Todd Maugh wrote:
IM in limbo here trying to solve this issue

It would help if you said what issue you were having...

And what version of the client you are running.

Trolling through the log I see a couple of things:

ntpdate failed, but that can happen if you already have ntpd configured on your client. We have a ticket open on that.

The DNS update failed, presumably because you aren't using IPA for DNS. Not a big deal.

The certmonger failure is due to a bad uninstall in the past. It is still tracking an old cert. You can clear it with:

# ipa-getcert list
# ipa-getcert stop-tracking -i <request id>

The SSH keys are failing to load because they already exist in the host entry. I guess it was pre-created, or left over from a previous attempt? It doesn't appear to be a fatal error.

rob


here is my out put with the debug

root@se-idm-ubuntu-client-01:/var/lib/ipa-client/sysrestore#
ipa-client-install -d --no-dns-sshfp
--hostname=se-idm-ubuntu-client-01.boingo.com --force-join
--domain=boingo.com --server=se-idm-01.boingo.com
/usr/sbin/ipa-client-install was invoked with options: {'domain':
'boingo.com', 'force': False, 'krb5_offline_passwords': True, 'primary':
False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': False,
'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server':
None, 'ca_cert_file': None, 'principal': None, 'keytab': None,
'hostname': 'se-idm-ubuntu-client-01.boingo.com', 'no_ac': False,
'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates':
False, 'mkhomedir': False, 'conf_ssh': True, 'force_join': True,
'server': ['se-idm-01.boingo.com'], 'prompt_password': False, 'permit':
False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
missing options might be asked for interactively later
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

[IPA Discovery]
Starting IPA discovery with domain=boingo.com,
servers=['se-idm-01.boingo.com'],
hostname=se-idm-ubuntu-client-01.boingo.com
Server and domain forced
[Kerberos realm search]
Search DNS for TXT record of _kerberos.boingo.com
DNS record not found: NXDOMAIN
[LDAP server check]
Verifying that se-idm-01.boingo.com (realm None) is an IPA server
Init LDAP connection to: se-idm-01.boingo.com
Search LDAP server for IPA base DN
Check if naming context 'dc=boingo,dc=com' is for IPA
Naming context 'dc=boingo,dc=com' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=boingo,dc=com (sub)
Found: cn=BOINGO.COM,cn=kerberos,dc=boingo,dc=com
Discovery result: Success; server=se-idm-01.boingo.com,
domain=boingo.com, kdc=None, basedn=dc=boingo,dc=com
Validated servers: se-idm-01.boingo.com
will use discovered domain: boingo.com
Using servers from command line, disabling DNS discovery
will use provided server: se-idm-01.boingo.com
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to
always access the discovered server for all operations and will not fail
over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
will use discovered realm: BOINGO.COM
will use discovered basedn: dc=boingo,dc=com
Hostname: se-idm-ubuntu-client-01.boingo.com
Hostname source: Provided as option
Realm: BOINGO.COM
Realm source: Discovered from LDAP DNS records in se-idm-01.boingo.com
DNS Domain: boingo.com
DNS Domain source: Forced
IPA Server: se-idm-01.boingo.com
IPA Server source: Provided as option
BaseDN: dc=boingo,dc=com
BaseDN source: From IPA server ldap://se-idm-01.boingo.com:389

Continue to configure the system with these values? [no]: yes
Starting external process
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r BOINGO.COM
Process finished, return code=0
stdout=
stderr=Removing principal host/se-idm-ubuntu-client-01.boingo....@boingo.com

Removed old keys for realm BOINGO.COM from /etc/krb5.keytab
Starting external process
args=/bin/hostname se-idm-ubuntu-client-01.boingo.com
Process finished, return code=0
stdout=
stderr=
Backing up system configuration file '/etc/hostname'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
User authorized to enroll computers: admin
will use principal provided as option: admin
Synchronizing time with KDC...
Search DNS for SRV record of _ntp._udp.boingo.com
DNS record not found: NXDOMAIN
Starting external process
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v se-idm-01.boingo.com
Process finished, return code=1
stdout=
stderr=
Unable to sync time with IPA NTP server, assuming the time is in sync.
Please check that 123 UDP port is opened.
Writing Kerberos configuration to /tmp/tmpBuP7iE:
#File modified by ipa-client-install

includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
   default_realm = BOINGO.COM
   dns_lookup_realm = false
   dns_lookup_kdc = false
   rdns = false
   ticket_lifetime = 24h
   forwardable = yes

