I have been trying to figure this out for a while now but when I join a
machine to FreeIPA, the installer properly creates forward DNS entries,
and DNSSSHFP entries, but does not create reverse entries. Without the
PTR records, kerberos logins are always failing on these machines.
The reverse zones exist, all DNS is managed by FreeIPA, and I am able to
manually add the entries just fine.
Environment :
Servers : CentOS7, FreeIPA 4.1.4
Clients : CentOS 6.5, FreeIPA client 3.0.0-42
I have tried this both with the Internal FreeIPA 'admin' user as the join
user and as another user called 'joinscript' which has the host enrollment
and DNS administrator privileges.
Here is the ipa-client install log:
2015-09-11T16:24:05Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': None, 'force': False, 'krb5_offline_passwords': True,
'primary': False, 'mkhomedir': True, 'create_sshfp': True, 'conf_sshd':
True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'server':
None, 'no_nisdomain': False, 'principal': 'joinscript', 'hostname':
'ipaclient.ipadomain.net', 'no_ac': False, 'unattended': True, 'sssd':
True, 'trust_sshfp': False, 'realm_name': None, 'dns_updates': True,
'conf_sudo': True, 'conf_ssh': True, 'force_join': True, 'ca_cert_file':
None, 'nisdomain': None, 'prompt_password': False, 'permit': False,
'debug': False, 'preserve_sssd': False, 'uninstall': False}
2015-09-11T16:24:05Z DEBUG missing options might be asked for
interactively later
2015-09-11T16:24:05Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:05Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:05Z DEBUG [IPA Discovery]
2015-09-11T16:24:05Z DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=ipaclient.ipadomain.net
2015-09-11T16:24:05Z DEBUG Start searching for LDAP SRV record in
"ipadomain.net" (domain of the hostname) and its sub-domains
2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of
_ldap._tcp.ipadomain.net.
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc1.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc2.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG [Kerberos realm search]
2015-09-11T16:24:05Z DEBUG Search DNS for TXT record of
_kerberos.ipadomain.net.
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_kerberos.ipadomain.net.,type:16,class:1,rdata={data:ipadomain.net}
2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of
_kerberos._udp.ipadomain.net.
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_kerberos._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:dc2.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_kerberos._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:dc1.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG [LDAP server check]
2015-09-11T16:24:05Z DEBUG Verifying that dc1.ipadomain.net (realm
ipadomain.net) is an IPA server
2015-09-11T16:24:05Z DEBUG Init LDAP connection with:
ldap://dc1.ipadomain.net:389
2015-09-11T16:24:05Z DEBUG Search LDAP server for IPA base DN
2015-09-11T16:24:05Z DEBUG Check if naming context 'dc=ipadomain,dc=net'
is for IPA
2015-09-11T16:24:05Z DEBUG Naming context 'dc=ipadomain,dc=net' is a valid
IPA context
2015-09-11T16:24:05Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=ipadomain,dc=net (sub)
2015-09-11T16:24:05Z DEBUG Found:
cn=ipadomain.net,cn=kerberos,dc=ipadomain,dc=net
2015-09-11T16:24:05Z DEBUG Discovery result: Success;
server=dc1.ipadomain.net, domain=ipadomain.net,
kdc=dc2.ipadomain.net,dc1.ipadomain.net, basedn=dc=ipadomain,dc=net
2015-09-11T16:24:05Z DEBUG Validated servers: dc1.ipadomain.net
2015-09-11T16:24:05Z DEBUG will use discovered domain: ipadomain.net
2015-09-11T16:24:05Z DEBUG Start searching for LDAP SRV record in
"ipadomain.net" (Validating DNS Discovery) and its sub-domains
2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of
_ldap._tcp.ipadomain.net.
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc2.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc1.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG DNS validated, enabling discovery
2015-09-11T16:24:05Z DEBUG will use discovered server: dc1.ipadomain.net
2015-09-11T16:24:05Z INFO Discovery was successful!
