:fe:<br>
            85:12:37:6b:3f:c7:a7:62:ce:ea:68:d8:ff:47:5a:74:<br>
            41:ab:ea:0c:6a:35:e9:57:a6:3b:1f:c9:e1:12:87:8b:<br>
            81:eb:c4:73:c8:a9:4d:88:a9:40:22:f9:66:06:70:b4<br>
        Fingerprint (MD5):<br>
            43:6b:f7:a8:12:d6:72:2f:3c:36:60:ff:ea:6b:53:a9<br>
        Fingerprint (SHA1):<br>
            91:b6:61:43:5d:0b:d0:14:cf:71:c8:c6:20:88:74:be:<br>
            ce:ad:a0:53<br>
approved_usage = SSLServer intended_usage = SSLServer<br>
cert valid True for "CN=se-idm-01.boingo.com,O=BOINGO.COM"<br>
handshake complete, peer = 66.103.90.130:443<br>
received Set-Cookie 'ipa_session=feebdfa3447e7a8bdae71ad28871835e; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 19:47:41 GMT; Secure; HttpOnly'<br>
storing cookie 'ipa_session=feebdfa3447e7a8bdae71ad28871835e; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 19:47:41 GMT; Secure; HttpOnly' for principal host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
Starting external process<br>
args=keyctl padd user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM @s<br>
Process finished, return code=0<br>
stdout=546101869<br>
<br>
stderr=<br>
Hostname (se-idm-ubuntu-client-01.boingo.com) not found in DNS<br>
Writing nsupdate commands to /etc/ipa/.dns_update.txt:<br>
<br>
zone boingo.com.<br>
update delete se-idm-ubuntu-client-01.boingo.com. IN A<br>
send<br>
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN A 23.253.21.58<br>
send<br>
<br>
Starting external process<br>
args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt<br>
Process finished, return code=1<br>
stdout=<br>
stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server DNS/ns-1454.awsdns-53.org@BOINGO.COM not found in Kerberos database.<br>
<br>
nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1<br>
Failed to update DNS records.<br>
Starting external process<br>
args=/usr/sbin/service dbus status <br>
Process finished, return code=0<br>
stdout=dbus start/running, process 1004<br>
<br>
stderr=<br>
Starting external process<br>
args=/usr/sbin/service certmonger restart <br>
Process finished, return code=0<br>
stdout=certmonger stop/waiting<br>
certmonger start/running<br>
<br>
stderr=<br>
Starting external process<br>
args=/usr/sbin/service certmonger status <br>
Process finished, return code=0<br>
stdout=certmonger start/running<br>
<br>
stderr=<br>
Starting external process<br>
args=/usr/sbin/service certmonger stop <br>
Process finished, return code=0<br>
stdout=certmonger stop/waiting<br>
<br>
stderr=<br>
certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'<br>
Starting external process<br>
args=/usr/sbin/service certmonger restart <br>
Process finished, return code=0<br>
stdout=certmonger start/running<br>
<br>
stderr=stop: Unknown instance: <br>
<br>
Starting external process<br>
args=/usr/sbin/service certmonger status <br>
Process finished, return code=0<br>
stdout=certmonger start/running<br>
<br>
stderr=<br>
Starting external process<br>
args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - se-idm-ubuntu-client-01.boingo.com -N CN=se-idm-ubuntu-client-01.boingo.com,O=BOINGO.COM -K host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=Certificate at same location is already used by request with nickname "20140221175328".<br>
<br>
stderr=<br>
certmonger request for host certificate failed<br>
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub<br>
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub<br>
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub<br>
raw: host_mod(u'se-idm-ubuntu-client-01.boingo.com', ipasshpubkey=[u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
 root@1204base', u'ssh-dss AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
 root@1204base', u'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw= root@1204base'], updatedns=False)<br>
host_mod(u'se-idm-ubuntu-client-01.boingo.com', random=False, ipasshpubkey=(u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
 root@1204base', u'ssh-dss AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
 root@1204base', u'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw= root@1204base'), rights=False, updatedns=False, all=False, raw=False)<br>
Forwarding 'host_mod' to server u'https://se-idm-01.boingo.com/ipa/xml'<br>
NSSConnection init se-idm-01.boingo.com<br>
Connecting: 66.103.90.130:0<br>
handshake complete, peer = 66.103.90.130:443<br>
received Set-Cookie 'ipa_session=19d25037e9a9416d6201a0fbd3faaccb; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 19:47:43 GMT; Secure; HttpOnly'<br>
storing cookie 'ipa_session=19d25037e9a9416d6201a0fbd3faaccb; Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 19:47:43 GMT; Secure; HttpOnly' for principal host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
Starting external process<br>
args=keyctl search @s user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM<br>
Process finished, return code=1<br>
stdout=<br>
stderr=keyctl_search: Required key not available<br>
<br>
Starting external process<br>
args=keyctl padd user ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo.com@BOINGO.COM @s<br>
Process finished, return code=0<br>
stdout=1008872903<br>
<br>
stderr=<br>
Caught fault 4202 from server https://se-idm-01.boingo.com/ipa/xml: no modifications to be performed<br>
Starting external process<br>
args=/usr/sbin/service nscd status<br>
Process finished, return code=1<br>
stdout=<br>
stderr=nscd: unrecognized service<br>
<br>
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'<br>
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'<br>
<br>
<br>
</div>
</body>
</html>