Ian Levesque wrote:
I'm running ipa-server-2.1.3-9, trying to perform our first bulk-add of hosts via
kickstart. Unfortunately, it's not working via kickstart and when I try running the
commands by hand on a freshly-installed host, it still fails with "kinit: Client not
found in Kerberos database while getting initial credentials".
The freeipa docs  seem to indicate that this is as easy as:
1) ipa host-add<fqdn> --password=secret
2) ensuring ipa-client is installed in the kickstart
3) running ipa-client-install with the principal set as host/<fqdn> and
providing the password
I believe I've done what's required on the server:
# ipa host-add ian-ultra24-dmz.in.hwlab --password=foobar
Added host "ian-ultra24-dmz.in.hwlab"
Host name: ian-ultra24-dmz.in.hwlab
Managed by: ian-ultra24-dmz.in.hwlab
(I've deleted and re-added the host after each ipa-client-install attempt)
And on the client:
# rpm -qa | grep ipa-client
# /usr/sbin/ipa-client-install --domain=in.hwlab
--principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG
DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Discovery was successful!
DNS Domain: in.hwlab
IPA Server: sbgrid-directory.in.hwlab
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.
kinit: Client not found in Kerberos database while getting initial credentials
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Any help would be appreciated.
Don't set the principal and it will work, just drop the --principal bit.
The principal doesn't exist yet which is why things are failing (or more
precisely, the principal with that principal key doesn't exist yet).
Freeipa-users mailing list