[Freeipa-users] Re: Failed FreeIPA replica installation

[D S via FreeIPA-users]

Here are some kerberos logs:

Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): AS_REQ (6 etypes 
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), 
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), 
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2: 
NEEDED_PREAUTH: WELLKNOWN/anonym...@example.com for 
krbtgt/example....@example.com, Additional pre-authentication required
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): closing down fd 
11
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): AS_REQ (6 etypes 
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), 
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), 
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2: ISSUE: 
authtime 1710401149, etypes {rep=aes256-cts-hmac-sha384-192(20), 
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, 
WELLKNOWN/anonym...@example.com for krbtgt/example....@example.com
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): closing down fd 
11
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3896](info): AS_REQ (6 etypes 
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), 
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), 
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2: 
NEEDED_PREAUTH: my.u...@example.com for krbtgt/example....@example.com, 
Additional pre-authentication required
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3896](info): closing down fd 4
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3894](info): AS_REQ (6 etypes 
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), 
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), 
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2: ISSUE: 
authtime 1710401149, etypes {rep=aes256-cts-hmac-sha1-96(18), 
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, 
my.u...@example.com for krbtgt/example....@example.com
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3894](info): closing down fd 
11
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): TGS_REQ (6 
etypes {aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), 
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), 
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2: ISSUE: 
authtime 1710401149, etypes {rep=aes256-cts-hmac-sha1-96(18), 
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, 
my.u...@example.com for HTTP/ipa-replica01.example....@example.com
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): closing down fd 
11

All points to the problem being similar to this 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/4S4QQDC4FBVTA4GYWWVBPKGYN3MF4UJ6/.
 Namely lack of SIDs due to migration from old freeipa. 
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue