Jimmy wrote:
I'm running the ipa-client-install on a CentOS 6 client and get this error:

[root@kudzu ~]# ipa-client-install
Discovery was successful!
Realm: PDH.CSP
DNS Domain: pdh.csp
IPA Server: csp-idm.pdh.csp
BaseDN: dc=pdh,dc=csp

Continue to configure the system with these values? [no]: yes
Principal: admin
Password for ad...@pdh.csp:
Joining realm failed: Operation failed! unsupported extended operation
child exited with 9
Certificate subject base is: O=PDH.CSP

The only logs I see on the server are here:

Nov 04 18:52:55 csp-idm.pdh.csp krb5kdc[5354](info): AS_REQ (4 etypes
{18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: NEEDED_PREAUTH:
ad...@pdh.csp for krbtgt/pdh....@pdh.csp, Additional pre-authentication
required
Nov 04 18:53:20 csp-idm.pdh.csp krb5kdc[5354](info): AS_REQ (4 etypes
{18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
1320432800, etypes {rep=18 tkt=18 ses=18}, ad...@pdh.csp for
krbtgt/pdh....@pdh.csp
Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
{18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
1320432800, etypes {rep=18 tkt=18 ses=18}, ad...@pdh.csp for
HTTP/csp-idm.pdh....@pdh.csp
Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (1 etypes
{18}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
1320432800, etypes {rep=18 tkt=18 ses=18}, ad...@pdh.csp for
krbtgt/pdh....@pdh.csp
Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
{18 17 16 23}) 192.168.201.102 <http://192.168.201.102>: ISSUE: authtime
1320432800, etypes {rep=18 tkt=18 ses=18}, ad...@pdh.csp for
ldap/csp-idm.pdh....@pdh.csp
Nov 04 18:53:21 csp-idm.pdh.csp krb5kdc[5354](info): TGS_REQ (4 etypes
{18 17 16 23}) 192.168.201.199 <http://192.168.201.199>: ISSUE: authtime
1320432800, etypes {rep=18 tkt=18 ses=18}, ad...@pdh.csp for
ldap/csp-idm.pdh....@pdh.csp


You need a newer ipa-client package. The extended operation we used for enrollment changed. This was fixed in ipa-client-2.0-9.1 in RHEL 6.0.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to