Hello all,

I'm trying to setup FreeIPA on Fedora 18 (Final) with AD integration on a test 
server. However I do not even get past
the initial (local) steps described in : 
The last step of the section "Install and configure IPA server" gives me the 
following error :

"Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket"

However "kdestroy" followed by a consequent "kinit admin" does not help, I get 
the error again when trying
to "ipa-adtrust-install"

The ipaserver-install.log says :
2013-01-19T17:19:56Z DEBUG stderr=
2013-01-19T17:19:56Z DEBUG will use ip_address:

2013-01-19T17:19:56Z DEBUG Starting external process
2013-01-19T17:19:56Z DEBUG args=kinit admin
2013-01-19T17:19:57Z DEBUG Process finished, return code=0
2013-01-19T17:19:57Z DEBUG stdout=Password for admin@MATRIX.LOCAL:

2013-01-19T17:19:57Z DEBUG stderr=
2013-01-19T17:19:57Z INFO   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 617, 
    return_value = main_function()

  File "/usr/sbin/ipa-adtrust-install", line 304, in main
    sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update 
your ticket")

2013-01-19T17:19:57Z INFO The ipa-adtrust-install command failed, exception: 
SystemExit: Outdated Kerberos credentials.
Use kdestroy and kinit to update your ticket


I tried to follow the instructions and stick to the plan - here is the history 
of commands I executed on an fresh Fedora
18 Installation (after installing vmware tools in the vm) (long output is 
omitted and replaced by ...) :

[root@linux user]# yum update -y
[root@linux user]# reboot
[root@linux user]# yum install -y "*ipa-server" "*ipa-server-trust-ad" 
samba4-winbind-clients samba4-winbind
samba4-client bind bind-dyndb-ldap
[root@linux user]# echo "    ipa-server.matrix.local ipa-server" 
>> /etc/hosts
[root@linux user]# hostname ipa-server.matrix.local
[root@linux user]# hostname
[root@linux user]# ping ipa-server.matrix.local
PING ipa-server.matrix.local ( 56(84) bytes of data.
64 bytes from ipa-server.matrix.local ( icmp_seq=1 ttl=64 
time=0.058 ms
[root@linux user]# ipa-server-install -a mypassword1 -p mypassword2 
--domain=matrix.local --realm=MATRIX.LOCAL
--setup-dns --no-forwarders -U
... setup completes without errors
[root@linux user]# kinit admin
Password for admin@MATRIX.LOCAL:
[root@linux user]# klist
Ticket cache: 
Default principal: admin@MATRIX.LOCAL

Valid starting     Expires            Service principal
01/19/13 12:19:06  01/20/13 12:19:02  krbtgt/MATRIX.LOCAL@MATRIX.LOCAL
[root@linux user]# id admin
uid=1396400000(admin) gid=1396400000(admins) groups=1396400000(admins)
[root@linux user]# getent passwd admin
[root@linux user]# ipa-adtrust-install --netbios-name=MATRIX -a mypassword1
The log file for this installation can be found in 
This program will setup components needed to establish trust to AD domains for
the FreeIPA Server.

This includes:
  * Configure Samba
  * Add trust related objects to FreeIPA LDAP server

To accept the default shown in brackets, press the Enter key.

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket


The freeipa packages installed are :


Any help would be appreciated, perhaps I'm just missing a simple step.


Freeipa-users mailing list

Reply via email to