2015-09-11T16:24:05Z DEBUG will use discovered realm: ipadomain.net
2015-09-11T16:24:05Z DEBUG will use discovered basedn: dc=ipadomain,dc=net
2015-09-11T16:24:05Z INFO Hostname: ipaclient.ipadomain.net
2015-09-11T16:24:05Z DEBUG Hostname source: Provided as option
2015-09-11T16:24:05Z INFO Realm: ipadomain.net
2015-09-11T16:24:05Z DEBUG Realm source: Discovered from LDAP DNS records
in dc1.ipadomain.net
2015-09-11T16:24:05Z INFO DNS Domain: ipadomain.net
2015-09-11T16:24:05Z DEBUG DNS Domain source: Discovered LDAP SRV records
from ipadomain.net (domain of the hostname)
2015-09-11T16:24:05Z INFO IPA Server: dc1.ipadomain.net
2015-09-11T16:24:05Z DEBUG IPA Server source: Discovered from LDAP DNS
records in dc1.ipadomain.net
2015-09-11T16:24:05Z INFO BaseDN: dc=ipadomain,dc=net
2015-09-11T16:24:05Z DEBUG BaseDN source: From IPA server
ldap://dc1.ipadomain.net:389
2015-09-11T16:24:05Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab
-r ipadomain.net
2015-09-11T16:24:05Z DEBUG stdout=
2015-09-11T16:24:05Z DEBUG stderr=Failed to open keytab
'/etc/krb5.keytab': No such file or directory
2015-09-11T16:24:05Z DEBUG args=/bin/hostname ipaclient.ipadomain.net
2015-09-11T16:24:05Z DEBUG stdout=
2015-09-11T16:24:05Z DEBUG stderr=
2015-09-11T16:24:05Z DEBUG Backing up system configuration file
'/etc/sysconfig/network'
2015-09-11T16:24:05Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:05Z DEBUG args=/usr/sbin/selinuxenabled
2015-09-11T16:24:05Z DEBUG stdout=
2015-09-11T16:24:05Z DEBUG stderr=
2015-09-11T16:24:05Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:05Z INFO Synchronizing time with KDC...
2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of
_ntp._udp.ipadomain.net.
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ntp._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:dc1.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG DNS record found:
DNSResult::name:_ntp._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:dc2.ipadomain.net.}
2015-09-11T16:24:05Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
dc1.ipadomain.net
2015-09-11T16:24:05Z DEBUG stdout=
2015-09-11T16:24:05Z DEBUG stderr=
2015-09-11T16:24:05Z DEBUG Writing Kerberos configuration to /tmp/tmpfa2hME:
2015-09-11T16:24:05Z DEBUG #File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = ipadomain.net
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
ipadomain.net = {
kdc = dc1.ipadomain.net:88
master_kdc = dc1.ipadomain.net:88
admin_server = dc1.ipadomain.net:749
default_domain = ipadomain.net
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.ipadomain.net = ipadomain.net
ipadomain.net = ipadomain.net
2015-09-11T16:24:05Z DEBUG args=kinit joinscr...@ipadomain.net
2015-09-11T16:24:05Z DEBUG stdout=Password for joinscr...@ipadomain.net:
2015-09-11T16:24:05Z DEBUG stderr=
2015-09-11T16:24:05Z DEBUG trying to retrieve CA cert via LDAP from
ldap://dc1.ipadomain.net
2015-09-11T16:24:06Z INFO Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=ipadomain.net
Issuer: CN=Certificate Authority,O=ipadomain.net
Valid From: Wed Mar 25 18:48:27 2015 UTC
Valid Until: Sun Mar 25 18:48:27 2035 UTC
2015-09-11T16:24:07Z DEBUG args=/usr/sbin/ipa-join -s dc1.ipadomain.net -b
dc=ipadomain,dc=net -h ipaclient.ipadomain.net -f
2015-09-11T16:24:07Z DEBUG stdout=
2015-09-11T16:24:07Z DEBUG stderr=Keytab successfully retrieved and stored
in: /etc/krb5.keytab
Certificate subject base is: O=ipadomain.net
2015-09-11T16:24:07Z INFO Enrolled in IPA realm ipadomain.net
2015-09-11T16:24:07Z DEBUG args=kdestroy
2015-09-11T16:24:07Z DEBUG stdout=
2015-09-11T16:24:07Z DEBUG stderr=
2015-09-11T16:24:07Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab
host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:07Z DEBUG stdout=
2015-09-11T16:24:07Z DEBUG stderr=
2015-09-11T16:24:07Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2015-09-11T16:24:07Z DEBUG -> Not backing up - '/etc/ipa/default.conf'
doesn't exist
2015-09-11T16:24:07Z INFO Created /etc/ipa/default.conf
2015-09-11T16:24:07Z DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
2015-09-11T16:24:07Z DEBUG args=klist -V
2015-09-11T16:24:07Z DEBUG stdout=Kerberos 5 version 1.10.3
2015-09-11T16:24:07Z DEBUG stderr=
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
2015-09-11T16:24:07Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
2015-09-11T16:24:08Z DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2015-09-11T16:24:08Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf'
doesn't exist
2015-09-11T16:24:08Z INFO New SSSD config will be created
2015-09-11T16:24:08Z DEBUG Backing up system configuration file
'/etc/nsswitch.conf'
2015-09-11T16:24:08Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:08Z INFO Configured sudoers in /etc/nsswitch.conf
2015-09-11T16:24:08Z INFO Configured /etc/sssd/sssd.conf
