On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote:
John R. Shannon via FreeIPA-users wrote:
Attached


It is failing with "KerberosError: No valid Negotiate header in server
response"

What package version of freeipa-server do you have?

This seems like https://pagure.io/freeipa/issue/6773 which was fixed in
4.5.1
According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26.

John, can we see /var/log/httpd/error_log?


rob

On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote:
John R. Shannon via FreeIPA-users wrote:
Attached in gzip'd form

We need /var/log/ipaclient-install.log

rob


On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote:
John R. Shannon via FreeIPA-users wrote:
Running ipa-server-install I get:

Configuring client side components
Using existing certificate '/etc/ipa/ca.crt'.
Client hostname: auth.test.internal.johnrshannon.com
Realm: TEST.INTERNAL.JOHNRSHANNON.COM
DNS Domain: test.internal.johnrshannon.com
IPA Server: auth.test.internal.johnrshannon.com
BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com

Skipping synchronizing time with NTP server.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://auth.test.internal.johnrshannon.com/ipa/json
[try 1]: Forwarding 'schema' to json server
'https://auth.test.internal.johnrshannon.com/ipa/json'
No valid Negotiate header in server response
The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR
   Configuration of client side components failed!

The system is a fresh, up to date, Fedora 26:

4.12.12-300.fc26.x86_64

configured to include the FREE-IPA repository. FREE-IPA was installed
yesterday with:

dnf install freeipa-*

and running ipa-server-install. I'm not sure how to proceed. I want to
use pkinit.

The log file shows that an exception was raised during the execution of:

2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain test.internal.johnrshannon.com --server
auth.test.internal.johnrshannon.com --realm
TEST.INTERNAL.JOHNRSHANNON.COM --hostname
auth.test.internal.johnrshannon.com



We need to see /var/log/ipaclient-install.log (gzip if its huge).

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org




_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org




_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to