Hi ,

While running the ipa-client-install script on a RHEL 6.4 server, I get the 
following output (please note the indicated line with the arrow):

[root@[hostname]]# ipa-client-install
Discovery was successful!
Hostname: [hostname]
Realm: example.com
DNS Domain: example.com
IPA Server: chtvm-389.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Password for admin example com:

Enrolled in IPA realm example.com
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm example.com
SSSD enabled
Kerberos 5 enabled
----->Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled
Client configuration complete.

Also, please note that I've obfuscated the hostname, domain, and realm for 
security reasons.    I believe I've narrowed down the problem to certificate 
enrollment.  When I check my IPA Server Web UI, I have a notice in my host 
details that says "no valid certificate present."  I then checked my client 
host by running:

[root@hostname user]# ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID '20130717205230':
        status: CA_UNCONFIGURED
        ca-error: Error setting up ccache for local "host" service using 
default keytab: Resource temporarily unavailable.
        stuck: yes
        key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA 
Machine Certificate - hostname.example.com',token='NSS Certificate DB'
        certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine 
Certificate - hostname.example.com '
        CA: IPA
        expires: unknown
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

I'm concerned about that "stuck" field, I have no idea what that means.
I have other RHEL 6.4 clients that have been able to join my IPA domain with no 
issue at all, but this one client baffles me.  Any thoughts??

Matthew Shapiro
Systems Administrator

Trofholz Technologies, Inc.
Defense Personnel and Security Research Center (PERSEREC)
Defense Manpower Data Center (DMDC)
Office: 831.583.2828

Freeipa-users mailing list

Reply via email to