2015-09-11T16:24:08Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n
IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2015-09-11T16:24:08Z DEBUG stdout=
2015-09-11T16:24:08Z DEBUG stderr=
2015-09-11T16:24:08Z DEBUG Backing up system configuration file
'/etc/krb5.conf'
2015-09-11T16:24:08Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:08Z DEBUG Writing Kerberos configuration to /etc/krb5.conf:
2015-09-11T16:24:08Z DEBUG #File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = ipadomain.net
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
ipadomain.net = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.ipadomain.net = ipadomain.net
ipadomain.net = ipadomain.net
2015-09-11T16:24:08Z INFO Configured /etc/krb5.conf for IPA realm
ipadomain.net
2015-09-11T16:24:08Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:08Z DEBUG stdout=
2015-09-11T16:24:08Z DEBUG stderr=keyctl_search: Required key not available
2015-09-11T16:24:09Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:09Z DEBUG stdout=
2015-09-11T16:24:09Z DEBUG stderr=keyctl_search: Required key not available
2015-09-11T16:24:09Z DEBUG failed to find session_cookie in persistent
storage for principal 'host/ipaclient.ipadomain....@ipadomain.net'
2015-09-11T16:24:09Z INFO trying https://dc1.ipadomain.net/ipa/xml
2015-09-11T16:24:09Z DEBUG NSSConnection init dc1.ipadomain.net
2015-09-11T16:24:09Z DEBUG Connecting: 10.21.0.99:0
2015-09-11T16:24:09Z DEBUG auth_certificate_callback: check_sig=True
is_server=False
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ipadomain.net
Validity:
Not Before: Wed Mar 25 18:49:48 2015 UTC
Not After: Sat Mar 25 18:49:48 2017 UTC
Subject: CN=dc1.ipadomain.net,O=ipadomain.net
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b:
af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c:
32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8:
18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da:
a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc:
d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3:
a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00:
f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4:
c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10:
fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04:
28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8:
1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8:
3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70:
0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2:
16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2:
5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef
Exponent:
65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1:
65:eb:9b:60
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0:
19:a1:b7:c6
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14:
78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc:
b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4:
4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46:
34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66:
37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2:
96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55:
aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96:
45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a:
aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96:
21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5:
a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c:
b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77:
7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40:
4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26:
21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70
Fingerprint (MD5):
00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e
Fingerprint (SHA1):
6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa:
a8:3b:8c:aa
2015-09-11T16:24:09Z DEBUG approved_usage = SSLServer intended_usage =
SSLServer
2015-09-11T16:24:09Z DEBUG cert valid True for
"CN=dc1.ipadomain.net,O=ipadomain.net"
2015-09-11T16:24:09Z DEBUG handshake complete, peer = 10.21.0.99:443
2015-09-11T16:24:10Z DEBUG received Set-Cookie
'ipa_session=1509570e24e6e2a523849d0eaefc3284; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:09 GMT; Secure; HttpOnly'
2015-09-11T16:24:10Z DEBUG storing cookie
'ipa_session=1509570e24e6e2a523849d0eaefc3284; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:09 GMT; Secure; HttpOnly' for
principal host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG stdout=
2015-09-11T16:24:10Z DEBUG stderr=keyctl_search: Required key not available
2015-09-11T16:24:10Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG stdout=
2015-09-11T16:24:10Z DEBUG stderr=keyctl_search: Required key not available