[realms]
   BOINGO.COM = {
     kdc = se-idm-01.boingo.com:88
     master_kdc = se-idm-01.boingo.com:88
     admin_server = se-idm-01.boingo.com:749
     default_domain = boingo.com
     pkinit_anchors = FILE:/etc/ipa/ca.crt
   }

[domain_realm]
   .boingo.com = BOINGO.COM
   boingo.com = BOINGO.COM

Password for ad...@boingo.com:
Starting external process
args=kinit ad...@boingo.com
Process finished, return code=0
stdout=Password for ad...@boingo.com:

stderr=
trying to retrieve CA cert via LDAP from se-idm-01.boingo.com
flushing ldap://se-idm-01.boingo.com:389 from SchemaCache
retrieving schema for SchemaCache url=ldap://se-idm-01.boingo.com:389
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x140ff80>
Existing CA cert and Retrieved CA cert are identical
Starting external process
args=/usr/sbin/ipa-join -s se-idm-01.boingo.com -b dc=boingo,dc=com -d
-h se-idm-ubuntu-client-01.boingo.com -f
Process finished, return code=0
stdout=
stderr=XML-RPC CALL:

<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.2.0-58-generic</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n

XML-RPC RESPONSE:

<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=se-idm-ubuntu-client-01.boingo.com,cn=computers,cn=accounts,dc=boingo,dc=com</string></value>\n
<value><struct>\n
<member>\n
<name>sshpubkeyfp</name>\n
<value><array><data>\n
<value><string>F9:63:24:7C:AF:AF:10:F8:1E:C2:16:69:FE:EF:57:18
root@1204base (ssh-dss)</string></value>\n
<value><string>85:E8:4E:22:E6:7E:73:0D:10:5C:CB:1A:FC:8B:DE:5C
root@1204base (ssh-rsa)</string></value>\n
<value><string>B8:BF:50:00:03:BF:AD:71:34:28:CE:83:0A:74:5E:8A
root@1204base (ecdsa-sha2-nistp256)</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
<member>\n
<name>ipasshpubkey</name>\n
<value><array><data>\n
<value><string>ssh-dss
AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
root@1204base</string></value>\n
<value><string>ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
root@1204base</string></value>\n
<value><string>ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw=
root@1204base</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>usercertificate</name>\n
<value><array><data>\n
<value><base64>\n
MIIDqTCCApGgAwIBAgIBGjANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpCT0lOR08uQ09NMR4w\n
HAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTQwMjIxMTc1MzI5WhcNMTYwMjIyMTc1\n
MzI5WjBCMRMwEQYDVQQKEwpCT0lOR08uQ09NMSswKQYDVQQDEyJzZS1pZG0tdWJ1bnR1LWNsaWVu\n
dC0wMS5ib2luZ28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2f//2Wz6UwUp\n
EErhWDHE+maebFuN82TQnYoAkrDGkebMOmtbLIy8fa7BdY5VNf+bJrLZkoGVq5us9aTc+s1YX63P\n
rmbPjFbO8+vL9I8IVIUutkUTNEhpVm0xiFe+n6jF7OXnjo/sfYZ1zT2QUyLN3TMF97hU2+QBItuJ\n
XY7ChOWk++YeYjgPK0xkcjbMZkNGKxKFF1qURmZVvj0VLgUxX8UwwFQZZK2XEg1Iexa+4SsKhdJN\n
wNagw1x99CiUXChn7V4lYZe8Uk7QDalGrgQTCVAIT+/9IpR94H6N68bHYA/hdBmV1JshTrL2Uhr0\n
Z2eNSjv3bpHC7BqeyWLllLw55wIDAQABo4G2MIGzMB8GA1UdIwQYMBaAFC53PmsjH7HOB4yeCQkD\n
z3yaIEbNMEIGCCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3NlLWlkbS0wMS5ib2lu\n
Z28uY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n
BgEFBQcDAjAdBgNVHQ4EFgQU7XOSHg+lb/Yizi5G81VQAT0VPQswDQYJKoZIhvcNAQELBQADggEB\n
AGL9mbEyxQSv9d1dbMIW1V4NOBOJFKYmEXKxuQtrOEUDTN7H7IGNm7grMgOMYzrLYs1ftRxXrySF\n
d8k/B3q8LBV2RQ7d0pT67cRH+YV6csmtpZ+YSOYSR+0e6F6BIsMCAU8lsjA7qvVYuaFCc+wvdiIp\n
rea4piqV+lxWp1m0b/mdFuCbLyXao+pr2F5JhCHueHnn14I3k+E78f07hQUccOuS0BELWo9chy+l\n
co7djPuzeG8MKTTr7+9L47dqhKhrY4sHyS+LhaUf3Y+irbLxgeqiBIjkV4TVkfZNZg4b6NvajgKM\n
L9bj5XRwrSAhv1YccwzE1GDOOrp2j3LRYIcEUok=\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAKVkgdTaG9zdC9zZS1pZG0tdWJ1bnR1LWNsaWVudC0wMS5ib2luZ28uY29tQEJPSU5HTy5DT00A\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_password</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>subject</name>\n
