On 03/19/2014 10:37 PM, Shree wrote:
> I was able to successfully move all my clients to the replica except on the
> process I had to upgrade the client to "ipa-client-3.0.0-37.el6.x86_64" and
> some times run a --uninstall
> . Bit it works for the most part. Have been struggling with one last host
> with errors like below. I have tested the port connectivity using telnet and
> netcat commands but the install thinks these ports are blocked?
> kerberos authentication failed
> kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial
> Please make sure the following ports are opened in the firewall settings:
> TCP: 80, 88, 389
> UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> Also note that following ports are necessary for ipa-client working properly
> after enrollment:
> TCP: 464
> UDP: 464, 123 (if NTP enabled)
> Installation failed. Rolling back changes.
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> Restoring client configuration files
> Client uninstall complete.
> [root@www /]#
> In the /var/log/ipaclient-install.log I also see things like below. I get
> Autodiscovery failures but I am manually entering things and they have been
> 2014-03-19T21:13:47Z DEBUG Found:
> 2014-03-19T21:13:47Z DEBUG Discovery result: Success;
> server=ldap2.mydomain.com, domain=mydomain.com, kdc=ldap.mydomain.com,
> 2014-03-19T21:13:47Z DEBUG Validated servers: ldap2.mydomain.com
> 2014-03-19T21:13:47Z WARNING The failure to use DNS to find your IPA server
> indicates that your resolv.conf file is not properly configured.
> 2014-03-19T21:13:47Z INFO Autodiscovery of servers for failover cannot work
> with this configuration.
> 2014-03-19T21:13:47Z INFO If you proceed with the installation, services will
> be configured to always access the discovered server for all operations and
> will not fail over to other servers in case of failure.
Ok. I would guess you have some DNS issue. But it is hard to tell without the
entire ipaclient-install.log of the failed installation.
Freeipa-users mailing list