2015-09-11T16:24:10Z DEBUG args=keyctl padd user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net @s
2015-09-11T16:24:10Z DEBUG stdout=371130706
2015-09-11T16:24:10Z DEBUG stderr=
2015-09-11T16:24:10Z DEBUG Created connection context.xmlclient
2015-09-11T16:24:10Z DEBUG raw: env(None, server=True)
2015-09-11T16:24:10Z DEBUG env(None, server=True, all=True)
2015-09-11T16:24:10Z INFO Forwarding 'env' to server
u'https://dc1.ipadomain.net/ipa/xml'
2015-09-11T16:24:10Z DEBUG NSSConnection init dc1.ipadomain.net
2015-09-11T16:24:10Z DEBUG Connecting: 10.21.0.99:0
2015-09-11T16:24:10Z DEBUG auth_certificate_callback: check_sig=True
is_server=False
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ipadomain.net
Validity:
Not Before: Wed Mar 25 18:49:48 2015 UTC
Not After: Sat Mar 25 18:49:48 2017 UTC
Subject: CN=dc1.ipadomain.net,O=ipadomain.net
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b:
af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c:
32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8:
18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da:
a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc:
d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3:
a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00:
f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4:
c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10:
fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04:
28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8:
1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8:
3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70:
0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2:
16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2:
5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef
Exponent:
65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1:
65:eb:9b:60
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0:
19:a1:b7:c6
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14:
78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc:
b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4:
4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46:
34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66:
37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2:
96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55:
aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96:
45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a:
aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96:
21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5:
a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c:
b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77:
7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40:
4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26:
21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70
Fingerprint (MD5):
00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e
Fingerprint (SHA1):
6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa:
a8:3b:8c:aa
2015-09-11T16:24:10Z DEBUG approved_usage = SSLServer intended_usage =
SSLServer
2015-09-11T16:24:10Z DEBUG cert valid True for
"CN=dc1.ipadomain.net,O=ipadomain.net"
2015-09-11T16:24:10Z DEBUG handshake complete, peer = 10.21.0.99:443
2015-09-11T16:24:10Z DEBUG received Set-Cookie
'ipa_session=c95bf33d955de3ac42471d808c43ac90; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:10 GMT; Secure; HttpOnly'
2015-09-11T16:24:10Z DEBUG storing cookie
'ipa_session=c95bf33d955de3ac42471d808c43ac90; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:10 GMT; Secure; HttpOnly' for
principal host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG stdout=371130706
2015-09-11T16:24:10Z DEBUG stderr=
2015-09-11T16:24:10Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:10Z DEBUG stdout=371130706
2015-09-11T16:24:10Z DEBUG stderr=
2015-09-11T16:24:10Z DEBUG args=keyctl pupdate 371130706
2015-09-11T16:24:10Z DEBUG stdout=
2015-09-11T16:24:10Z DEBUG stderr=
2015-09-11T16:24:10Z WARNING Hostname (ipaclient.ipadomain.net) not found
in DNS
2015-09-11T16:24:10Z DEBUG Writing nsupdate commands to
/etc/ipa/.dns_update.txt:
2015-09-11T16:24:10Z DEBUG
zone ipadomain.net.
update delete ipaclient.ipadomain.net. IN A
send
update add ipaclient.ipadomain.net. 1200 IN A 10.178.37.49
send
2015-09-11T16:24:11Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2015-09-11T16:24:11Z DEBUG stdout=
2015-09-11T16:24:11Z DEBUG stderr=
2015-09-11T16:24:11Z INFO DNS server record set to:
ipaclient.ipadomain.net -> 10.178.37.49
2015-09-11T16:24:11Z DEBUG args=/sbin/service messagebus start
2015-09-11T16:24:11Z DEBUG stdout=Starting system message bus:
2015-09-11T16:24:11Z DEBUG stderr=
2015-09-11T16:24:11Z DEBUG args=/sbin/service messagebus status
2015-09-11T16:24:11Z DEBUG stdout=messagebus (pid 4923) is running...
