Hi,
Well the hostname itself isnt there, but thats normal with dhcp'd workstations?
I thought it looked at /etc/sysconfig/network ?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Friday, 5 August 2011 2:49 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] version mismatch while joining a client ?
Steven Jones wrote:
> I already included the krb5kdc log
This sticks out. Can you check /etc/hosts on that client.
ldap/localh...@unix.vuw.ac.nz, Server not found in Kerberos database
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rob Crittenden [rcrit...@redhat.com]
> Sent: Friday, 5 August 2011 10:11 a.m.
> To: Steven Jones
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>
> Steven Jones wrote:
>> Hi,
>>
>> Trying with two rhel61-64bit-clones "04" and "05"....
>>
>> They should give the same failures? but are not?......confused, 04 (the
>> first clone has 1/2 joined as its in IPA, but it doesnt say "enrolled and a
>> date", 05 failed totally.
>
> 04 is failing because it apparently still has an updated libcurl. It is
> getting a 500 error back. The installation continues because you had the
> --force flag. This means it proceeds on errors, so it tried to set
> things up but since it didn't get a keytab sssd can't authenticate.
>
> 05 actually enrolled successfully but was unable to retrieve a keytab.
> You can try running ipa-getkeytab from the command-line again. To do
> this you'll need to copy a krb5.conf from a working system (say the IPA
> server.
>
> # kinit admin
> # ipa-getkeytab -s vuwunicoipamt01.unix.vuw.ac.nz -k /etc/krb5.keytab -p
> host/rhel61-64cl04.unix.vuw.ac...@unix.vuw.ac.nz
>
> You may also want to look at the krb5kdc.log and the 389-ds access log,
> they may hold clues as well.
>
>>
>> I know Im short on sleep but I really don't understand what's going on here
>> and why its so hard to make basic stuff work.
>>
>> :/
>>
>> I have included the logs off each, logs off the IPA server and out's from
>> the attempt to join. from each guest. Anything else needed?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
>> behalf of Steven Jones [steven.jo...@vuw.ac.nz]
>> Sent: Friday, 5 August 2011 8:42 a.m.
>> To: Rob Crittenden
>> Cc: freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>
>> Hi,
>>
>> Yes the first is F15.
>>
>> I am halting all the AD machines I will retry without the --force first to
>> test this, when I built IPA originally there was no AD to conflict.
>>
>> However its plain weird because the RHEL6.1 client points to the IPA server
>> for DNS.
>>
>> I will get back to you.
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: Rob Crittenden [rcrit...@redhat.com]
>> Sent: Friday, 5 August 2011 1:24 a.m.
>> To: Steven Jones
>> Cc: freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>
>> Steven Jones wrote:
>>> Hi,
>>>
>>> I have also done this on a new f15 client and it also fails.
>>>
>>> But its saying,
>>>
>>> 500 and not 401 which is the rhel6.1 failure.
>>>
>>> "HTTP response code is 401, not 200" == RHEL61
>>> "HTTP response code is 500, not 200" == FED15
>>
>> Assuming that the Fedora 15 client is 130.195.53.109 that I had seen in
>> a previous log it has a libcurl that does not do ticket delegation.
>>
>> 500 is an HTTP server error, we assume a principal will be there and it
>> isn't and things blow up (this is handled more gracefully in our dev tree).
>>
>> 401 is a HTTP authorization error, the user provide is now allowed to
>> access the server. I'm guessing this is because the client is using the
>> wrong kerberos server. We have this addressed too in the dev tree, we
>> disable dns lookups in krb5.conf. In the meantime --force should make it
>> use the info you provide.
>>
>> rob
>>
>>
>>>
>>>
>>> ==============
>>> more fed15-install-error
>>> [root@fed15-64-ws02 ~]# ipa-client-install --mkhomedir --server
>>> vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
>>> root : DEBUG /usr/sbin/ipa-client-install was invoked with
>>> options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz'
>>> , 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None,
>>> 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw.
>>> ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False,
>>> 'debug': True, 'on_master': False, 'ntp_server'
>>> : None, 'mkhomedir': True, 'unattended': None, 'principal': None}
>>> root : DEBUG missing options might be asked for interactively
>>> later
>>>
>>> root : DEBUG Loading Index file from
>>> '/var/lib/ipa-client/sysrestore/sysrestore.index'
>>> root : DEBUG [ipacheckldap]
>>> root : DEBUG args=/usr/bin/wget -O /tmp/tmpsyC9Zx/ca.crt
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=--2011-08-03 15:18:07--
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80...
