Hi ,

While running the ipa-client-install script on a RHEL 6.4 server, I get the 
following output (please note the indicated line with the arrow):

[root@[hostname]]# ipa-client-install
Discovery was successful!
Hostname: [hostname]
Realm: example.com
DNS Domain: example.com
IPA Server: chtvm-389.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Password for admin example com:

Enrolled in IPA realm example.com
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm example.com
SSSD enabled
Kerberos 5 enabled
----->Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete.

Also, please note that I've obfuscated the hostname, domain, and realm for 
security reasons.    I believe I've narrowed down the problem to certificate 
enrollment.  When I check my IPA Server Web UI, I have a notice in my host 
details that says "no valid certificate present."  I then checked my client 
host by running:

[root@hostname user]# ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID '20130717205230':
        status: CA_UNCONFIGURED
        ca-error: Error setting up ccache for local "host" service using 
default keytab: Resource temporarily unavailable.
        stuck: yes
        key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA 
Machine Certificate - hostname.example.com',token='NSS Certificate DB'
        certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine 
Certificate - hostname.example.com '
        CA: IPA
        issuer:
        subject:
        expires: unknown
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

I'm concerned about that "stuck" field, I have no idea what that means.
I have other RHEL 6.4 clients that have been able to join my IPA domain with no 
issue at all, but this one client baffles me.  Any thoughts??

----------------------------------------------------------------------
Matthew Shapiro
Systems Administrator

Trofholz Technologies, Inc.
Defense Personnel and Security Research Center (PERSEREC)
Defense Manpower Data Center (DMDC)
Office: 831.583.2828

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to