<value><string>CN=se-idm-ubuntu-client-01.boingo.com,O=BOINGO.COM</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=BOINGO.COM</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>sha1_fingerprint</name>\n
<value><string>60:5c:7f:f5:e7:77:b7:3c:0c:c8:c0:07:3f:c3:00:18:c1:dd:9d:af</string></value>\n
</member>\n
<member>\n
<name>krblastsuccessfulauth</name>\n
<value><array><data>\n
<value><string>20140221181453Z</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serial_number</name>\n
<value><string>26</string></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>admin</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=se-idm-ubuntu-client-01.boingo.com,cn=computers,cn=accounts,dc=boingo,dc=com</string></value>\n
</member>\n
<member>\n
<name>issuer</name>\n
<value><string>CN=Certificate Authority,O=BOINGO.COM</string></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>459b077c-9b20-11e3-89c9-782bcb03bc6d</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/se-idm-ubuntu-client-01.boingo....@boingo.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>se-idm-ubuntu-client-01</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaobject</string></value>\n
<value><string>nshost</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>ieee802device</string></value>\n
<value><string>ipasshhost</string></value>\n
<value><string>top</string></value>\n
<value><string>ipaSshGroupOfPubKeys</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>valid_not_before</name>\n
<value><string>Fri Feb 21 17:53:29 2014 UTC</string></value>\n
</member>\n
<member>\n
<name>valid_not_after</name>\n
<value><string>Mon Feb 22 17:53:29 2016 UTC</string></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>se-idm-ubuntu-client-01.boingo.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>md5_fingerprint</name>\n
<value><string>bb:dc:38:b3:19:ab:7c:07:27:31:f9:a7:78:a4:98:16</string></value>\n
</member>\n
<member>\n
<name>serial_number_hex</name>\n
<value><string>0x1A</string></value>\n
</member>\n
<member>\n
<name>krblastpwdchange</name>\n
<value><array><data>\n
<value><string>20140221175325Z</string></value>\n
</data></array></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n

Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=BOINGO.COM

Enrolled in IPA realm BOINGO.COM
Starting external process
args=kdestroy
Process finished, return code=0
stdout=
stderr=
Starting external process
args=/usr/bin/kinit -k -t /etc/krb5.keytab
host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=0
stdout=
stderr=
Backing up system configuration file '/etc/ipa/default.conf'
   -> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
importing all plugin modules in
'/usr/lib/python2.7/dist-packages/ipalib/plugins'...
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/entitle.py'
skipping plugin module ipalib.plugins.entitle: No module named
rhsm.connection
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
Starting external process
args=klist -V
Process finished, return code=0
stdout=Kerberos 5 version 1.10-beta1

stderr=
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
importing plugin module
'/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
Backing up system configuration file '/etc/sssd/sssd.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Domain boingo.com is already configured in existing SSSD config,
creating a new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during
uninstall.
Configured /etc/sssd/sssd.conf
Starting external process
args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
/etc/ipa/ca.crt
Process finished, return code=0
stdout=
stderr=
Backing up system configuration file '/etc/krb5.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install

includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
   default_realm = BOINGO.COM
   dns_lookup_realm = false
   dns_lookup_kdc = false
   rdns = false
   ticket_lifetime = 24h
   forwardable = yes