>>> connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: “/tmp/tmpsyC9Zx/ca.crt”
>>>
>>> 0K 100%
>>> 111M=0s
>>>
>>> 2011-08-03 15:18:07 (111 MB/s) - “/tmp/tmpsyC9Zx/ca.crt” saved [779/779]
>>>
>>>
>>> root : DEBUG Init ldap with:
>>> ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
>>> root : DEBUG Search rootdse
>>> root : DEBUG Search for (info=*) in
>>> dc=unix,dc=vuw,dc=ac,dc=nz(base)
>>> root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz',
>>> {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainOb
>>> ject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
>>> ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': [
>>> 'unix.vuw.ac.nz']})]
>>> root : DEBUG Search for (objectClass=krbRealmContainer) in
>>> dc=unix,dc=vuw,dc=ac,dc=nz(sub)
>>> root : DEBUG Found:
>>> [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz',
>>> {'krbSubTrees': ['dc=unix,dc=vu
>>> w,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes':
>>> ['aes256-cts:special', 'aes128-cts:special', 'des3-hma
>>> c-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top',
>>> 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScop
>>> e': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal',
>>> 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special
>>> ', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special',
>>> 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal'
>>> , 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4',
>>> 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMax
>>> RenewableAge': ['604800']})]
>>> root : DEBUG will use domain: unix.vuw.ac.nz
>>>
>>> root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz
>>>
>>> Discovery was successful!
>>> root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ
>>>
>>> root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>> Hostname: fed15-64-ws02.unix.vuw.ac.nz
>>> Realm: UNIX.VUW.AC.NZ
>>> DNS Domain: unix.vuw.ac.nz
>>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
>>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> Enrollment principal: admin
>>> root : DEBUG will use principal: admin
>>>
>>> root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=--2011-08-03 15:18:12--
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80...
>>> connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: “/etc/ipa/ca.crt”
>>>
>>> 0K 100%
>>> 112M=0s
>>>
>>> 2011-08-03 15:18:12 (112 MB/s) - “/etc/ipa/ca.crt” saved [779/779]
>>>
>>>
>>> root : DEBUG Writing Kerberos configuration to /tmp/tmpiFqnW9:
>>> #File modified by ipa-client-install
>>>
>>> [libdefaults]
>>> default_realm = UNIX.VUW.AC.NZ
>>> dns_lookup_realm = true
>>> dns_lookup_kdc = true
>>> rdns = false
>>> ticket_lifetime = 24h
>>> forwardable = yes
>>>
>>> [realms]
>>> UNIX.VUW.AC.NZ = {
>>> pkinit_anchors = FILE:/etc/ipa/ca.crt
>>> }
>>>
>>> [domain_realm]
>>> .unix.vuw.ac.nz = UNIX.VUW.AC.NZ
>>> unix.vuw.ac.nz = UNIX.VUW.AC.NZ
>>>
>>> [appdefaults]
>>> pam = {
>>> debug = false
>>> ticket_lifetime = 36000
>>> renew_lifetime = 36000
>>> forwardable = true
>>> krb4_convert = false
>>> }
>>>
>>> Password for ad...@unix.vuw.ac.nz:
>>> root : DEBUG args=kinit ad...@unix.vuw.ac.nz
>>> root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz:
>>>
>>> root : DEBUG stderr=
>>>
>>> root : DEBUG args=/usr/sbin/ipa-join -s
>>> vuwunicoipamt01.unix.vuw.ac.nz -d
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=XML-RPC CALL:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>\r\n
>>> <methodCall>\r\n
>>> <methodName>join</methodName>\r\n
>>> <params>\r\n
>>> <param><value><array><data>\r\n
>>> <value><string>fed15-64-ws02.unix.vuw.ac.nz</string></value>\r\n
>>> </data></array></value></param>\r\n
>>> <param><value><struct>\r\n
>>> <member><name>nsosversion</name>\r\n
>>> <value><string>2.6.38.6-26.rc1.fc15.x86_64</string></value></member>\r\n
>>> <member><name>nshardwareplatform</name>\r\n
>>> <value><string>x86_64</string></value></member>\r\n
>>> </struct></value></param>\r\n
>>> </params>\r\n
>>> </methodCall>\r\n
>>>
>>> HTTP response code is 500, not 200
>>>
>>> Joining realm failed because of failing XML-RPC request.
