> Look in /var/log/ipaclient-install.log for more details. We do a lot more
> logging in 2.1.3.
> The original problem was due to how we set up a temporary krb5.conf in
> order to enrollment. We discovered (automatically or via the user) the
> environment then wrote out a krb5.conf that did not include all this data
> so it was re-discovered, sometimes incorrectly.
> The temporary krb5.conf should both be specific to the IPA server and also
> be included in the client install log.
> It might be an interesting exercise to set a one-time password on a host
> and see if you can enroll successfully using that.
It looks like I have more then one problem right now. Most likely from me
poking and prodding in the spec file. Before I shut the VM's down my
"user1" was able to log in on the ipa.blarg.local box and everything seemed
to work fine. I shut the VM down over night and booted it up to look at the
log files. Now that login doesn't work ("User not known to the underlying
authentication module"). As root, I can run `kinit admin` and commands work
(adding users and changing user information), but the web interface gives a
"IPA Error 901: An internal error has occured". There are all sorts of
python errors in the /var/log/http/error.log file and there are errors in
the /var/log/sssd/sssd.log that say "waitpid returned -1 (errno: 10[No
child processes]". Not sure what is going on but if I can't get users
logging in on the server, trying to get them to log in on a dev box seems
So whatever I have done, I have buggered it up pretty good. :-)
Since this is a self-compiled version from a hacked up spec file on a
non-fedora system there is no reason to pester you guys about this. I know
you are busy working on the next release. Thanks again for the help!
Freeipa-users mailing list