Hi, Log,
============ 2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': True, 'sssd': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': False, 'on_master': False, 'ntp_server': None, 'mkhomedir': False, 'unattended': None, 'principal': None} 2011-03-04 15:08:58,726 DEBUG missing options might be asked for interactively later 2011-03-04 15:08:58,726 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:08:58,726 DEBUG [ipadnssearchldap(ipa.ac.nz)] 2011-03-04 15:08:58,727 DEBUG [ipadnssearchkrb] 2011-03-04 15:08:58,729 DEBUG [ipacheckldap] 2011-03-04 15:08:58,736 DEBUG args=/usr/bin/wget -O /tmp/tmp7MhOze/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:08:58,736 DEBUG stdout= 2011-03-04 15:08:58,736 DEBUG stderr=--2011-03-04 15:08:58-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/tmp/tmp7MhOze/ca.crt' 0K . 100% 237M=0s 2011-03-04 15:08:58 (237 MB/s) - `/tmp/tmp7MhOze/ca.crt' saved [1321/1321] 2011-03-04 15:08:58,736 DEBUG Init ldap with: ldap://fed14-64-ipam001.ipa.ac.nz:389 2011-03-04 15:08:58,749 DEBUG Search rootdse 2011-03-04 15:08:58,750 DEBUG Search for (info=*) in dc=ipa,dc=ac,dc=nz(base) 2011-03-04 15:08:58,751 DEBUG Found: [('dc=ipa,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['ipa.ac.nz'], 'dc': ['ipa'], 'nisDomain': ['ipa.ac.nz']})] 2011-03-04 15:08:58,752 DEBUG Search for (objectClass=krbRealmContainer) in dc=ipa,dc=ac,dc=nz(sub) 2011-03-04 15:08:58,753 DEBUG Found: [('cn=IPA.AC.NZ,cn=kerberos,dc=ipa,dc=ac,dc=nz', {'krbSubTrees': ['dc=ipa,dc=ac,dc=nz'], 'cn': ['IPA.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] 2011-03-04 15:08:58,753 DEBUG will use domain: ipa.ac.nz 2011-03-04 15:08:58,753 DEBUG will use server: fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:08:58,754 DEBUG will use cli_realm: IPA.AC.NZ 2011-03-04 15:08:58,754 DEBUG will use cli_basedn: dc=ipa,dc=ac,dc=nz 2011-03-04 15:09:04,645 DEBUG will use principal: admin 2011-03-04 15:09:04,659 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:09:04,659 DEBUG stdout= 2011-03-04 15:09:04,660 DEBUG stderr=--2011-03-04 15:09:04-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/etc/ipa/ca.crt' 0K . 100% 249M=0s 2011-03-04 15:09:04 (249 MB/s) - `/etc/ipa/ca.crt' saved [1321/1321] 2011-03-04 15:09:11,665 DEBUG args=kinit ad...@ipa.ac.nz 2011-03-04 15:09:11,665 DEBUG stdout=Password for ad...@ipa.ac.nz: 2011-03-04 15:09:11,665 DEBUG stderr= 2011-03-04 15:09:13,931 DEBUG args=/usr/sbin/ipa-join -s fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:09:13,931 DEBUG stdout= 2011-03-04 15:09:13,931 DEBUG stderr=Host is already joined. 2011-03-04 15:09:13,937 DEBUG args=kdestroy 2011-03-04 15:09:13,937 DEBUG stdout= 2011-03-04 15:09:13,937 DEBUG stderr= 2011-03-04 15:09:13,937 DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2011-03-04 15:09:13,938 DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2011-03-04 15:09:13,938 DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2011-03-04 15:09:13,938 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:14,012 DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2011-03-04 15:09:14,012 DEBUG stdout= 2011-03-04 15:09:14,012 DEBUG stderr= 2011-03-04 15:09:14,012 DEBUG Backing up system configuration file '/etc/krb5.conf' 2011-03-04 15:09:14,013 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:14,104 DEBUG args=/sbin/service certmonger status 2011-03-04 15:09:14,104 DEBUG stdout=certmonger is stopped 2011-03-04 15:09:14,104 DEBUG stderr= 2011-03-04 15:09:14,279 DEBUG args=/sbin/service certmonger restart 2011-03-04 15:09:14,280 DEBUG stdout=Stopping certmonger: [FAILED] Starting certmonger: [ OK ] 2011-03-04 15:09:14,280 DEBUG stderr= 2011-03-04 15:09:14,295 DEBUG args=/sbin/chkconfig certmonger --list 2011-03-04 15:09:14,295 DEBUG stdout=certmonger 0:off 1:off 2:off 3:off 4:off 5:off 6:off 2011-03-04 15:09:14,295 DEBUG stderr= 2011-03-04 15:09:14,564 DEBUG args=/sbin/chkconfig certmonger on 2011-03-04 15:09:14,564 DEBUG stdout= 2011-03-04 15:09:14,564 DEBUG stderr= 2011-03-04 15:09:14,586 DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - fed14-64-ipacl01.ipa.ac.nz -N CN=fed14-64-ipacl01.ipa.ac.nz,O=IPA.AC.NZ -K host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz 2011-03-04 15:09:14,586 DEBUG stdout=Error org.fedorahosted.certmonger.duplicate: Certificate at same location is already used by request "20110303020539". 