2015-09-11T16:24:11Z DEBUG stderr=
2015-09-11T16:24:11Z DEBUG args=/sbin/service certmonger restart
2015-09-11T16:24:11Z DEBUG stdout=Stopping certmonger:
�[60G[�[0;31mFAILED�[0;39m]
Starting certmonger: �[60G[�[0;32m OK �[0;39m]
2015-09-11T16:24:11Z DEBUG stderr=
2015-09-11T16:24:11Z DEBUG args=/sbin/service certmonger status
2015-09-11T16:24:11Z DEBUG stdout=certmonger (pid 2604) is running...
2015-09-11T16:24:11Z DEBUG stderr=
2015-09-11T16:24:15Z DEBUG args=/sbin/service certmonger stop
2015-09-11T16:24:15Z DEBUG stdout=Stopping certmonger: �[60G[�[0;32m OK
�[0;39m]
2015-09-11T16:24:15Z DEBUG stderr=
2015-09-11T16:24:19Z DEBUG args=/sbin/service certmonger restart
2015-09-11T16:24:19Z DEBUG stdout=Stopping certmonger:
�[60G[�[0;31mFAILED�[0;39m]
Starting certmonger: �[60G[�[0;32m OK �[0;39m]
2015-09-11T16:24:19Z DEBUG stderr=
2015-09-11T16:24:19Z DEBUG args=/sbin/service certmonger status
2015-09-11T16:24:19Z DEBUG stdout=certmonger (pid 2669) is running...
2015-09-11T16:24:19Z DEBUG stderr=
2015-09-11T16:24:19Z DEBUG args=/sbin/chkconfig certmonger on
2015-09-11T16:24:19Z DEBUG stdout=
2015-09-11T16:24:19Z DEBUG stderr=
2015-09-11T16:24:22Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n
IPA Machine Certificate - ipaclient.ipadomain.net -N
CN=ipaclient.ipadomain.net,O=ipadomain.net -K
host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:22Z DEBUG stdout=New signing request "20150911162421" added.
2015-09-11T16:24:22Z DEBUG stderr=
2015-09-11T16:24:22Z INFO Adding SSH public key from
/etc/ssh/ssh_host_dsa_key.pub
2015-09-11T16:24:22Z INFO Adding SSH public key from
/etc/ssh/ssh_host_rsa_key.pub
2015-09-11T16:24:22Z DEBUG raw: host_mod(u'ipaclient.ipadomain.net',
ipasshpubkey=[u'ssh-dss
AAAAB3NzaC1kc3MAAACBAJGrv+zwBF4eML1Kl3wezXIKb6JHxDck8xqZizCxN7JD3IcJBCWU11w8O7ZrKgLm1x7Eu7Ztd7IRCHHyrv+GRC8W76vms9guupvPikfz94DGiQbj+NSG0yOX2kNJuSMya5zctzygsTrWQesL9t+RVNn5Z/TWSJj2QXpzWwXxCh/JAAAAFQCVD4id71lkdvtguRT0uyjvbd+wTwAAAIAHJwMvVemce0Tsxl9cisjsUWRx75R42pelGOtN0/gpbfEMIDFVG9nNB+xdoVzo0xZHe3t4uybOohB5m7QvPeNSiTvMokfqJYnle7F1OK/KGRIq32z8vpV3ldVcN/6dno8Lf3za3taqKqL8C5BfALmO2YAsh+1T+rkpJijxqYJIGgAAAIBbc2PSnSbKl0jhdy7dyYcQCSGZ2J4xJaP5fZvm8N7yiNXmoGETiWL+oWo9AYmsrrN70KSFceKAsWCcoMxFuDcuRNYH/8Lu85Wh2tIWiKgtYum6hpFsMTPvlvc++bJBMzCITjfraxENTcjzMFdP/kBDLpGQOxtlfsFX+HTyBwLynQ==',
u'ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAxFZBLiL1qo7ZgBiCFhGMmfKESbXr8aC2DmAy0pCg/VtmFWRC/QeWxceM6uhQaDedWOOcsHstT+0RThWrlDq4zUWqFaBx1jNqIj2TJa2wK0BtZrM/DvrnhgovGbiFxYwa/Cl/rlYwNj2v7f3+YItXl9iyxKqdF6kcFloPQeTGafUjx36RDWwk+SL3PeyqsszDEEQuSqRK1ZVShEpQYsVQo/bbP6Juyj3drFo9dIEVZw651whiv+wofKSCU8FD9PYFIqk2ncktPYMq/KBmHflfNl2jvYUUmldwlj1C8EhQ0zQBTZu1/HLrjPJVhOXHQ29D5uvmrR4cTqMZ+XibD7nz0w=='],
updatedns=False)
2015-09-11T16:24:22Z DEBUG host_mod(u'ipaclient.ipadomain.net',
random=False, ipasshpubkey=(u'ssh-dss
AAAAB3NzaC1kc3MAAACBAJGrv+zwBF4eML1Kl3wezXIKb6JHxDck8xqZizCxN7JD3IcJBCWU11w8O7ZrKgLm1x7Eu7Ztd7IRCHHyrv+GRC8W76vms9guupvPikfz94DGiQbj+NSG0yOX2kNJuSMya5zctzygsTrWQesL9t+RVNn5Z/TWSJj2QXpzWwXxCh/JAAAAFQCVD4id71lkdvtguRT0uyjvbd+wTwAAAIAHJwMvVemce0Tsxl9cisjsUWRx75R42pelGOtN0/gpbfEMIDFVG9nNB+xdoVzo0xZHe3t4uybOohB5m7QvPeNSiTvMokfqJYnle7F1OK/KGRIq32z8vpV3ldVcN/6dno8Lf3za3taqKqL8C5BfALmO2YAsh+1T+rkpJijxqYJIGgAAAIBbc2PSnSbKl0jhdy7dyYcQCSGZ2J4xJaP5fZvm8N7yiNXmoGETiWL+oWo9AYmsrrN70KSFceKAsWCcoMxFuDcuRNYH/8Lu85Wh2tIWiKgtYum6hpFsMTPvlvc++bJBMzCITjfraxENTcjzMFdP/kBDLpGQOxtlfsFX+HTyBwLynQ==',
