On May 15, 2012, at 6:14 PM, Rob Crittenden wrote:

>> # /usr/sbin/ipa-client-install --domain=in.hwlab 
>> --principal=HOST/ian-ultra24-dmz.in.hwlab -w=foobar --realm=SBGRID.ORG 
>> --server=sbgrid-directory.in.hwlab --unattended
>> DNS domain 'sbgrid.org' is not configured for automatic KDC address lookup.
>> KDC address will be set to fixed value.
>> 
>> Discovery was successful!
>> Hostname: ian-ultra24-dmz.in.hwlab
>> Realm: SBGRID.ORG
>> DNS Domain: in.hwlab
>> IPA Server: sbgrid-directory.in.hwlab
>> BaseDN: dc=sbgrid,dc=org
>> 
>> 
>> Synchronizing time with KDC...
>> Unable to sync time with IPA NTP server, assuming the time is in sync.
>> 
>> kinit: Client not found in Kerberos database while getting initial 
>> credentials
>> 
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>> 
>> Any help would be appreciated.
> 
> Don't set the principal and it will work, just drop the --principal bit. The 
> principal doesn't exist yet which is why things are failing (or more 
> precisely, the principal with that principal key doesn't exist yet).

No luck:

Joining realm failed: Incorrect password.
Installation failed. Rolling back changes.

I thought the point of doing the host-add was to setup a host principal with a 
one-time password. Without specifying the host principal, isn't the 
ipa-client-install trying to use the specified password to auth me, and not the 
host?

Thanks,
Ian

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to