[root@beanstalk01-ore ~]# cat /etc/resolv.conf search prod.cloud.myinc.local myinc.local nameserver 10.77.30.35 nameserver 10.10.0.254 nameserver 10.10.2.246 [root@beanstalk01-ore ~]# ipa-client-install --enable-dns-updates --mkhomedir --domain prod.cloud.myinc.local --force-join -d /sbin/ipa-client-install was invoked with options: {'domain': 'prod.cloud.myinc.local', 'force': False, 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'request_cert': False, 'trust_sshfp': False, 'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5, 'dns_updates': True, 'conf_sudo': True, 'conf_ssh': True, 'force_join': True, 'firefox_dir': None, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'mkhomedir': True, 'uninstall': False} missing options might be asked for interactively later IPA version 4.2.0-15.el7_2.6 Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args='/bin/systemctl' 'is-enabled' 'chronyd.service' Process finished, return code=0 stdout=enabled stderr= WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd [IPA Discovery] Starting IPA discovery with domain=prod.cloud.myinc.local, servers=None, hostname=beanstalk01-ore.prod.cloud.myinc.local Search for LDAP SRV record in prod.cloud.myinc.local Search DNS for SRV record of _ldap._tcp.prod.cloud.myinc.local DNS record found: 0 100 389 ipa02-ore.prod.cloud.myinc.local. DNS record found: 0 100 389 rspsna-ipa02.prod.i2x.myinc.local. DNS record found: 0 100 389 rspsna-ipa01.prod.i2x.myinc.local. DNS record found: 0 100 389 ipa01-ore.prod.cloud.myinc.local. [Kerberos realm search] Search DNS for TXT record of _kerberos.prod.cloud.myinc.local DNS record found: "myinc.LOCAL" Search DNS for SRV record of _kerberos._udp.prod.cloud.myinc.local DNS record found: 0 100 88 rspsna-ipa01.prod.i2x.myinc.local. DNS record found: 0 100 88 ipa02-ore.prod.cloud.myinc.local. DNS record found: 0 100 88 ipa01-ore.prod.cloud.myinc.local. DNS record found: 0 100 88 rspsna-ipa02.prod.i2x.myinc.local. [LDAP server check] Verifying that ipa02-ore.prod.cloud.myinc.local (realm myinc.LOCAL) is an IPA server Init LDAP connection to: ipa02-ore.prod.cloud.myinc.local Search LDAP server for IPA base DN Check if naming context 'dc=myinc,dc=local' is for IPA Naming context 'dc=myinc,dc=local' is a valid IPA context Search for (objectClass=krbRealmContainer) in dc=myinc,dc=local (sub) Found: cn=myinc.LOCAL,cn=kerberos,dc=myinc,dc=local Discovery result: Success; server=ipa02-ore.prod.cloud.myinc.local, domain=prod.cloud.myinc.local, kdc=rspsna-ipa01.prod.i2x.myinc.local,ipa02-ore.prod.cloud.myinc.local,ipa01-ore.prod.cloud.myinc.local,rspsna-ipa02.prod.i2x.myinc.local, basedn=dc=myinc,dc=local Validated servers: ipa02-ore.prod.cloud.myinc.local will use discovered domain: prod.cloud.myinc.local Start searching for LDAP SRV record in "prod.cloud.myinc.local" (Validating DNS Discovery) and its sub-domains Search DNS for SRV record of _ldap._tcp.prod.cloud.myinc.local DNS record found: 0 100 389 ipa01-ore.prod.cloud.myinc.local. DNS record found: 0 100 389 rspsna-ipa02.prod.i2x.myinc.local. DNS record found: 0 100 389 ipa02-ore.prod.cloud.myinc.local. DNS record found: 0 100 389 rspsna-ipa01.prod.i2x.myinc.local. DNS validated, enabling discovery will use discovered server: ipa02-ore.prod.cloud.myinc.local Discovery was successful! will use discovered realm: myinc.LOCAL will use discovered basedn: dc=myinc,dc=local Client hostname: beanstalk01-ore.prod.cloud.myinc.local Hostname source: Machine's FQDN Realm: myinc.LOCAL Realm source: Discovered from LDAP DNS records in ipa02-ore.prod.cloud.myinc.local DNS Domain: prod.cloud.myinc.local DNS Domain source: Discovered LDAP SRV records from prod.cloud.myinc.local IPA Server: ipa02-ore.prod.cloud.myinc.local IPA Server source: Discovered from LDAP DNS records in ipa02-ore.prod.cloud.myinc.local BaseDN: dc=myinc,dc=local BaseDN source: From IPA server ldap://ipa02-ore.prod.cloud.myinc.local:389 Continue to configure the system with these values? [no]: yes Starting external process args='/usr/sbin/ipa-rmkeytab' '-k' '/etc/krb5.keytab' '-r' 'myinc.LOCAL' Process finished, return code=5 stdout= stderr=realm not found Skipping synchronizing time