Hi, Well the hostname itself isnt there, but thats normal with dhcp'd workstations?
I thought it looked at /etc/sysconfig/network ? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Rob Crittenden [rcrit...@redhat.com] Sent: Friday, 5 August 2011 2:49 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? Steven Jones wrote: > I already included the krb5kdc log This sticks out. Can you check /etc/hosts on that client. ldap/localh...@unix.vuw.ac.nz, Server not found in Kerberos database > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Friday, 5 August 2011 10:11 a.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] version mismatch while joining a client ? > > Steven Jones wrote: >> Hi, >> >> Trying with two rhel61-64bit-clones "04" and "05".... >> >> They should give the same failures? but are not?......confused, 04 (the >> first clone has 1/2 joined as its in IPA, but it doesnt say "enrolled and a >> date", 05 failed totally. > > 04 is failing because it apparently still has an updated libcurl. It is > getting a 500 error back. The installation continues because you had the > --force flag. This means it proceeds on errors, so it tried to set > things up but since it didn't get a keytab sssd can't authenticate. > > 05 actually enrolled successfully but was unable to retrieve a keytab. > You can try running ipa-getkeytab from the command-line again. To do > this you'll need to copy a krb5.conf from a working system (say the IPA > server. > > # kinit admin > # ipa-getkeytab -s vuwunicoipamt01.unix.vuw.ac.nz -k /etc/krb5.keytab -p > host/rhel61-64cl04.unix.vuw.ac...@unix.vuw.ac.nz > > You may also want to look at the krb5kdc.log and the 389-ds access log, > they may hold clues as well. > >> >> I know Im short on sleep but I really don't understand what's going on here >> and why its so hard to make basic stuff work. >> >> :/ >> >> I have included the logs off each, logs off the IPA server and out's from >> the attempt to join. from each guest. Anything else needed? >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Steven Jones [steven.jo...@vuw.ac.nz] >> Sent: Friday, 5 August 2011 8:42 a.m. >> To: Rob Crittenden >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] version mismatch while joining a client ? >> >> Hi, >> >> Yes the first is F15. >> >> I am halting all the AD machines I will retry without the --force first to >> test this, when I built IPA originally there was no AD to conflict. >> >> However its plain weird because the RHEL6.1 client points to the IPA server >> for DNS. >> >> I will get back to you. >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: Rob Crittenden [rcrit...@redhat.com] >> Sent: Friday, 5 August 2011 1:24 a.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] version mismatch while joining a client ? >> >> Steven Jones wrote: >>> Hi, >>> >>> I have also done this on a new f15 client and it also fails. >>> >>> But its saying, >>> >>> 500 and not 401 which is the rhel6.1 failure. >>> >>> "HTTP response code is 401, not 200" == RHEL61 >>> "HTTP response code is 500, not 200" == FED15 >> >> Assuming that the Fedora 15 client is 130.195.53.109 that I had seen in >> a previous log it has a libcurl that does not do ticket delegation. >> >> 500 is an HTTP server error, we assume a principal will be there and it >> isn't and things blow up (this is handled more gracefully in our dev tree). >> >> 401 is a HTTP authorization error, the user provide is now allowed to >> access the server. I'm guessing this is because the client is using the >> wrong kerberos server. We have this addressed too in the dev tree, we >> disable dns lookups in krb5.conf. In the meantime --force should make it >> use the info you provide. >> >> rob >> >> >>> >>> >>> ============== >>> more fed15-install-error >>> [root@fed15-64-ws02 ~]# ipa-client-install --mkhomedir --server >>> vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d >>> root : DEBUG /usr/sbin/ipa-client-install was invoked with >>> options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz' >>> , 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, >>> 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw. >>> ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False, >>> 'debug': True, 'on_master': False, 'ntp_server' >>> : None, 'mkhomedir': True, 'unattended': None, 'principal': None} >>> root : DEBUG missing options might be asked for interactively >>> later >>> >>> root : DEBUG Loading Index file from >>> '/var/lib/ipa-client/sysrestore/sysrestore.index' >>> root : DEBUG [ipacheckldap] >>> root : DEBUG args=/usr/bin/wget -O /tmp/tmpsyC9Zx/ca.crt >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> root : DEBUG stdout= >>> root : DEBUG stderr=--2011-08-03 15:18:07-- >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 >>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... >>> connected. >>> HTTP request sent, awaiting response... 