I've noticed if ntpd is already running on the client when you run the
ipa-client-install, you will get that error. I'm guessing its using ntpdate
IP ADDRESS to sync time, and cannot do so when the daemon is running.
On Sat, Feb 8, 2014 at 8:34 AM, Mauricio Tavares <raubvo...@gmail.com>wrote:
> Even though I already have a ntp server, I setup my newly
> created freeipa kdc to do that too (it is a slave to my primary ntp).
> I then build a centos host to be the test client. Just to make sure it
> can see and use auth's ntp, I tested with ntpdate:
> [root@centos64 ~]# ntpdate auth
> 8 Feb 08:13:35 ntpdate: adjust time server 10.0.0.11 offset
> -0.003097 sec
> [root@centos64 ~]#
> so far so good, so how about running ipa-client-install?
> [root@centos64 ~]# hostname
> [root@centos64 ~]# ipa-client-install --hostname=`hostname -f`
> Discovery was successful!
> Hostname: centos64.in.domain.com
> Realm: DOMAIN.COM
> DNS Domain: domain.com
> IPA Server: auth.in.domain.com
> BaseDN: dc=domain,dc=com
> [so far so good!]
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admin
> Synchronizing time with KDC...
> Unable to sync time with IPA NTP server, assuming the time is in sync.
> Please check that 123 UDP port is opened.
> Password for ad...@domain.com:
> But, it had not problems using ntpdate against auth. to add insult to
> injury, the log claims it is using ntpdate:
> 2014-02-08T13:14:31Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
> 2014-02-08T13:14:31Z DEBUG stdout=
> 2014-02-08T13:14:31Z DEBUG stderr=
> 2014-02-08T13:14:31Z WARNING Unable to sync time with IPA NTP server,
> assuming the time is in sync. Please check that 123 UDP port is
> Could it be it is pissed because it was in sync to begin with? I mean,
> if we run the exact command the log file claims to have run,
> [root@centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v auth.in.domain.com|
> echo $?
> [root@centos64 ~]#
> We see it was successful.
> I am feeling rather clueless here...
> Freeipa-users mailing list
Freeipa-users mailing list