with NTP server. User authorized to enroll computers: dacosta will use principal provided as option: dacosta Starting external process args='keyctl' 'get_persistent' '@s' '0' Process finished, return code=0 stdout=209143713 stderr= Enabling persistent keyring CCACHE Writing Kerberos configuration to /tmp/tmpjHuUwF: #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = myinc.LOCAL dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] myinc.LOCAL = { kdc = ipa02-ore.prod.cloud.myinc.local:88 master_kdc = ipa02-ore.prod.cloud.myinc.local:88 admin_server = ipa02-ore.prod.cloud.myinc.local:749 default_domain = prod.cloud.myinc.local pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .prod.cloud.myinc.local = myinc.LOCAL prod.cloud.myinc.local = myinc.LOCAL Password for dacosta@myinc.LOCAL: Initializing principal dacosta@myinc.LOCAL using password Starting external process args='/usr/bin/kinit' 'dacosta@myinc.LOCAL' '-c' '/tmp/tmp8xJJSf' Process finished, return code=0 stdout=Password for dacosta@myinc.LOCAL: stderr= trying to retrieve CA cert via LDAP from ipa02-ore.prod.cloud.myinc.local flushing ldap://ipa02-ore.prod.cloud.myinc.local:389 from SchemaCache retrieving schema for SchemaCache url=ldap://ipa02-ore.prod.cloud.myinc.local:389 conn= Successfully retrieved CA cert Subject: CN=Certificate Authority,O=myinc.LOCAL Issuer: CN=Certificate Authority,O=myinc.LOCAL Valid From: Mon Dec 21 19:54:06 2015 UTC Valid Until: Fri Dec 21 19:54:06 2035 UTC Starting external process args='/usr/sbin/ipa-join' '-s' 'ipa02-ore.prod.cloud.myinc.local' '-b' 'dc=myinc,dc=local' '-h' 'beanstalk01-ore.prod.cloud.myinc.local' '-d' '-f' Process finished, return code=0 stdout= stderr=XML-RPC CALL: \r\n \r\n join\r\n \r\n \r\n beanstalk01-ore.prod.cloud.myinc.local\r\n \r\n \r\n nsosversion\r\n 3.10.0-327.10.1.el7.x86_64\r\n nshardwareplatform\r\n x86_64\r\n \r\n \r\n \r\n * About to connect() to ipa02-ore.prod.cloud.myinc.local port 443 (#0) * Trying 10.10.2.246... * Connected to ipa02-ore.prod.cloud.myinc.local (10.10.2.246) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=ipa02-ore.prod.cloud.myinc.local,OU=pki-ipa,O=IPA * start date: Mar 02 17:22:10 2016 GMT * expire date: Mar 03 17:22:10 2018 GMT * common name: ipa02-ore.prod.cloud.myinc.local * issuer: CN=Certificate Authority,O=myinc.LOCAL > POST /ipa/xml HTTP/1.1 Host: ipa02-ore.prod.cloud.myinc.local Accept: */* Content-Type: text/xml User-Agent: ipa-join/4.2.0 Referer: https://ipa02-ore.prod.cloud.myinc.local/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0 Content-Length: 497 * upload completely sent off: 497 out of 497 bytes < HTTP/1.1 401 Unauthorized < Date: Thu, 03 Mar 2016 19:54:00 GMT < Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_nss/2.4.6 NSS/3.19.1 Basic ECC mod_wsgi/3.4 Python/2.7.5 < WWW-Authenticate: Negotiate < Last-Modified: Tue, 16 Feb 2016 15:54:04 GMT < Accept-Ranges: bytes < Content-Length: 1474 < Content-Type: text/html; charset=UTF-8 < * Ignoring the response-body * Connection #0 to host ipa02-ore.prod.cloud.myinc.local left intact * Issue another request to this URL: 'https://ipa02-ore.prod.cloud.myinc.local:443/ipa/xml' * Found bundle for host ipa02-ore.prod.cloud.myinc.local: 0x7f3917ced600 * Connection 0 seems to be dead! * Closing connection 0 * About to connect() to ipa02-ore.prod.cloud.myinc.local port 443 (#1) * Trying 10.10.2.246... * Connected to ipa02-ore.prod.cloud.myinc.local (10.10.2.246) port 443 (#1) * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=ipa02-ore.prod.cloud.myinc.local,OU=pki-ipa,O=IPA * start date: Mar 02 17:22:10 2016 GMT * expire date: Mar 03 17:22:10 2018 GMT * common name: ipa02-ore.prod.cloud.myinc.local * issuer: CN=Certificate Authority,O=myinc.LOCAL * Server auth using GSS-Negotiate with user '' > POST /ipa/xml HTTP/1.1 Authorization: Negotiate