u'ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAxFZBLiL1qo7ZgBiCFhGMmfKESbXr8aC2DmAy0pCg/VtmFWRC/QeWxceM6uhQaDedWOOcsHstT+0RThWrlDq4zUWqFaBx1jNqIj2TJa2wK0BtZrM/DvrnhgovGbiFxYwa/Cl/rlYwNj2v7f3+YItXl9iyxKqdF6kcFloPQeTGafUjx36RDWwk+SL3PeyqsszDEEQuSqRK1ZVShEpQYsVQo/bbP6Juyj3drFo9dIEVZw651whiv+wofKSCU8FD9PYFIqk2ncktPYMq/KBmHflfNl2jvYUUmldwlj1C8EhQ0zQBTZu1/HLrjPJVhOXHQ29D5uvmrR4cTqMZ+XibD7nz0w=='),
rights=False, updatedns=False, all=False, raw=False, no_members=False)
2015-09-11T16:24:22Z INFO Forwarding 'host_mod' to server
u'https://dc1.ipadomain.net/ipa/xml'
2015-09-11T16:24:22Z DEBUG NSSConnection init dc1.ipadomain.net
2015-09-11T16:24:22Z DEBUG Connecting: 10.21.0.99:0
2015-09-11T16:24:22Z DEBUG auth_certificate_callback: check_sig=True
is_server=False
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=ipadomain.net
Validity:
Not Before: Wed Mar 25 18:49:48 2015 UTC
Not After: Sat Mar 25 18:49:48 2017 UTC
Subject: CN=dc1.ipadomain.net,O=ipadomain.net
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b:
af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c:
32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8:
18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da:
a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc:
d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3:
a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00:
f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4:
c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10:
fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04:
28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8:
1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8:
3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70:
0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2:
16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2:
5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef
Exponent:
65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1:
65:eb:9b:60
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0:
19:a1:b7:c6
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14:
78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc:
b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4:
4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46:
34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66:
37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2:
96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55:
aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96:
45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a:
aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96:
21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5:
a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c:
b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77:
7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40:
4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26:
21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70
Fingerprint (MD5):
00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e
