Hello everyone, Did I not post my question correctly? Is there more information I should have posted? Should I file a bug report?
From: Miller, Jim via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org] Sent: Wednesday, July 11, 2018 4:49 PM To: freeipa-users@lists.fedorahosted.org Cc: Miller, Jim <jmil...@tkcholdings.com> Subject: [Freeipa-users] Freeipa-client-install - enrolls client/host then crashes Hello everyone, I'm trying to add a CentOS 7 64bit host to our FreeIPA domain. Client FreeIPA is 4.5.4-10 Server FreeIPA is 4.4.0 Client FreeIPA rpms: ipa-common-4.5.4-10.el7.centos.3.noarch python-ipaddress-1.0.16-2.el7.noarch python2-ipalib-4.5.4-10.el7.centos.3.noarch ipa-client-4.5.4-10.el7.centos.3.x86_64 ipa-client-common-4.5.4-10.el7.centos.3.noarch libipa_hbac-1.16.0-19.el7_5.5.x86_64 python-iniparse-0.4-9.el7.noarch sssd-ipa-1.16.0-19.el7_5.5.x86_64 python2-ipaclient-4.5.4-10.el7.centos.3.noarch python-libipa_hbac-1.16.0-19.el7_5.5.x86_64 The basic steps to reproduce are: 1. Populate /etc/krb5.conf for IPA.GENERIC.ZONE realm 2. kinit admin # for IPA.GENERIC.ZONE 3. ipa-client-install --mkhomedir --no-ntp --ssh-trust-dns --enable-dns-updates Here's where the errors start: Enrolled in IPA realm IPA.GENERIC.ZONE Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm IPA.GENERIC.ZONE trying https://sl1mmgplidm0001.ipa.generic.zone/ipa/json Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [root@sl1aosplsecweb2 ~]# less /var/log/ipaclient-install.log File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3628, in main install(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2348, in install _install(options) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2694, in _install api.finalize() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 714, in finalize self.__do_if_not_done('load_plugins') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 421, in __do_if_not_done getattr(self, name)() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 592, in load_plugins for package in self.packages: File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 948, in packages ipaclient.remote_plugins.get_package(self), File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package plugins = schema.get_package(server_info, client) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 537, in get_package schema = Schema(client) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 385, in __init__ fingerprint, ttl = self._fetch(client, ignore_cache=read_failed) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 397, in _fetch client.connect(verbose=False) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1034, in create_connection command([], {}) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1246, in _call return self.__request(name, args) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1213, in __request verbose=self.__verbose >= 3, File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 677, in single_request self.get_auth_info() File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 629, in get_auth_info self._handle_exception(e, service=service) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 588, in _handle_exception raise errors.KerberosError(message=unicode(e)) 2018-07-11T21:39:19Z DEBUG The ipa-client-install command failed, exception: KerberosError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS 2018-07-11T21:39:19Z ERROR Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS 2018-07-11T21:39:19Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information If it would help I can attach the entire ipaclient-install.log file Thank you for your help --Jim
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/QI77OJVL72V5XHE5ATQA7BZZKJXQDB6X/