YIIFEwYJKoZIhvcSAQICAQBuggUCMIIE/qADAgEFoQMCAQ6iBwMFACAAAACjggFpYYIBZTCCAWGgAwIBBaENGwtSU0lOQy5MT0NBTKIxMC+gAwIBA6EoMCYbBEhUVFAbHmlwYTAyLW9yZS5wcm9kLmF3cy5yc2luYy5sb2NhbKOCARYwggESoAMCARKhAwIBAqKCAQQEggEAdKqdPwlmaP+2wi9x4cR5QtmhtmXlhAZamfbOivNxY6QkXH10ex3K5VsAaVHghAcDXZqgq74DtnFoj6ggbNdClwaeaU9ufmfczpNL2+wOMeQ0fg9fa79IhxmIDitjsMk/poE1o7HbtBB9tmlpreRqBh/BxDBU+y/eCXwM7vNQgKKJ9Htotps2BqP4cPwx44hFG3z+Mh3CTdsGNZGxRhwnlnjS57ml1mhcqIgAp+/60AJvVEPtBKvRloqE+nSF1kV+ite282nSMoKZCXkMVqJl/OtbNKcF1snoiloc3WCQCn3wXXwvobqVKvk1SxcdE67TSnTd2cS5C7vcR0RMFElEaqSCA3owggN2oAMCARKiggNtBIIDadoIwnq1iNwa4R7JriOF0BBpAraVjc2DG51aqPneU8VeaE7MzLUWloz8d2THnio6kBmTiVHrDnti3Aap9pwQabaEW4nNKd3Z/hDGk8j4MOTvAw/5bYUky9gk7yykYpFzYPMOa/qSIjTe9My6CWlZQHSV5CxzkGwZFbgPrWN/IBrqNNkI/pqipg4/WbqsPhFJ0PCxNPLysa6wlFGQ5QRM3IaKGCjQMUyOeX9ssvFbMCesv1dOqeXt2gqV8lgnHydbMYFrpXF2lZEGAzwJV9Gya4jDxxSJa+/1YpRwYXXGkteWMC+B4D0f/GuE/za9P1qftD+xImsuT0RYEI5FV97FpjK9A3nxkueBROcljaAEQEfDkhcJb9h8K9qOn/H0Vzn/7X1vEXHVXWg7bkc7IVEKPwIg69ao9GZyoIViKVIJZyea2C/Ag9R7xkdsrZmV1970DmLzdemMXYoxBmitX00LmOIR+bbwvRZF85/h7GcKbQB6mvDZn+1xntMwDs8AJt8CMZsbz7R8gsFwyJ3DtNTR7BSTOrlT3Hk8rGYaUl0vG2q7lf7qvq8EYE+vgXioE85kR//Y/o+v35zi4u15h0iqmdH86U66nflAlRlgf3XPzBgfKZvLohd7FHmvNHAhzYWofatiV1SxyrzuMbuWw0/qATTwTKhw2F1Bi1F/5eAPJQbRfEs+sBhWt22tOGfF/VL+VYRO4ev62MCkiG4QFZEyZsrwd86fHntKhDYnosAC4GLvaO4I2ql0Z8StSCu/jOOEejeeyMpJ8KJKE/PEvSM5Hbgw9sWzzOF2n5mrke65nblOnRio3IOzGq0R7qXQy/fhRqNAz6jVPdYr4s841BkkIcQE2p1gnSKBxxmRf449n6PsT9gHuFbkbImxaECVUUQtDGE6jKr2dsoydawncArHf9at3jNVLDrK8pnPgrrAWJhkeFuuOgMqnuWl+Buvr62TmOS0SRfVE2xOfeogjm6EO4YB/Zd/NJEgCEQo8OzEji5fDReLAnDX1j5Uu6VgLksQGQ1CMvykRfMtP68/9m4W5wD+X7pY2mDMd2lufsyUYOLAnc+xmYo+S4Q33vCuc+IOZAkzx7c/EPr7RSvbLLrMEWTwA5/EHwHlQRwhnBUSyl8EfFm2/HkQmuvED246l2aiJ1VnGYo71xb8tw== Host: ipa02-ore.prod.cloud.myinc.local Accept: */* Content-Type: text/xml User-Agent: ipa-join/4.2.0 Referer: https://ipa02-ore.prod.cloud.myinc.local/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0 Content-Length: 497 * upload completely sent off: 497 out of 497 bytes < HTTP/1.1 200 Success < Date: Thu, 03 Mar 2016 19:54:15 GMT < Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_nss/2.4.6 NSS/3.19.1 Basic ECC mod_wsgi/3.4 Python/2.7.5 * Added cookie ipa_session="b235bc522f42fac8f195f0839228f171" for domain ipa02-ore.prod.cloud.myinc.local, path /ipa, expire 1457036055 < Set-Cookie: ipa_session=b235bc522f42fac8f195f0839228f171; Domain=ipa02-ore.prod.cloud.myinc.local; Path=/ipa; Expires=Thu, 03 Mar 2016 20:14:15 GMT; Secure; HttpOnly < WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvX4MsJ5VSN9X+EA83p5sFFv8123NqNhSBQOuLHPvtF4NijFMVEkHd13Z/ZbMGvgBugybyOwmgUXh+HOUP7LMrr3FjdiSaoJQ/ebfPcJakJSLdkp097JzhMl1Hb3Q6Xiwwg2KaVnsDMOL7Sc//HWvM < Vary: Accept-Encoding < Content-Length: 3235 < Content-Type: text/xml; charset=utf-8 < * Closing connection 1 XML-RPC RESPONSE: \n \n \n \n \n fqdn=beanstalk01-ore.prod.cloud.myinc.local,cn=computers,cn=accounts,dc=myinc,dc=local\n \n \n dn\n fqdn=beanstalk01-ore.prod.cloud.myinc.local,cn=computers,cn=accounts,dc=myinc,dc=local\n \n \n ipacertificatesubjectbase\n \n O=myinc.LOCAL\n \n \n \n krbextradata\n \n \n AAKvc9dWaG9zdC9iZWFuc3RhbGswMS1vcmUucHJvZC5hd3MucnNpbmMubG9jYWxAUlNJTkMuTE9D\n QUwA\n \n \n \n \n cn\n \n beanstalk01-ore.prod.cloud.myinc.local\n \n \n \n objectclass\n \n ipaSshGroupOfPubKeys\n ipaobject\n ieee802device\n nshost\n top\n ipaservice\n pkiuser\n ipahost\n krbprincipal\n krbprincipalaux\n ipasshhost\n \n \n \n krblastpwdchange\n \n 20160302231351Z\n \n \n \n ipakrbokasdelegate\n 0\n \n \n fqdn\n \n beanstalk01-ore.prod.cloud.myinc.local\n \n \n \n managing_host\n \n beanstalk01-ore.prod.cloud.myinc.local\n \n \n \n krblastsuccessfulauth\n \n 20160302231401Z\n \n \n \n has_keytab\n 1\n \n \n has_password\n 0\n \n \n ipauniqueid\n \n eae9a998-e0cb-11e5-8d14-02760e936463\n \n \n \n krbprincipalname\n \n host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL\n \n \n \n managedby_host\n \n beanstalk01-ore.prod.cloud.myinc.local\n \n \n \n serverhostname\n \n beanstalk01-ore\n \n \n \n enrolledby_user\n \n dacosta\n \n \n \n ipakrbrequirespreauth\n 1\n \n \n \n \n \n \n Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=myinc.LOCAL Enrolled in IPA realm myinc.LOCAL Starting external process args='kdestroy' Process finished, return code=0 stdout= stderr= Initializing principal host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL using keytab /etc/krb5.keytab using ccache /etc/ipa/.dns_ccache Attempt 1/5: success Backing up system configuration file '/etc/ipa/default.conf' -> Not