Ian Levesque wrote:

I'm running ipa-server-2.1.3-9, trying to perform our first bulk-add of hosts via 
kickstart. Unfortunately, it's not working via kickstart and when I try running the 
commands by hand on a freshly-installed host, it still fails with "kinit: Client not 
found in Kerberos database while getting initial credentials".

The freeipa docs [1] seem to indicate that this is as easy as:

   1) ipa host-add<fqdn>  --password=secret
   2) ensuring ipa-client is installed in the kickstart
   3) running ipa-client-install with the principal set as host/<fqdn>  and 
providing the password

I believe I've done what's required on the server:

# ipa host-add ian-ultra24-dmz.in.hwlab --password=foobar
  Added host "ian-ultra24-dmz.in.hwlab"
   Host name: ian-ultra24-dmz.in.hwlab
   Keytab: False
   Password: True
   Managed by: ian-ultra24-dmz.in.hwlab

(I've deleted and re-added the host after each ipa-client-install attempt)

And on the client:

# rpm -qa | grep ipa-client

# /usr/sbin/ipa-client-install --domain=in.hwlab 
--principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG 
--server=sbgrid-directory.in.hwlab --unattended
DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: ian-ultra24-dmz.in.hwlab
DNS Domain: in.hwlab
IPA Server: sbgrid-directory.in.hwlab
BaseDN: dc=sbgrid,dc=org

Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.

kinit: Client not found in Kerberos database while getting initial credentials

Installation failed. Rolling back changes.
IPA client is not configured on this system.

Any help would be appreciated.

Don't set the principal and it will work, just drop the --principal bit. The principal doesn't exist yet which is why things are failing (or more precisely, the principal with that principal key doesn't exist yet).


Freeipa-users mailing list

Reply via email to