Fingerprint (SHA1):
6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa:
a8:3b:8c:aa
2015-09-11T16:24:22Z DEBUG approved_usage = SSLServer intended_usage =
SSLServer
2015-09-11T16:24:22Z DEBUG cert valid True for
"CN=dc1.ipadomain.net,O=ipadomain.net"
2015-09-11T16:24:22Z DEBUG handshake complete, peer = 10.21.0.99:443
2015-09-11T16:24:22Z DEBUG received Set-Cookie
'ipa_session=cd117f44aa3f0e864e08d44d907e41b8; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:22 GMT; Secure; HttpOnly'
2015-09-11T16:24:22Z DEBUG storing cookie
'ipa_session=cd117f44aa3f0e864e08d44d907e41b8; Domain=dc1.ipadomain.net;
Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:22 GMT; Secure; HttpOnly' for
principal host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:22Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:22Z DEBUG stdout=371130706
2015-09-11T16:24:22Z DEBUG stderr=
2015-09-11T16:24:22Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net
2015-09-11T16:24:22Z DEBUG stdout=371130706
2015-09-11T16:24:22Z DEBUG stderr=
2015-09-11T16:24:22Z DEBUG args=keyctl pupdate 371130706
2015-09-11T16:24:22Z DEBUG stdout=
2015-09-11T16:24:22Z DEBUG stderr=
2015-09-11T16:24:22Z DEBUG Writing nsupdate commands to
/etc/ipa/.dns_update.txt:
2015-09-11T16:24:22Z DEBUG zone ipadomain.net.
update delete ipaclient.ipadomain.net. IN SSHFP
send
update add ipaclient.ipadomain.net. 1200 IN SSHFP 2 1
A26C52744E6753985750E3C2B1C2B10960205317
update add ipaclient.ipadomain.net. 1200 IN SSHFP 1 1
FB6DC352D37F1726884DB2BD2976C8DEB571C3E3
send
2015-09-11T16:24:23Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2015-09-11T16:24:23Z DEBUG stdout=
2015-09-11T16:24:23Z DEBUG stderr=
2015-09-11T16:24:23Z DEBUG args=/sbin/service nscd status
2015-09-11T16:24:23Z DEBUG stdout=
2015-09-11T16:24:23Z DEBUG stderr=nscd: unrecognized service
2015-09-11T16:24:23Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:23Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:23Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:24Z DEBUG args=/usr/sbin/authconfig --enablesssdauth
--enablemkhomedir --update --enablesssd
2015-09-11T16:24:24Z DEBUG stdout=Starting oddjobd: �[60G[�[0;32m OK
�[0;39m]
2015-09-11T16:24:24Z DEBUG stderr=
2015-09-11T16:24:24Z INFO SSSD enabled
2015-09-11T16:24:24Z INFO Configuring ipadomain.net as NIS domain
2015-09-11T16:24:24Z DEBUG args=/bin/nisdomainname
2015-09-11T16:24:24Z DEBUG stdout=(none)
2015-09-11T16:24:24Z DEBUG stderr=
2015-09-11T16:24:24Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:24Z DEBUG args=/usr/sbin/authconfig --update --nisdomain
ipadomain.net
2015-09-11T16:24:24Z DEBUG stdout=
2015-09-11T16:24:24Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG args=/bin/nisdomainname ipadomain.net
2015-09-11T16:24:25Z DEBUG stdout=
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG args=/sbin/service sssd restart
2015-09-11T16:24:25Z DEBUG stdout=Stopping sssd: �[60G[�[0;31mFAILED�[0;39m]
Starting sssd: �[60G[�[0;32m OK �[0;39m]
2015-09-11T16:24:25Z DEBUG stderr=cat: /var/run/sssd.pid: No such file or
directory
2015-09-11T16:24:25Z DEBUG args=/sbin/service sssd status
2015-09-11T16:24:25Z DEBUG stdout=sssd (pid 2824) is running...