backing up - '/etc/ipa/default.conf' doesn't exist Created /etc/ipa/default.conf importing all plugin modules in ipalib.plugins... importing plugin module ipalib.plugins.aci importing plugin module ipalib.plugins.automember importing plugin module ipalib.plugins.automount importing plugin module ipalib.plugins.baseldap importing plugin module ipalib.plugins.baseuser importing plugin module ipalib.plugins.batch importing plugin module ipalib.plugins.caacl importing plugin module ipalib.plugins.cert importing plugin module ipalib.plugins.certprofile importing plugin module ipalib.plugins.config importing plugin module ipalib.plugins.delegation importing plugin module ipalib.plugins.dns importing plugin module ipalib.plugins.domainlevel importing plugin module ipalib.plugins.group importing plugin module ipalib.plugins.hbacrule importing plugin module ipalib.plugins.hbacsvc importing plugin module ipalib.plugins.hbacsvcgroup importing plugin module ipalib.plugins.hbactest importing plugin module ipalib.plugins.host importing plugin module ipalib.plugins.hostgroup importing plugin module ipalib.plugins.idrange importing plugin module ipalib.plugins.idviews importing plugin module ipalib.plugins.internal importing plugin module ipalib.plugins.kerberos importing plugin module ipalib.plugins.krbtpolicy importing plugin module ipalib.plugins.migration importing plugin module ipalib.plugins.misc importing plugin module ipalib.plugins.netgroup importing plugin module ipalib.plugins.otpconfig importing plugin module ipalib.plugins.otptoken importing plugin module ipalib.plugins.otptoken_yubikey importing plugin module ipalib.plugins.passwd importing plugin module ipalib.plugins.permission importing plugin module ipalib.plugins.ping importing plugin module ipalib.plugins.pkinit importing plugin module ipalib.plugins.privilege importing plugin module ipalib.plugins.pwpolicy Starting external process args='klist' '-V' Process finished, return code=0 stdout=Kerberos 5 version 1.13.2 stderr= importing plugin module ipalib.plugins.radiusproxy importing plugin module ipalib.plugins.realmdomains importing plugin module ipalib.plugins.role importing plugin module ipalib.plugins.rpcclient importing plugin module ipalib.plugins.selfservice importing plugin module ipalib.plugins.selinuxusermap importing plugin module ipalib.plugins.server importing plugin module ipalib.plugins.service importing plugin module ipalib.plugins.servicedelegation importing plugin module ipalib.plugins.session importing plugin module ipalib.plugins.stageuser importing plugin module ipalib.plugins.sudocmd importing plugin module ipalib.plugins.sudocmdgroup importing plugin module ipalib.plugins.sudorule importing plugin module ipalib.plugins.topology importing plugin module ipalib.plugins.trust importing plugin module ipalib.plugins.user importing plugin module ipalib.plugins.vault importing plugin module ipalib.plugins.virtual Backing up system configuration file '/etc/sssd/sssd.conf' -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist New SSSD config will be created Backing up system configuration file '/etc/nsswitch.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured sudoers in /etc/nsswitch.conf Starting external process args='/sbin/ip' '-oneline' 'address' 'show' Process finished, return code=0 stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever 2: eth0 inet 10.10.11.185/23 brd 10.10.11.255 scope global dynamic eth0\ valid_lft 2825sec preferred_lft 2825sec 2: eth0 inet6 fe80::c2:36ff:fef0:311/64 scope link \ valid_lft forever preferred_lft forever stderr= Configured /etc/sssd/sssd.conf Backing up system configuration file '/etc/krb5.