Re: [Freeipa-users] RHEL5 IPA client for RHEL6.3 IPA server?

Wed, 17 Oct 2012 10:32:26 -0700 

David Summers wrote:

On 10/17/2012 7:49 AM, Rob Crittenden wrote:

David Summers wrote:


I have looked back through the last year of mail archives for this list
and haven't yet found anything on this.

I spent a day or so trying to get a RHEL6.3 server set up with several
clients,

Clients:
RHEL 6.3 32-bit
RHEL 6.3 64-bit
RHEL 5.8 32-bit
RHEL 5.8 64-bit

So far I've been able to get the RHEL 6.3 clients to register and setup
up as a client for RHEL 6.3 IPA server but whenever I try to install the
ipa-client on RHEL 5.8 I just get the following error:

[root@rh5 ~]# ipa-client-install
Discovery was successful!
Hostname: rh5.summersoft
Realm: SUMMERSOFT
DNS Domain: summersoft
IPA Server: ipaserver.summersoft
BaseDN: dc=summersoft


Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.
Password for admin@SUMMERSOFT:

Joining realm failed: SASL Bind failed Local error (-2) !
child exited with 9
Installation failed. Rolling back changes.
IPA client is not configured on this system.

In the install log:

2012-10-16 23:16:34,410 DEBUG stderr=
2012-10-16 23:16:35,032 DEBUG args=/usr/sbin/ipa-join -s
ipaserver.summersoft -b
  dc=summersoft
2012-10-16 23:16:35,032 DEBUG stdout=
2012-10-16 23:16:35,032 DEBUG stderr=SASL Bind failed Local error (-2) !
child exited with 9


Is RHEL 5.8 a supported client for RHEL 6.3 IPA server?

If so, what am I doing wrong?  I tried following both the RHEL 5.8 and
RHEL 6.3 install instructions but
nothing I have tried is working so far!

Thanks in advance for any help or pointers you can provide.

    - David Summers


What is the version of the 5.8 ipa-client package? You want
ipa-client-2.1.3-2.el5_8

rob



Yes, I have ipa-client-2.1.3-2.el5_8 but I have not been able to get it
to join the IPA server.
I've turned off all firewalls.

I am running IPv6, does that make a difference?

Any ideas?

    - Thanks
    - David Summers


It is failing trying to get a keytab for the newly enrolled host.

Can you provide /var/log/ipaclient-install.log?


Can you look in the 389-ds error and access logs for the BIND request 
and/or other errors when the client enrollment happens 
(/var/log/dirsrv/slapd-REALM, access buffers for 30 seconds) and the KDC 
logs in /var/log/krb5kdc?


rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






















					Reply via email to