[realms]
   BOINGO.COM = {
     kdc = se-idm-01.boingo.com:88
     master_kdc = se-idm-01.boingo.com:88
     admin_server = se-idm-01.boingo.com:749
     default_domain = boingo.com
     pkinit_anchors = FILE:/etc/ipa/ca.crt
   }

[domain_realm]
   .boingo.com = BOINGO.COM
   boingo.com = BOINGO.COM

Configured /etc/krb5.conf for IPA realm BOINGO.COM
Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

failed to find session_cookie in persistent storage for principal
'host/se-idm-ubuntu-client-01.boingo....@boingo.com'
trying https://se-idm-01.boingo.com/ipa/xml
Created connection context.xmlclient
raw: env(None, server=True)
env(None, server=True, all=True)
Forwarding 'env' to server u'https://se-idm-01.boingo.com/ipa/xml'
NSSConnection init se-idm-01.boingo.com
Connecting: 66.103.90.130:0
auth_certificate_callback: check_sig=True is_server=False
Data:
         Version: 3 (0x2)
         Serial Number: 10 (0xa)
         Signature Algorithm:
             Algorithm: PKCS #1 SHA-256 With RSA Encryption
         Issuer: CN=Certificate Authority,O=BOINGO.COM
         Validity:
             Not Before: Wed Jan 22 23:22:58 2014 UTC
             Not After : Sat Jan 23 23:22:58 2016 UTC
         Subject: CN=se-idm-01.boingo.com,O=BOINGO.COM
         Subject Public Key Info:
             Public Key Algorithm:
                 Algorithm: PKCS #1 RSA Encryption
             RSA Public Key:
                 Modulus:
                     da:61:36:ca:15:d7:7f:e1:8d:6d:8b:16:f1:36:66:db:
                     52:77:cb:54:45:24:70:ec:fb:f7:e9:3b:65:e3:39:65:
                     fe:56:90:8c:f6:6c:da:2c:7e:e4:96:6d:f8:60:57:02:
                     93:db:91:7e:96:d1:03:03:34:ab:0a:90:39:6d:8a:e0:
                     92:a1:1c:62:3c:61:24:51:b8:e0:87:96:5f:a0:24:85:
                     2b:c5:43:4e:52:fd:a8:f9:28:25:00:84:53:31:51:e0:
                     01:02:57:3d:48:26:b4:99:c4:aa:5a:51:36:f6:0f:14:
                     b2:ad:f1:15:10:05:86:ee:d1:d0:32:5b:c4:7b:4c:db:
                     82:28:3d:62:36:43:e0:c3:7b:ed:c9:b9:c4:58:34:a1:
                     be:c5:1e:c0:b6:c7:9c:5b:1e:1d:48:b6:22:41:0e:e2:
                     4f:43:e0:1b:e2:64:f4:57:69:67:10:64:04:7a:a4:0a:
                     73:c5:6e:39:28:0b:76:9b:2b:b8:36:6a:59:e3:5e:84:
                     50:ce:b6:e3:19:43:c0:f4:85:02:81:39:74:91:f5:22:
                     04:c3:1f:49:64:39:b9:29:64:de:c4:69:76:56:a1:78:
                     58:fd:33:28:62:77:1f:4a:3f:9d:8d:11:d2:00:0a:c0:
                     73:1f:4f:42:89:26:a5:f2:93:a3:07:ef:3e:80:50:45
                 Exponent: 65537 (0x10001)
     Signed Extensions: (5)
         Name: Certificate Authority Key Identifier
         Critical: False
         Key ID:
             2e:77:3e:6b:23:1f:b1:ce:07:8c:9e:09:09:03:cf:7c:
             9a:20:46:cd
         Serial Number: None
         General Names: [0 total]

         Name: Authority Information Access
         Critical: False

         Name: Certificate Key Usage
         Critical: True
         Usages:
             Digital Signature
             Non-Repudiation
             Key Encipherment
             Data Encipherment

         Name: Extended Key Usage
         Critical: False
         Usages:
             TLS Web Server Authentication Certificate
             TLS Web Client Authentication Certificate

         Name: Certificate Subject Key ID
         Critical: False
         Data:
             c5:83:cc:e3:c4:64:6f:f1:67:47:f3:cd:6a:bd:f5:2c:
             ac:91:1e:0c