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Starting external process args='keyctl' 'get_persistent' '@s' '0' Process finished, return code=0 stdout=209143713 stderr= Enabling persistent keyring CCACHE Writing Kerberos configuration to /etc/krb5.conf: #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = myinc.LOCAL dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] myinc.LOCAL = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .prod.cloud.myinc.local = myinc.LOCAL prod.cloud.myinc.local = myinc.LOCAL Configured /etc/krb5.conf for IPA realm myinc.LOCAL Starting external process args='keyctl' 'search' '@s' 'user' 'ipa_session_cookie:host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL' Process finished, return code=1 stdout= stderr=keyctl_search: Required key not available Starting external process args='/usr/bin/certutil' '-d' '/tmp/tmpKKgv87' '-N' '-f' '/tmp/tmpZdTJ3x' Process finished, return code=0 stdout= stderr= Starting external process args='/usr/bin/certutil' '-d' '/tmp/tmpKKgv87' '-A' '-n' 'CA certificate 1' '-t' 'C,,' Process finished, return code=0 stdout= stderr= Starting external process args='keyctl' 'search' '@s' 'user' 'ipa_session_cookie:host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL' Process finished, return code=1 stdout= stderr=keyctl_search: Required key not available failed to find session_cookie in persistent storage for principal 'host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL' trying https://ipa02-ore.prod.cloud.myinc.local/ipa/json Cannot connect to the server due to Kerberos error: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/. Trying with delegate=True trying https://ipa02-ore.prod.cloud.myinc.local/ipa/json Second connect with delegate=True also failed: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/ Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/ Installation failed. Rolling back changes. Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' Starting external process args='ipa-client-automount' '--uninstall' '--debug' Process finished, return code=0 stdout=Restoring configuration stderr=importing all plugin modules in ipalib.plugins... importing plugin module ipalib.plugins.aci importing plugin module ipalib.plugins.automember importing plugin module ipalib.plugins.automount importing plugin module ipalib.plugins.baseldap importing plugin module ipalib.plugins.baseuser importing plugin module ipalib.plugins.batch importing plugin module ipalib.plugins.caacl importing plugin module ipalib.plugins.cert importing plugin module ipalib.plugins.certprofile importing plugin module ipalib.plugins.config importing plugin module ipalib.plugins.delegation importing plugin module ipalib.plugins.dns importing plugin module ipalib.plugins.domainlevel importing plugin module ipalib.plugins.group importing plugin module ipalib.plugins.hbacrule importing plugin module ipalib.plugins.hbacsvc importing plugin module ipalib.plugins.hbacsvcgroup importing plugin module ipalib.plugins.hbactest importing plugin module ipalib.plugins.host importing plugin module ipalib.plugins.hostgroup importing plugin module ipalib.plugins.idrange importing plugin module ipalib.plugins.idviews importing plugin module ipalib.plugins.internal importing plugin module ipalib.plugins.kerberos importing plugin module ipalib.plugins.krbtpolicy importing plugin module ipalib.plugins.migration importing plugin module ipalib.plugins.misc importing plugin module ipalib.plugins.netgroup importing plugin module ipalib.plugins.otpconfig importing plugin module ipalib.plugins.otptoken importing plugin module ipalib.plugins.otptoken_yubikey importing plugin module ipalib.plugins.passwd importing plugin module ipalib.plugins.permission importing plugin module ipalib.plugins.ping importing plugin module ipalib.plugins.pkinit importing plugin module ipalib.plugins.privilege importing plugin module ipalib.plugins.pwpolicy Starting external process args='klist' '-V' Process finished, return code=0 stdout=Kerberos 5 version 1.13.2 stderr= importing plugin module ipalib.plugins.radiusproxy importing plugin module ipalib.plugins.realmdomains importing plugin module ipalib.plugins.role importing plugin module ipalib.plugins.rpcclient importing plugin module ipalib.plugins.selfservice importing plugin module ipalib.plugins.selinuxusermap importing plugin module ipalib.plugins.server importing plugin module ipalib.plugins.service importing plugin module ipalib.plugins.servicedelegation importing plugin module ipalib.plugins.session importing plugin module ipalib.plugins.stageuser importing plugin module ipalib.plugins.sudocmd importing plugin module