>>> This error may be caused by incompatible server/client major versions.
>>> root : DEBUG args=kdestroy
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=
>>> [root@fed15-64-ws02 ~]#
>>> =======================
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> ________________________________________
>>> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]
>>> on behalf of Steven Jones [steven.jo...@vuw.ac.nz]
>>> Sent: Wednesday, 3 August 2011 9:35 a.m.
>>> To: freeipa-users@redhat.com
>>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>>
>>> Hi,
>>>
>>> Client
>>> ==========
>>> rhel61-64cl04.unix.vuw.ac.nz
>>> Linux rhel61-64cl04.unix.vuw.ac.nz 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun
>>> 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
>>> ipa-client-2.0.0-23.el6_1.1.x86_64
>>> libcurl-7.19.7-26.el6.x86_64
>>> Red Hat Enterprise Linux Client release 6.1 (Santiago)
>>> ==========
>>>
>>> Server
>>> ==========
>>> Linux vuwunicoipamt01 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38
>>> EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
>>> libcurl-7.19.7-26.el6_1.1.x86_64
>>> ipa-client-2.0.0-23.el6_1.1.x86_64
>>> ipa-server-2.0.0-23.el6_1.1.x86_64
>>> Red Hat Enterprise Linux Server release 6.1 (Santiago)
>>> ==========
>>>
>>> install output
>>> ==========
>>> [root@rhel61-64cl04 ~]# ipa-client-install --mkhomedir --server
>>> vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
>>> root : DEBUG /usr/sbin/ipa-client-install was invoked with
>>> options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz', 'uninstall': False,
>>> 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server':
>>> 'vuwunicoipamt01.unix.vuw.ac.nz', 'prompt_password': False, 'realm_name':
>>> None, 'dns_updates': False, 'debug': True, 'on_master': False,
>>> 'ntp_server': None, 'mkhomedir': True, 'unattended': None, 'principal':
>>> None}
>>> root : DEBUG missing options might be asked for interactively
>>> later
>>>
>>> root : DEBUG Loading Index file from
>>> '/var/lib/ipa-client/sysrestore/sysrestore.index'
>>> root : DEBUG [ipacheckldap]
>>> root : DEBUG args=/usr/bin/wget -O /tmp/tmpaaTaqF/ca.crt
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=--2011-08-03 09:01:14--
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80...
>>> connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: `/tmp/tmpaaTaqF/ca.crt'
>>>
>>> 0K 100%
>>> 132M=0s
>>>
>>> 2011-08-03 09:01:14 (132 MB/s) - `/tmp/tmpaaTaqF/ca.crt' saved [779/779]
>>>
>>>
>>> root : DEBUG Init ldap with:
>>> ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
>>> root : DEBUG Search rootdse
>>> root : DEBUG Search for (info=*) in
>>> dc=unix,dc=vuw,dc=ac,dc=nz(base)
>>> root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz',
>>> {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject',
>>> 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
>>> ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': ['unix.vuw.ac.nz']})]
>>> root : DEBUG Search for (objectClass=krbRealmContainer) in
>>> dc=unix,dc=vuw,dc=ac,dc=nz(sub)
>>> root : DEBUG Found:
>>> [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz',
>>> {'krbSubTrees': ['dc=unix,dc=vuw,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'],
>>> 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special',
>>> 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top',
>>> 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'],
>>> 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
>>> 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
>>> 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
>>> 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
>>> 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
>>> 'krbMaxRenewableAge': ['604800']})]
>>> root : DEBUG will use domain: unix.vuw.ac.nz
>>>
>>> root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz
>>>
>>> Discovery was successful!
>>> root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ
>>>
>>> root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>> Hostname: rhel61-64cl04.unix.vuw.ac.nz
>>> Realm: UNIX.VUW.AC.NZ
>>> DNS Domain: unix.vuw.ac.nz
>>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
>>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> Enrollment principal: admin
>>> root : DEBUG will use principal: admin
>>>
>>> root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=--2011-08-03 09:01:22--
>>> http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80...