200 OK >>> Length: 779 [application/x-x509-ca-cert] >>> Saving to: “/tmp/tmpsyC9Zx/ca.crt” >>> >>> 0K 100% >>> 111M=0s >>> >>> 2011-08-03 15:18:07 (111 MB/s) - “/tmp/tmpsyC9Zx/ca.crt” saved [779/779] >>> >>> >>> root : DEBUG Init ldap with: >>> ldap://vuwunicoipamt01.unix.vuw.ac.nz:389 >>> root : DEBUG Search rootdse >>> root : DEBUG Search for (info=*) in >>> dc=unix,dc=vuw,dc=ac,dc=nz(base) >>> root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', >>> {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainOb >>> ject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': >>> ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': [ >>> 'unix.vuw.ac.nz']})] >>> root : DEBUG Search for (objectClass=krbRealmContainer) in >>> dc=unix,dc=vuw,dc=ac,dc=nz(sub) >>> root : DEBUG Found: >>> [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', >>> {'krbSubTrees': ['dc=unix,dc=vu >>> w,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes': >>> ['aes256-cts:special', 'aes128-cts:special', 'des3-hma >>> c-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', >>> 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScop >>> e': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', >>> 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special >>> ', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', >>> 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal' >>> , 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', >>> 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMax >>> RenewableAge': ['604800']})] >>> root : DEBUG will use domain: unix.vuw.ac.nz >>> >>> root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz >>> >>> Discovery was successful! >>> root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ >>> >>> root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz >>> >>> Hostname: fed15-64-ws02.unix.vuw.ac.nz >>> Realm: UNIX.VUW.AC.NZ >>> DNS Domain: unix.vuw.ac.nz >>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz >>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz >>> >>> >>> Continue to configure the system with these values? [no]: yes >>> Enrollment principal: admin >>> root : DEBUG will use principal: admin >>> >>> root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> root : DEBUG stdout= >>> root : DEBUG stderr=--2011-08-03 15:18:12-- >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 >>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... >>> connected. >>> HTTP request sent, awaiting response... 200 OK >>> Length: 779 [application/x-x509-ca-cert] >>> Saving to: “/etc/ipa/ca.crt” >>> >>> 0K 100% >>> 112M=0s >>> >>> 2011-08-03 15:18:12 (112 MB/s) - “/etc/ipa/ca.crt” saved [779/779] >>> >>> >>> root : DEBUG Writing Kerberos configuration to /tmp/tmpiFqnW9: >>> #File modified by ipa-client-install >>> >>> [libdefaults] >>> default_realm = UNIX.VUW.AC.NZ >>> dns_lookup_realm = true >>> dns_lookup_kdc = true >>> rdns = false >>> ticket_lifetime = 24h >>> forwardable = yes >>> >>> [realms] >>> UNIX.VUW.AC.NZ = { >>> pkinit_anchors = FILE:/etc/ipa/ca.crt >>> } >>> >>> [domain_realm] >>> .unix.vuw.ac.nz = UNIX.VUW.AC.NZ >>> unix.vuw.ac.nz = UNIX.VUW.AC.NZ >>> >>> [appdefaults] >>> pam = { >>> debug = false >>> ticket_lifetime = 36000 >>> renew_lifetime = 36000 >>> forwardable = true >>> krb4_convert = false >>> } >>> >>> Password for ad...@unix.vuw.ac.nz: >>> root : DEBUG args=kinit ad...@unix.vuw.ac.nz >>> root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz: >>> >>> root : DEBUG stderr= >>> >>> root : DEBUG args=/usr/sbin/ipa-join -s >>> vuwunicoipamt01.unix.vuw.ac.nz -d >>> root : DEBUG stdout= >>> root : DEBUG stderr=XML-RPC CALL: >>> >>> <?xml version="1.0" encoding="UTF-8"?>\r\n >>> <methodCall>\r\n >>> <methodName>join</methodName>\r\n >>> <params>\r\n >>> <param><value><array><data>\r\n >>> <value><string>fed15-64-ws02.unix.vuw.ac.nz</string></value>\r\n >>> </data></array></value></param>\r\n >>> <param><value><struct>\r\n >>> <member><name>nsosversion</name>\r\n >>> <value><string>2.6.38.6-26.rc1.fc15.x86_64</string></value></member>\r\n >>> <member><name>nshardwareplatform</name>\r\n >>> <value><string>x86_64</string></value></member>\r\n >>> </struct></value></param>\r\n >>> </params>\r\n >>> </methodCall>\r\n >>> >>> HTTP response code is 500, not 200 >>> >>> Joining realm failed because of failing XML-RPC request. >>> This error may be caused by incompatible server/client major versions. >>> root : DEBUG args=kdestroy >>> root : DEBUG stdout= >>> root : DEBUG stderr= >>> [root@fed15-64-ws02 ~]# >>> ======================= >>> >>> regards >>> >>> Steven Jones >>> >>> Technical Specialist - Linux RHCE >>> >>> Victoria University, Wellington, NZ >>> >>> 0064 4 463 6272 >>> >>> ________________________________________ >>> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] >>> on behalf of Steven Jones [steven.jo...