ipalib.plugins.sudocmdgroup importing plugin module ipalib.plugins.sudorule importing plugin module ipalib.plugins.topology importing plugin module ipalib.plugins.trust importing plugin module ipalib.plugins.user importing plugin module ipalib.plugins.vault importing plugin module ipalib.plugins.virtual Restoring system configuration file '/etc/nsswitch.conf' Starting external process args='/usr/sbin/selinuxenabled' Process finished, return code=0 stdout= stderr= Starting external process args='/sbin/restorecon' '/etc/nsswitch.conf' Process finished, return code=0 stdout= stderr= Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args='/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L' '-n' 'Local IPA host' '-r' Process finished, return code=255 stdout= stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. Starting external process args='/usr/bin/certutil' '-d' '/etc/pki/nssdb' '-L' '-n' 'IPA Machine Certificate - beanstalk01-ore.prod.cloud.myinc.local' '-r' Process finished, return code=255 stdout= stderr=certutil: Could not find cert: IPA Machine Certificate - beanstalk01-ore.prod.cloud.myinc.local : PR_FILE_NOT_FOUND_ERROR: File not found Starting external process args='/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L' Process finished, return code=255 stdout= stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. Failed to list certificates in /etc/ipa/nssdb: Command ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit status 255 Starting external process args='/bin/systemctl' 'start' 'certmonger.service' Process finished, return code=0 stdout= stderr= Starting external process args='/bin/systemctl' 'is-active' 'certmonger.service' Process finished, return code=0 stdout=active stderr= Starting external process args='/bin/systemctl' 'stop' 'certmonger.service' Process finished, return code=0 stdout= stderr= Starting external process args='/bin/systemctl' 'disable' 'certmonger.service' Process finished, return code=0 stdout= stderr= Unenrolling client from IPA server Starting external process args='/usr/sbin/ipa-join' '--unenroll' '-h' 'beanstalk01-ore.prod.cloud.myinc.local' '-d' Process finished, return code=19 stdout= stderr=Error obtaining initial credentials: Cannot find KDC for requested realm. Unenrolling host failed: Error obtaining initial credentials: Cannot find KDC for requested realm. Removing Kerberos service principals from /etc/krb5.keytab Starting external process args='/usr/sbin/ipa-rmkeytab' '-k' '/etc/krb5.keytab' '-r' 'myinc.LOCAL' Process finished, return code=0 stdout= stderr=Removing principal host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL Disabling client Kerberos and LDAP configurations Starting external process args='/usr/sbin/authconfig' '--disablekrb5' '--disablesssdauth' '--disablemkhomedir' '--update' '--disableldap' Process finished, return code=0 stdout= stderr= Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Starting external process args='/bin/systemctl' 'stop' 'sssd.service' Process finished, return code=0 stdout= stderr= Starting external process args='/bin/systemctl' 'disable' 'sssd.service' Process finished, return code=0 stdout= stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/sssd.service. Restoring client configuration files Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args='/usr/sbin/selinuxenabled' Process finished, return code=0 stdout= stderr= Starting external process args='/sbin/restorecon' '/etc/krb5.conf' Process finished, return code=0 stdout= stderr= Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' -> no files, removing file Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args='/bin/systemctl' 'disable' 'rhel-domainname.service' Process finished, return code=0 stdout= stderr= Starting external process args='/bin/systemctl' 'list-unit-files' '--full' Process finished, return code=0 stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount masked var-lib-nfs-rpc_pipefs.mount static brandbot.path disabled systemd-ask-password-console.path static systemd-ask-password-wall.path static session-1.scope static session-19.scope static arp-ethers.service disabled auditd.service enabled auth-rpcgss-module.service