Hello all,

I'm trying to setup FreeIPA on Fedora 18 (Final) with AD integration on a test 
server. However I do not even get past
the initial (local) steps described in : 
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Add_trust_with_AD_domain
The last step of the section "Install and configure IPA server" gives me the 
following error :

"Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket"

However "kdestroy" followed by a consequent "kinit admin" does not help, I get 
the error again when trying
to "ipa-adtrust-install"

The ipaserver-install.log says :
2013-01-19T17:19:56Z DEBUG stderr=
2013-01-19T17:19:56Z DEBUG will use ip_address: 172.16.135.141

2013-01-19T17:19:56Z DEBUG Starting external process
2013-01-19T17:19:56Z DEBUG args=kinit admin
2013-01-19T17:19:57Z DEBUG Process finished, return code=0
2013-01-19T17:19:57Z DEBUG stdout=Password for admin@MATRIX.LOCAL:

2013-01-19T17:19:57Z DEBUG stderr=
2013-01-19T17:19:57Z INFO   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 617, 
in
run_script
    return_value = main_function()

  File "/usr/sbin/ipa-adtrust-install", line 304, in main
    sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update 
your ticket")

2013-01-19T17:19:57Z INFO The ipa-adtrust-install command failed, exception: 
SystemExit: Outdated Kerberos credentials.
Use kdestroy and kinit to update your ticket

______________________________________________________________________________________________________


I tried to follow the instructions and stick to the plan - here is the history 
of commands I executed on an fresh Fedora
18 Installation (after installing vmware tools in the vm) (long output is 
omitted and replaced by ...) :


[root@linux user]# yum update -y
...
[root@linux user]# reboot
[root@linux user]# yum install -y "*ipa-server" "*ipa-server-trust-ad" 
samba4-winbind-clients samba4-winbind
samba4-client bind bind-dyndb-ldap
...
[root@linux user]# echo "172.16.135.141    ipa-server.matrix.local ipa-server" 
>> /etc/hosts
[root@linux user]# hostname ipa-server.matrix.local
[root@linux user]# hostname
ipa-server.matrix.local
[root@linux user]# ping ipa-server.matrix.local
PING ipa-server.matrix.local (172.16.135.141) 56(84) bytes of data.
64 bytes from ipa-server.matrix.local (172.16.135.141): icmp_seq=1 ttl=64 
time=0.058 ms
[root@linux user]# ipa-server-install -a mypassword1 -p mypassword2 
--domain=matrix.local --realm=MATRIX.LOCAL
--setup-dns --no-forwarders -U
... setup completes without errors
[root@linux user]# kinit admin
Password for admin@MATRIX.LOCAL:
[root@linux user]# klist
Ticket cache: 
DIR::/run/user/1000/krb5cc_c9794d10f5cd59bd63c423ac50fad257/tktT3hTsU
Default principal: admin@MATRIX.LOCAL

Valid starting     Expires            Service principal
01/19/13 12:19:06  01/20/13 12:19:02  krbtgt/MATRIX.LOCAL@MATRIX.LOCAL
[root@linux user]# id admin
uid=1396400000(admin) gid=1396400000(admins) groups=1396400000(admins)
[root@linux user]# getent passwd admin
admin:*:1396400000:1396400000:Administrator:/home/admin:/bin/bash
[root@linux user]# ipa-adtrust-install --netbios-name=MATRIX -a mypassword1
The log file for this installation can be found in 
/var/log/ipaserver-install.log
==============================================================================
This program will setup components needed to establish trust to AD domains for
the FreeIPA Server.

This includes:
  * Configure Samba
  * Add trust related objects to FreeIPA LDAP server

To accept the default shown in brackets, press the Enter key.


The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket

______________________________________________________________________________________________________

The freeipa packages installed are :

freeipa-server-trust-ad-3.1.0-2.fc18.x86_64
freeipa-python-3.1.0-2.fc18.x86_64
freeipa-server-selinux-3.1.0-2.fc18.x86_64
freeipa-admintools-3.1.0-2.fc18.x86_64
freeipa-server-3.1.0-2.fc18.x86_64
freeipa-client-3.1.0-2.fc18.x86_64


Any help would be appreciated, perhaps I'm just missing a simple step.


Regards
Marco

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to