@vuw.ac.nz] >>> Sent: Wednesday, 3 August 2011 9:35 a.m. >>> To: freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] version mismatch while joining a client ? >>> >>> Hi, >>> >>> Client >>> ========== >>> rhel61-64cl04.unix.vuw.ac.nz >>> Linux rhel61-64cl04.unix.vuw.ac.nz 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun >>> 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux >>> ipa-client-2.0.0-23.el6_1.1.x86_64 >>> libcurl-7.19.7-26.el6.x86_64 >>> Red Hat Enterprise Linux Client release 6.1 (Santiago) >>> ========== >>> >>> Server >>> ========== >>> Linux vuwunicoipamt01 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 >>> EDT 2011 x86_64 x86_64 x86_64 GNU/Linux >>> libcurl-7.19.7-26.el6_1.1.x86_64 >>> ipa-client-2.0.0-23.el6_1.1.x86_64 >>> ipa-server-2.0.0-23.el6_1.1.x86_64 >>> Red Hat Enterprise Linux Server release 6.1 (Santiago) >>> ========== >>> >>> install output >>> ========== >>> [root@rhel61-64cl04 ~]# ipa-client-install --mkhomedir --server >>> vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d >>> root : DEBUG /usr/sbin/ipa-client-install was invoked with >>> options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz', 'uninstall': False, >>> 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': >>> 'vuwunicoipamt01.unix.vuw.ac.nz', 'prompt_password': False, 'realm_name': >>> None, 'dns_updates': False, 'debug': True, 'on_master': False, >>> 'ntp_server': None, 'mkhomedir': True, 'unattended': None, 'principal': >>> None} >>> root : DEBUG missing options might be asked for interactively >>> later >>> >>> root : DEBUG Loading Index file from >>> '/var/lib/ipa-client/sysrestore/sysrestore.index' >>> root : DEBUG [ipacheckldap] >>> root : DEBUG args=/usr/bin/wget -O /tmp/tmpaaTaqF/ca.crt >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> root : DEBUG stdout= >>> root : DEBUG stderr=--2011-08-03 09:01:14-- >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 >>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... >>> connected. >>> HTTP request sent, awaiting response... 200 OK >>> Length: 779 [application/x-x509-ca-cert] >>> Saving to: `/tmp/tmpaaTaqF/ca.crt' >>> >>> 0K 100% >>> 132M=0s >>> >>> 2011-08-03 09:01:14 (132 MB/s) - `/tmp/tmpaaTaqF/ca.crt' saved [779/779] >>> >>> >>> root : DEBUG Init ldap with: >>> ldap://vuwunicoipamt01.unix.vuw.ac.nz:389 >>> root : DEBUG Search rootdse >>> root : DEBUG Search for (info=*) in >>> dc=unix,dc=vuw,dc=ac,dc=nz(base) >>> root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', >>> {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', >>> 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': >>> ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': ['unix.vuw.ac.nz']})] >>> root : DEBUG Search for (objectClass=krbRealmContainer) in >>> dc=unix,dc=vuw,dc=ac,dc=nz(sub) >>> root : DEBUG Found: >>> [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', >>> {'krbSubTrees': ['dc=unix,dc=vuw,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], >>> 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', >>> 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', >>> 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], >>> 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', >>> 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', >>> 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', >>> 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', >>> 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], >>> 'krbMaxRenewableAge': ['604800']})] >>> root : DEBUG will use domain: unix.vuw.ac.nz >>> >>> root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz >>> >>> Discovery was successful! >>> root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ >>> >>> root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz >>> >>> Hostname: rhel61-64cl04.unix.vuw.ac.nz >>> Realm: UNIX.VUW.AC.NZ >>> DNS Domain: unix.vuw.ac.nz >>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz >>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz >>> >>> >>> Continue to configure the system with these values? [no]: yes >>> Enrollment principal: admin >>> root : DEBUG will use principal: admin >>> >>> root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> root : DEBUG stdout= >>> root : DEBUG stderr=--2011-08-03 09:01:22-- >>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt >>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 >>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... >>> connected. >>> HTTP request sent, awaiting response... 