     Signature:
         Signature Algorithm:
             Algorithm: PKCS #1 SHA-256 With RSA Encryption
         Signature:
             b1:5d:69:6a:52:2a:42:4c:f7:4c:1e:f5:6e:4c:87:30:
             f5:f5:ab:9c:ad:e5:7e:8c:e1:54:95:1d:53:56:8f:8f:
             fc:a7:de:f2:61:f7:cd:a9:79:a7:a2:53:dd:8d:19:89:
             ce:fb:92:bb:ca:d7:4f:84:e2:63:9b:b6:b6:a0:aa:24:
             10:ac:7c:ce:17:09:d1:4e:2a:8e:ae:55:fc:0a:11:52:
             ab:23:8b:25:85:15:3c:f3:bb:0a:51:11:4f:fc:87:e1:
             0e:ca:12:cc:15:d4:36:57:a8:a4:db:42:0e:d1:1e:dc:
             1f:64:33:34:da:58:4d:a6:39:ff:b5:2c:50:6c:99:67:
             ff:af:c0:65:d1:f6:d9:33:d5:a8:c9:9c:e3:6e:fa:b7:
             96:09:cd:73:eb:80:21:7d:04:af:ce:fb:76:d8:b1:ef:
             b0:23:50:85:1c:34:9c:a2:9c:d7:c2:fd:0d:f0:bd:1f:
             98:ec:19:03:00:47:17:9b:a2:1d:09:3f:04:3c:59:4c:
             81:51:38:f0:e8:1e:74:49:5e:76:a1:d6:9a:9b:3d:fe:
             85:12:37:6b:3f:c7:a7:62:ce:ea:68:d8:ff:47:5a:74:
             41:ab:ea:0c:6a:35:e9:57:a6:3b:1f:c9:e1:12:87:8b:
             81:eb:c4:73:c8:a9:4d:88:a9:40:22:f9:66:06:70:b4
         Fingerprint (MD5):
             43:6b:f7:a8:12:d6:72:2f:3c:36:60:ff:ea:6b:53:a9
         Fingerprint (SHA1):
             91:b6:61:43:5d:0b:d0:14:cf:71:c8:c6:20:88:74:be:
             ce:ad:a0:53
approved_usage = SSLServer intended_usage = SSLServer
cert valid True for "CN=se-idm-01.boingo.com,O=BOINGO.COM"
handshake complete, peer = 66.103.90.130:443
received Set-Cookie 'ipa_session=feebdfa3447e7a8bdae71ad28871835e;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014
19:47:41 GMT; Secure; HttpOnly'
storing cookie 'ipa_session=feebdfa3447e7a8bdae71ad28871835e;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014
19:47:41 GMT; Secure; HttpOnly' for principal
host/se-idm-ubuntu-client-01.boingo....@boingo.com
Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

Starting external process
args=keyctl padd user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com @s
Process finished, return code=0
stdout=546101869

stderr=
Hostname (se-idm-ubuntu-client-01.boingo.com) not found in DNS
Writing nsupdate commands to /etc/ipa/.dns_update.txt:

zone boingo.com.
update delete se-idm-ubuntu-client-01.boingo.com. IN A
send
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN A 23.253.21.58
send

Starting external process
args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
Process finished, return code=1
stdout=
stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS
failure.  Minor code may provide more information, Minor = Server
DNS/ns-1454.awsdns-53....@boingo.com not found in Kerberos database.

nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt'
returned non-zero exit status 1
Failed to update DNS records.
Starting external process
args=/usr/sbin/service dbus status
Process finished, return code=0
stdout=dbus start/running, process 1004

stderr=
Starting external process
args=/usr/sbin/service certmonger restart
Process finished, return code=0
stdout=certmonger stop/waiting
certmonger start/running

stderr=
Starting external process
args=/usr/sbin/service certmonger status
Process finished, return code=0
stdout=certmonger start/running

stderr=
Starting external process
args=/usr/sbin/service certmonger stop
Process finished, return code=0
stdout=certmonger stop/waiting

stderr=
certmonger failed to stop: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
Starting external process
args=/usr/sbin/service certmonger restart
Process finished, return code=0
stdout=certmonger start/running

stderr=stop: Unknown instance:

Starting external process
args=/usr/sbin/service certmonger status
Process finished, return code=0
stdout=certmonger start/running

stderr=
Starting external process
args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate -
se-idm-ubuntu-client-01.boingo.com -N
CN=se-idm-ubuntu-client-01.boingo.com,O=BOINGO.COM -K
host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=Certificate at same location is already used by request with
nickname "20140221175328".

stderr=
certmonger request for host certificate failed
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
raw: host_mod(u'se-idm-ubuntu-client-01.boingo.com',
ipasshpubkey=[u'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
root@1204base', u'ssh-dss
AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
root@1204base', u'ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw=
root@1204base'], updatedns=False)
host_mod(u'se-idm-ubuntu-client-01.boingo.com', random=False,
ipasshpubkey=(u'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCsoydbxu62xM4SHZbrPpPg95+iFLft7NnVvxPXr4rSQTUzrb+yUE1Eas5+/2wuyO3cYFPLVEe0hPF+7UHfRS7O/PiAZKvz7dSklt16lkq3BuHKi52IVwNgxsQfbD84FDCY1CaGeUScpAIVZ6JVc6D4+JM/INPsvStqreegqUy/bZRZ+YuT11AdxVTsOCwfCJWgyBPL5yDb11VfFglLm/8KnZ6asgyDeuaLNxwBySnifICX0WTx7VoQ1w8p+5Ncf7VAO8fojOZ/SwMqqP9ym7JT6OJvKL/ROd/5yZ/F21bmjZ/wKSrZDuhpZa+t6Qfn+ImrQm19VPhgdQsNZPhlE5Lv
root@1204base', u'ssh-dss
AAAAB3NzaC1kc3MAAACBAPC0DSpZuBTz08MTehuPVq2IDPZMjSpmZz+zuQ9UbAb2yzWspsUfH3FRXMsp5M/NjKjZEUt+f5u24Q6D20Puo1qlhSW6KZv9xtx3Az/zWskvyE5XltCarOjokyjIdF4tcdlpI2onXKJBcUatZI1P9PHe+zEWMY+kbPmQ1R8h2mJTAAAAFQC1Xlgau1z17rjf5HkIBBk+d5WHJQAAAIEAut8bZLpXb1oKCQnTPV4PTXI0bAdIJWHf/4H1HN3E3rUwWwnGY/JiABBDxBJwdGnuYA9EpHZqx9+zkE86XS64Oh48VLvoVKmzMjALKnsMRDe4T5RUkxmOul36Iv+ughRNBRdO013N/j6ABj/6je73AYUGz3mKrWB+tz/szUZMAcsAAACAF73ttJiAMtcydaa63zCD+XldAk6jQwXgz0kBNTVq/n4CdFK4M+NxpH4YN93g5BQZ2IsfOlUUqrZiNy/BLrvqLBJJS+nhyLLKYEyBeiP6dnmVWw7R7A4ZX8osd4PyEAcCcfdzYGxvOJ8x5PdGu8ev8ytVEluxeHyW59vEvKlHBM0=
root@1204base', u'ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3ijpgDWM3+GwSGZrRIr5pXPfjJB+BXtUubwAebdVsXjgQPfD0lUjyF8jsn4Znz2PV8TFTJeCY9Nsg57aRcMmw=
root@1204base'), rights=False, updatedns=False, all=False, raw=False)
Forwarding 'host_mod' to server u'https://se-idm-01.boingo.com/ipa/xml'
NSSConnection init se-idm-01.boingo.com
Connecting: 66.103.90.130:0
handshake complete, peer = 66.103.90.130:443
received Set-Cookie 'ipa_session=19d25037e9a9416d6201a0fbd3faaccb;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014
19:47:43 GMT; Secure; HttpOnly'
storing cookie 'ipa_session=19d25037e9a9416d6201a0fbd3faaccb;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014
19:47:43 GMT; Secure; HttpOnly' for principal
host/se-idm-ubuntu-client-01.boingo....@boingo.com
Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available

Starting external process
args=keyctl padd user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com @s
Process finished, return code=0
stdout=1008872903

stderr=
Caught fault 4202 from server https://se-idm-01.boingo.com/ipa/xml: no
modifications to be performed
Starting external process
args=/usr/sbin/service nscd status
Process finished, return code=1
stdout=
stderr=nscd: unrecognized service

Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to