Hi, I'm running ipa-server-2.1.3-9, trying to perform our first bulk-add of hosts via kickstart. Unfortunately, it's not working via kickstart and when I try running the commands by hand on a freshly-installed host, it still fails with "kinit: Client not found in Kerberos database while getting initial credentials".
The freeipa docs [1] seem to indicate that this is as easy as: 1) ipa host-add <fqdn> --password=secret 2) ensuring ipa-client is installed in the kickstart 3) running ipa-client-install with the principal set as host/<fqdn> and providing the password I believe I've done what's required on the server: # ipa host-add ian-ultra24-dmz.in.hwlab --password=foobar ------------------------------------- Added host "ian-ultra24-dmz.in.hwlab" ------------------------------------- Host name: ian-ultra24-dmz.in.hwlab Keytab: False Password: True Managed by: ian-ultra24-dmz.in.hwlab (I've deleted and re-added the host after each ipa-client-install attempt) And on the client: # rpm -qa | grep ipa-client ipa-client-2.1.3-9.el6.x86_64 # /usr/sbin/ipa-client-install --domain=in.hwlab --principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG --server=sbgrid-directory.in.hwlab --unattended DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: ian-ultra24-dmz.in.hwlab Realm: SBGRID.ORG DNS Domain: in.hwlab IPA Server: sbgrid-directory.in.hwlab BaseDN: dc=sbgrid,dc=org Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. kinit: Client not found in Kerberos database while getting initial credentials Installation failed. Rolling back changes. IPA client is not configured on this system. Any help would be appreciated. Thanks! Ian -- 1. http://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/kickstart.html _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