200 OK >>> Length: 779 [application/x-x509-ca-cert] >>> Saving to: `/etc/ipa/ca.crt' >>> >>> 0K 100% >>> 96.5M=0s >>> >>> 2011-08-03 09:01:22 (96.5 MB/s) - `/etc/ipa/ca.crt' saved [779/779] >>> >>> >>> Password for ad...@unix.vuw.ac.nz: >>> root : DEBUG args=kinit ad...@unix.vuw.ac.nz >>> root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz: >>> >>> root : DEBUG stderr= >>> >>> root : DEBUG args=/usr/sbin/ipa-join -s >>> vuwunicoipamt01.unix.vuw.ac.nz -d >>> root : DEBUG stdout= >>> root : DEBUG stderr=XML-RPC CALL: >>> >>> <?xml version="1.0" encoding="UTF-8"?>\r\n >>> <methodCall>\r\n >>> <methodName>join</methodName>\r\n >>> <params>\r\n >>> <param><value><array><data>\r\n >>> <value><string>rhel61-64cl04.unix.vuw.ac.nz</string></value>\r\n >>> </data></array></value></param>\r\n >>> <param><value><struct>\r\n >>> <member><name>nsosversion</name>\r\n >>> <value><string>2.6.32-131.6.1.el6.x86_64</string></value></member>\r\n >>> <member><name>nshardwareplatform</name>\r\n >>> <value><string>x86_64</string></value></member>\r\n >>> </struct></value></param>\r\n >>> </params>\r\n >>> </methodCall>\r\n >>> >>> HTTP response code is 401, not 200 >>> >>> Joining realm failed because of failing XML-RPC request. >>> This error may be caused by incompatible server/client major versions. >>> root : DEBUG args=kdestroy >>> root : DEBUG stdout= >>> root : DEBUG stderr= >>> [root@rhel61-64cl04 ~]# >>> ========== >>> >>> Error log >>> ========== >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: >>> KeyError(140510308317152,) in<module 'threading' from >>> '/usr/lib64/python2.6/threading.pyc'> ignored >>> [Wed Aug 03 09:04:57 2011] [notice] caught SIGTERM, shutting down >>> [Wed Aug 03 09:04:58 2011] [notice] SELinux policy enabled; httpd running >>> as context unconfined_u:system_r:httpd_t:s0 >>> [Wed Aug 03 09:04:58 2011] [notice] suEXEC mechanism enabled (wrapper: >>> /usr/sbin/suexec) >>> [Wed Aug 03 09:04:58 2011] [notice] Digest: generating secret for digest >>> authentication ... >>> [Wed Aug 03 09:04:58 2011] [notice] Digest: done >>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Compiled for Python/2.6.2. >>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Runtime using Python/2.6.6. >>> [Wed Aug 03 09:04:59 2011] [notice] Apache/2.2.15 (Unix) DAV/2 >>> mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6 >>> configured -- resuming normal operations >>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START *** >>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START *** >>> ========== >>> >>> >>> regards >>> >>> Steven Jones >>> >>> Technical Specialist - Linux RHCE >>> >>> Victoria University, Wellington, NZ >>> >>> 0064 4 463 6272 >>> >>> ________________________________________ >>> From: Rob Crittenden [rcrit...@redhat.com] >>> Sent: Wednesday, 3 August 2011 1:48 a.m. >>> To: Steven Jones >>> Cc: freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] version mismatch while joining a client ? >>> >>> Steven Jones wrote: >>>> >>>> Yes....enrolement now fails, previous messages I attached show that I >>>> think, it used to work. >>>> >>>> History, I had to remove all my working IPA clients due to a disk space >>>> problem on our SAN (we didnt have any). So I managed to keep the working >>>> IPA server and 2 x RHEL5 64 bit servers and the one un-configured template >>>> of RHEL6.1 64bit client I had. This I used to make client side clones off >>>> previously and connected them to IPA server and they worked. >>>> >>>> So lastweek I went back and with a running ipa server, I cloned in the old >>>> client/template and got the mis-match, so I put them on the production >>>> network and patched, same mismatch problem. >>>> >>>> I can do a sosreport of the old template I think and the client to look at >>>> the differences if that helps. >>> >>> I'm having a hard time following exactly what you are doing, on what >>> machine. I think we need to be more systematic. >>> >>> Can you choose a machine to act as the client and provide the following: >>> >>> - distro and architecture (e.g. RHEL 6.1 on x86_64) >>> - rpm -q curl libcurl >>> - rpm -q ipa-client >>> >>> On the IPA server: >>> - rpm -q ipa-server >>> >>> Start with a client that is not enrolled. If it has previously been >>> enrolled run: ipa-client-install --uninstall -U >>> >>> Now run ipa-client-install and answer the questions as appropriate for >>> your install. >>> >>> If it fails please provide the following: >>> - any stdout you get from the client install >>> - attach the full /var/log/ipaclient-install.log >>> - attach the last 100 lines from /var/log/httpd/error_log from the IPA >>> server >>> >>> rob >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users