2011-03-04 15:09:14,586 DEBUG stderr= 2011-03-04 15:09:14,605 DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab 2011-03-04 15:09:14,605 DEBUG stdout= 2011-03-04 15:09:14,605 DEBUG stderr=kinit: Hostname cannot be canonicalized when creating default server principal name 2011-03-04 15:09:14,764 DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2011-03-04 15:09:14,764 DEBUG stdout= 2011-03-04 15:09:14,765 DEBUG stderr=Check your Kerberos ticket, it may have expired. 2011-03-04 15:09:14,827 DEBUG args=/sbin/service nscd status 2011-03-04 15:09:14,827 DEBUG stdout=nscd (pid 1238) is running... 2011-03-04 15:09:14,827 DEBUG stderr= 2011-03-04 15:09:14,855 DEBUG args=/sbin/service nscd stop 2011-03-04 15:09:14,855 DEBUG stdout=Stopping nscd: [ OK ] 2011-03-04 15:09:14,856 DEBUG stderr= 2011-03-04 15:09:14,858 DEBUG args=/sbin/chkconfig nscd --list 2011-03-04 15:09:14,858 DEBUG stdout=nscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 2011-03-04 15:09:14,858 DEBUG stderr= 2011-03-04 15:09:14,958 DEBUG args=/sbin/chkconfig nscd off 2011-03-04 15:09:14,958 DEBUG stdout= 2011-03-04 15:09:14,958 DEBUG stderr= 2011-03-04 15:09:16,401 DEBUG args=/usr/sbin/authconfig --enablesssd --enablesssdauth --update 2011-03-04 15:09:16,401 DEBUG stdout=Starting sssd: [ OK ] [ OK ] 2011-03-04 15:09:16,402 DEBUG stderr= 2011-03-04 15:09:16,419 DEBUG args=getent passwd admin 2011-03-04 15:09:16,419 DEBUG stdout= 2011-03-04 15:09:16,419 DEBUG stderr= 2011-03-04 15:09:17,424 DEBUG args=getent passwd admin 2011-03-04 15:09:17,424 DEBUG stdout= 2011-03-04 15:09:17,424 DEBUG stderr= 2011-03-04 15:09:18,429 DEBUG args=getent passwd admin 2011-03-04 15:09:18,429 DEBUG stdout= 2011-03-04 15:09:18,429 DEBUG stderr= 2011-03-04 15:09:19,432 DEBUG args=getent passwd admin 2011-03-04 15:09:19,432 DEBUG stdout= 2011-03-04 15:09:19,432 DEBUG stderr= 2011-03-04 15:09:20,435 DEBUG args=getent passwd admin 2011-03-04 15:09:20,436 DEBUG stdout= 2011-03-04 15:09:20,436 DEBUG stderr= 2011-03-04 15:09:22,303 DEBUG args=/usr/sbin/authconfig --enablekrb5 --update --nostart 2011-03-04 15:09:22,303 DEBUG stdout= 2011-03-04 15:09:22,303 DEBUG stderr= 2011-03-04 15:09:22,303 DEBUG Backing up system configuration file '/etc/ntp.conf' 2011-03-04 15:09:22,304 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:22,305 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2011-03-04 15:09:22,305 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:22,398 DEBUG args=/sbin/chkconfig ntpd on 2011-03-04 15:09:22,398 DEBUG stdout= 2011-03-04 15:09:22,398 DEBUG stderr= 2011-03-04 15:09:22,537 DEBUG args=/sbin/service ntpd restart 2011-03-04 15:09:22,537 DEBUG stdout=Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] 2011-03-04 15:09:22,537 DEBUG stderr= ============ regards On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote: > On Tue, 8 Mar 2011 19:05:45 -0500 (EST) > Stephen Gallagher <sgall...@redhat.com> wrote: > > > > > > > On Mar 8, 2011, at 5:45 PM, Steven Jones <steven.jo...@vuw.ac.nz> > > wrote: > > > > > Keytab name: WRFILE:/etc/krb5.keytab > > > KVNO Principal > > > ---- > > > -------------------------------------------------------------------------- > > > > > > 8><--------- > > >> > > >> > > >> > > >> > > > > Looks like you have no host key in the keytab. That's the root of the > > problem. Seems like IPA-client-install failed to populate it. Rob, do > > you have any insight here? > > does /var/log/ipaclient-install.log show any error ? > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users