Phinees Garandi via FreeIPA-users wrote: > Hello everyone > > I encountered a bug while installing freeipa client. > > the command fail and I have this as an error message : > > `Please make sure the following ports are opened in the firewall settings: > TCP: 80, 88, 389 > UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > Also note that following ports are necessary for ipa-client working properly > after enrollment: > TCP: 464 > UDP: 464, 123 (if NTP enabled) > Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor > code may provide more information, Minor (2529639107): No credentials cache > found > Installation failed. Force set so not rolling back changes.` > > > This is my command : > > ipa-client-install \ > --mkhomedir \ > --ntp-server=my-ntp-server \ > --server=my-ipa-server \ > --domain=my-domain \ > --realm=MYREALM \ > --principal my-user \ > --ssh-trust-dns \ > --hostname=my-hostname > > thank you so much for your help.
We'd need to see the full /var/log/ipaclient-install to know what is going on. Or you can look at it. The installer creates a temporary krb5.conf to be used to verify the remote server and do the initial setup. You may want to manually create a similar config file and see if you can get a ticket. Is there a reason you are forcing domain, realm and server? You must have also used the --force flag to get the message "Force set so not rolling back changes." rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