static autofs.service disabled autovt@.service disabled beanstalkd-30000.service enabled beanstalkd-30002.service enabled blk-availability.service disabled brandbot.service static certmonger.service disabled chrony-dnssrv@.service static chrony-wait.service disabled chronyd.service enabled cloud-config.service enabled cloud-final.service enabled cloud-init-local.service enabled cloud-init.service enabled console-getty.service disabled console-shell.service disabled container-getty@.service static cpupower.service disabled crond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static emergency.service static fstrim.service static getty@.service enabled gssproxy.service disabled halt-local.service static initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static irqbalance.service enabled kdump.service enabled kmod-static-nodes.service static ldconfig.service static messagebus.service static microcode.service enabled nfs-blkmap.service disabled nfs-config.service static nfs-idmap.service static nfs-idmapd.service static nfs-lock.service static nfs-mountd.service static nfs-secure-server.service static nfs-secure.service static nfs-server.service disabled nfs-utils.service static nfs.service disabled nfslock.service static ntpd.service disabled ntpdate.service disabled oddjobd.service disabled polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rdma.service disabled rescue.service static rhel-autorelabel-mark.service static rhel-autorelabel.service static rhel-configure.service static rhel-dmesg.service disabled rhel-domainname.service disabled rhel-import-state.service static rhel-loadmodules.service static rhel-readonly.service static rpc-gssd.service static rpc-statd-notify.service static rpc-statd.service static rpc-svcgssd.service static rpcbind.service static rpcgssd.service static rpcidmapd.service static rpcsvcgssd.service static rsyncd.service disabled rsyncd@.service static rsyslog.service enabled serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static sssd.service disabled systemd-ask-password-console.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-bootchart.service disabled systemd-firstboot.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate-resume@.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hwdb-update.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-catalog-update.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machine-id-commit.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-rfkill@.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-done.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static tcsd.service disabled teamd@.service static tuned.service enabled wpa_supplicant.service disabled zabbix-agent.service enabled -.slice static machine.slice static system.slice static user.slice static dbus.socket static rpcbind.socket enabled rsyncd.socket disabled sshd.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-networkd.socket disabled systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cloud-config.target static cryptsetup-pre.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled emergency.target static final.target static getty.target static graphical.target static halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static kexec.target disabled local-fs-pre.target static local-fs.target static machines.target disabled multi-user.target enabled network-online.target static network-pre.target static network.target static nfs-client.target enabled nss-lookup.target static nss-user-lookup.target static paths.