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG args=/sbin/chkconfig sssd on
2015-09-11T16:24:25Z DEBUG stdout=
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG Backing up system configuration file
'/etc/openldap/ldap.conf'
2015-09-11T16:24:25Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:25Z INFO Configured /etc/openldap/ldap.conf
2015-09-11T16:24:25Z DEBUG args=getent passwd admin
2015-09-11T16:24:25Z DEBUG
stdout=admin:*:756600000:756600000:Administrator:/home/admin:/bin/bash
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG Backing up system configuration file
'/etc/ntp/step-tickers'
2015-09-11T16:24:25Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:25Z DEBUG args=/usr/sbin/selinuxenabled
2015-09-11T16:24:25Z DEBUG stdout=
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG args=/sbin/chkconfig ntpd
2015-09-11T16:24:25Z DEBUG stdout=
2015-09-11T16:24:25Z DEBUG stderr=
2015-09-11T16:24:25Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:25Z DEBUG Saving StateFile to
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-09-11T16:24:25Z DEBUG Backing up system configuration file
'/etc/ntp.conf'
2015-09-11T16:24:25Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:26Z DEBUG args=/usr/sbin/selinuxenabled
2015-09-11T16:24:26Z DEBUG stdout=
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z DEBUG Backing up system configuration file
'/etc/sysconfig/ntpd'
2015-09-11T16:24:26Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:26Z DEBUG args=/usr/sbin/selinuxenabled
2015-09-11T16:24:26Z DEBUG stdout=
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z DEBUG args=/sbin/chkconfig ntpd on
2015-09-11T16:24:26Z DEBUG stdout=
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z DEBUG args=/sbin/service ntpd restart
2015-09-11T16:24:26Z DEBUG stdout=Shutting down ntpd:
�[60G[�[0;31mFAILED�[0;39m]
Starting ntpd: �[60G[�[0;32m OK �[0;39m]
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z DEBUG args=/sbin/service ntpd status
2015-09-11T16:24:26Z DEBUG stdout=ntpd (pid 2865) is running...
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z INFO NTP enabled
2015-09-11T16:24:26Z DEBUG Backing up system configuration file
'/etc/ssh/ssh_config'
2015-09-11T16:24:26Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:26Z INFO Configured /etc/ssh/ssh_config
2015-09-11T16:24:26Z DEBUG Backing up system configuration file
'/etc/ssh/sshd_config'
2015-09-11T16:24:26Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-09-11T16:24:26Z DEBUG args=sshd -t -f /dev/null -o
AuthorizedKeysCommand=
2015-09-11T16:24:26Z DEBUG stdout=
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:26Z INFO Configured /etc/ssh/sshd_config
2015-09-11T16:24:26Z DEBUG args=/sbin/service sshd status
2015-09-11T16:24:26Z DEBUG stdout=openssh-daemon (pid 5057) is running...
2015-09-11T16:24:26Z DEBUG stderr=
2015-09-11T16:24:27Z DEBUG args=/sbin/service sshd restart
2015-09-11T16:24:27Z DEBUG stdout=Stopping sshd: �[60G[�[0;32m OK �[0;39m]
Starting sshd: �[60G[�[0;32m OK �[0;39m]
2015-09-11T16:24:27Z DEBUG stderr=
2015-09-11T16:24:27Z DEBUG args=/sbin/service sshd status
2015-09-11T16:24:27Z DEBUG stdout=openssh-daemon (pid 2908) is running...
2015-09-11T16:24:27Z DEBUG stderr=
2015-09-11T16:24:27Z INFO Client configuration complete.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
