On May 15, 2012, at 6:14 PM, Rob Crittenden wrote:

>> # /usr/sbin/ipa-client-install --domain=in.hwlab 
>> --principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG 
>> --server=sbgrid-directory.in.hwlab --unattended
>> DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup.
>> KDC address will be set to fixed value.
>> Discovery was successful!
>> Hostname: ian-ultra24-dmz.in.hwlab
>> Realm: SBGRID.ORG
>> DNS Domain: in.hwlab
>> IPA Server: sbgrid-directory.in.hwlab
>> BaseDN: dc=sbgrid,dc=org
>> Synchronizing time with KDC...
>> Unable to sync time with IPA NTP server, assuming the time is in sync.
>> kinit: Client not found in Kerberos database while getting initial 
>> credentials
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>> Any help would be appreciated.
> Don't set the principal and it will work, just drop the --principal bit. The 
> principal doesn't exist yet which is why things are failing (or more 
> precisely, the principal with that principal key doesn't exist yet).

No luck:

Joining realm failed: Incorrect password.
Installation failed. Rolling back changes.

I thought the point of doing the host-add was to setup a host principal with a 
one-time password. Without specifying the host principal, isn't the 
ipa-client-install trying to use the specified password to auth me, and not the 


Freeipa-users mailing list

Reply via email to