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target static runlevel3.target static runlevel4.target static runlevel5.target static runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static chrony-dnssrv@.timer disabled fstrim.timer disabled systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 247 unit files listed. stderr= nscd daemon is not installed, skip configuration Starting external process args='/bin/systemctl' 'list-unit-files' '--full' Process finished, return code=0 stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount masked var-lib-nfs-rpc_pipefs.mount static brandbot.path disabled systemd-ask-password-console.path static systemd-ask-password-wall.path static session-1.scope static session-19.scope static arp-ethers.service disabled auditd.service enabled auth-rpcgss-module.service static autofs.service disabled autovt@.service disabled beanstalkd-30000.service enabled beanstalkd-30002.service enabled blk-availability.service disabled brandbot.service static certmonger.service disabled chrony-dnssrv@.service static chrony-wait.service disabled chronyd.service enabled cloud-config.service enabled cloud-final.service enabled cloud-init-local.service enabled cloud-init.service enabled console-getty.service disabled console-shell.service disabled container-getty@.service static cpupower.service disabled crond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static emergency.service static fstrim.service static getty@.service enabled gssproxy.service disabled halt-local.service static initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static irqbalance.service enabled kdump.service enabled kmod-static-nodes.service static ldconfig.service static messagebus.service static microcode.service enabled nfs-blkmap.service disabled nfs-config.service static nfs-idmap.service static nfs-idmapd.service static nfs-lock.service static nfs-mountd.service static nfs-secure-server.service static nfs-secure.service static nfs-server.service disabled nfs-utils.service static nfs.service disabled nfslock.service static ntpd.service disabled ntpdate.service disabled oddjobd.service disabled polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rdma.service disabled rescue.service static rhel-autorelabel-mark.service static rhel-autorelabel.service static rhel-configure.service static rhel-dmesg.service disabled rhel-domainname.service disabled rhel-import-state.service static rhel-loadmodules.service static rhel-readonly.service static rpc-gssd.service static rpc-statd-notify.service static rpc-statd.service static rpc-svcgssd.service static rpcbind.service static rpcgssd.service static rpcidmapd.service static rpcsvcgssd.service static rsyncd.service disabled rsyncd@.service static rsyslog.service enabled serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static sssd.service disabled systemd-ask-password-console.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-bootchart.service disabled systemd-firstboot.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate-resume@.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hwdb-update.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-catalog-update.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machine-id-commit.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-rfkill@.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-done.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static tcsd.service disabled teamd@.service static tuned.service enabled wpa_supplicant.service disabled zabbix-agent.service enabled -.slice static machine.slice static system.slice static user.slice static dbus.socket static rpcbind.socket enabled rsyncd.socket disabled sshd.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-networkd.socket disabled systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cloud-config.target static cryptsetup-pre.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled emergency.target static final.target static getty.target static graphical.target static halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static kexec.target disabled local-fs-pre.target static local-fs.target static machines.target disabled multi-user.target enabled network-online.target static network-pre.target static network.target static nfs-client.target enabled nss-lookup.target static nss-user-lookup.target static paths.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target static runlevel3.target static runlevel4.target static runlevel5.target static runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static chrony-dnssrv@.timer disabled fstrim.timer disabled systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 247 unit files listed. stderr= nslcd daemon is not installed, skip configuration Client uninstall complete.