Robbie Harwood via FreeIPA-users wrote:
> Chris Moody via FreeIPA-users <email@example.com>
>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm
>> 2018-01-15T21:55:24Z DEBUG Starting external process
>> 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user
>> 2018-01-15T21:55:24Z DEBUG Process finished, return code=1
>> 2018-01-15T21:55:24Z DEBUG stdout=
>> 2018-01-15T21:55:24Z DEBUG stderr=keyctl_search: Required key not available
> I'm not familiar with what IPA's trying to do here, but this looks like
> a problem? Can someone else comment?
This is perfectly normal. IPA stores the session cookie in the kernel
keyring. Given this is a new install there is no cookie to find.
>> I have tried manually setting /etc/krb5.conf to the contents that get>
>> generated & display during the verbose client-install process (as seen
>> above), that manually spell out the KDC details, and am able to run a
>> 'kinit admin' just fine from the CLI on the client, so kerberos DOES
>> function from the client. It talks to the KDC beautifully and
>> authenticates just fine... so I'm not sure how the client-install
>> process is getting confused/lost when trying to find/contact the KDC.
> Someone else who knows more than me: how is the install different than a
> normal kinit?
I think we'd need to see the full ipaclient-install.log.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org