On May 15, 2012, at 6:14 PM, Rob Crittenden wrote: >> # /usr/sbin/ipa-client-install --domain=in.hwlab >> --principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG >> --server=sbgrid-directory.in.hwlab --unattended >> DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup. >> KDC address will be set to fixed value. >> >> Discovery was successful! >> Hostname: ian-ultra24-dmz.in.hwlab >> Realm: SBGRID.ORG >> DNS Domain: in.hwlab >> IPA Server: sbgrid-directory.in.hwlab >> BaseDN: dc=sbgrid,dc=org >> >> >> Synchronizing time with KDC... >> Unable to sync time with IPA NTP server, assuming the time is in sync. >> >> kinit: Client not found in Kerberos database while getting initial >> credentials >> >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> >> Any help would be appreciated. > > Don't set the principal and it will work, just drop the --principal bit. The > principal doesn't exist yet which is why things are failing (or more > precisely, the principal with that principal key doesn't exist yet).
No luck: Joining realm failed: Incorrect password. Installation failed. Rolling back changes. I thought the point of doing the host-add was to setup a host principal with a one-time password. Without specifying the host principal, isn't the ipa-client-install trying to use the specified password to auth me, and not the host? Thanks, Ian _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users