>>> connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: `/etc/ipa/ca.crt'
>>>
>>> 0K 100%
>>> 96.5M=0s
>>>
>>> 2011-08-03 09:01:22 (96.5 MB/s) - `/etc/ipa/ca.crt' saved [779/779]
>>>
>>>
>>> Password for ad...@unix.vuw.ac.nz:
>>> root : DEBUG args=kinit ad...@unix.vuw.ac.nz
>>> root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz:
>>>
>>> root : DEBUG stderr=
>>>
>>> root : DEBUG args=/usr/sbin/ipa-join -s
>>> vuwunicoipamt01.unix.vuw.ac.nz -d
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=XML-RPC CALL:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>\r\n
>>> <methodCall>\r\n
>>> <methodName>join</methodName>\r\n
>>> <params>\r\n
>>> <param><value><array><data>\r\n
>>> <value><string>rhel61-64cl04.unix.vuw.ac.nz</string></value>\r\n
>>> </data></array></value></param>\r\n
>>> <param><value><struct>\r\n
>>> <member><name>nsosversion</name>\r\n
>>> <value><string>2.6.32-131.6.1.el6.x86_64</string></value></member>\r\n
>>> <member><name>nshardwareplatform</name>\r\n
>>> <value><string>x86_64</string></value></member>\r\n
>>> </struct></value></param>\r\n
>>> </params>\r\n
>>> </methodCall>\r\n
>>>
>>> HTTP response code is 401, not 200
>>>
>>> Joining realm failed because of failing XML-RPC request.
>>> This error may be caused by incompatible server/client major versions.
>>> root : DEBUG args=kdestroy
>>> root : DEBUG stdout=
>>> root : DEBUG stderr=
>>> [root@rhel61-64cl04 ~]#
>>> ==========
>>>
>>> Error log
>>> ==========
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
>>> KeyError(140510308317152,) in<module 'threading' from
>>> '/usr/lib64/python2.6/threading.pyc'> ignored
>>> [Wed Aug 03 09:04:57 2011] [notice] caught SIGTERM, shutting down
>>> [Wed Aug 03 09:04:58 2011] [notice] SELinux policy enabled; httpd running
>>> as context unconfined_u:system_r:httpd_t:s0
>>> [Wed Aug 03 09:04:58 2011] [notice] suEXEC mechanism enabled (wrapper:
>>> /usr/sbin/suexec)
>>> [Wed Aug 03 09:04:58 2011] [notice] Digest: generating secret for digest
>>> authentication ...
>>> [Wed Aug 03 09:04:58 2011] [notice] Digest: done
>>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Compiled for Python/2.6.2.
>>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Runtime using Python/2.6.6.
>>> [Wed Aug 03 09:04:59 2011] [notice] Apache/2.2.15 (Unix) DAV/2
>>> mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6
>>> configured -- resuming normal operations
>>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
>>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
>>> ==========
>>>
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> ________________________________________
>>> From: Rob Crittenden [rcrit...@redhat.com]
>>> Sent: Wednesday, 3 August 2011 1:48 a.m.
>>> To: Steven Jones
>>> Cc: freeipa-users@redhat.com
>>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>>
>>> Steven Jones wrote:
>>>>
>>>> Yes....enrolement now fails, previous messages I attached show that I
>>>> think, it used to work.
>>>>
>>>> History, I had to remove all my working IPA clients due to a disk space
>>>> problem on our SAN (we didnt have any). So I managed to keep the working
>>>> IPA server and 2 x RHEL5 64 bit servers and the one un-configured template
>>>> of RHEL6.1 64bit client I had. This I used to make client side clones off
>>>> previously and connected them to IPA server and they worked.
>>>>
>>>> So lastweek I went back and with a running ipa server, I cloned in the old
>>>> client/template and got the mis-match, so I put them on the production
>>>> network and patched, same mismatch problem.
>>>>
>>>> I can do a sosreport of the old template I think and the client to look at
>>>> the differences if that helps.
>>>
>>> I'm having a hard time following exactly what you are doing, on what
>>> machine. I think we need to be more systematic.
>>>
>>> Can you choose a machine to act as the client and provide the following:
>>>
>>> - distro and architecture (e.g. RHEL 6.1 on x86_64)
>>> - rpm -q curl libcurl
>>> - rpm -q ipa-client
>>>
>>> On the IPA server:
>>> - rpm -q ipa-server
>>>
>>> Start with a client that is not enrolled. If it has previously been
>>> enrolled run: ipa-client-install --uninstall -U
>>>
>>> Now run ipa-client-install and answer the questions as appropriate for
>>> your install.
>>>
>>> If it fails please provide the following:
>>> - any stdout you get from the client install
>>> - attach the full /var/log/ipaclient-install.log
>>> - attach the last 100 lines from /var/log/httpd/error_log from the IPA
>>> server
>>>
>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
