Dave Jablonski wrote:
FreeIPA Server:  Fedora 16, freeipa 2.1.4
Latest CentOS 6.5 client

When running:

ipa-client-install --mkhomedir --enable-dns-updates

The install fails with:

trying https://<server-name>/ipa/xml
Forwarding 'env' to server u'https://<server-name>/ipa/xml'
Traceback (most recent call last):
   File "/usr/sbin/ipa-client-install", line 2377, in <module>
     sys.exit(main())
   File "/usr/sbin/ipa-client-install", line 2363, in main
     rval = install(options, env, fstore, statestore)
   File "/usr/sbin/ipa-client-install", line 2167, in install
     remote_env = api.Command['env'](server=True)['result']
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435,
in __call__
     ret = self.run(*args, **options)
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line
1073, in run
     return self.forward(*args, **options)
   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769,
in forward
     return self.Backend.xmlclient.forward(self.name <http://self.name>,
*args, **kw)
   File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 736, in
forward
     raise error(message=e.faultString)
ipalib.errors.CCacheError: did not receive Kerberos credentials

In /var/log/ipaclient-install.log:

2014-02-06T18:19:53Z DEBUG approved_usage = SSLServer intended_usage =
SSLServer
2014-02-06T18:19:53Z DEBUG cert valid True for "CN=<server-name>,O=<domain>"
2014-02-06T18:19:53Z DEBUG handshake complete, peer = 10.1.1.111:443
<http://10.1.1.111:443>
2014-02-06T18:19:53Z DEBUG Caught fault 1101 from server
https://<server-name>/ipa/xml: did not receive Kerberos credentials

We need to see more context from the client install log, preferably the whole thing.

IPA v2 doesn't support session cookies but the 3.x client should have support for falling back to using TGT delegation.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to