I have been trying to figure this out for a while now but when I join a machine to FreeIPA, the installer properly creates forward DNS entries, and DNSSSHFP entries, but does not create reverse entries. Without the PTR records, kerberos logins are always failing on these machines.
The reverse zones exist, all DNS is managed by FreeIPA, and I am able to manually add the entries just fine. Environment : Servers : CentOS7, FreeIPA 4.1.4 Clients : CentOS 6.5, FreeIPA client 3.0.0-42 I have tried this both with the Internal FreeIPA 'admin' user as the join user and as another user called 'joinscript' which has the host enrollment and DNS administrator privileges. Here is the ipa-client install log: 2015-09-11T16:24:05Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': True, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'server': None, 'no_nisdomain': False, 'principal': 'joinscript', 'hostname': 'ipaclient.ipadomain.net', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': None, 'dns_updates': True, 'conf_sudo': True, 'conf_ssh': True, 'force_join': True, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-09-11T16:24:05Z DEBUG missing options might be asked for interactively later 2015-09-11T16:24:05Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:05Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:05Z DEBUG [IPA Discovery] 2015-09-11T16:24:05Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=ipaclient.ipadomain.net 2015-09-11T16:24:05Z DEBUG Start searching for LDAP SRV record in "ipadomain.net" (domain of the hostname) and its sub-domains 2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of _ldap._tcp.ipadomain.net. 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc1.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc2.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG [Kerberos realm search] 2015-09-11T16:24:05Z DEBUG Search DNS for TXT record of _kerberos.ipadomain.net. 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_kerberos.ipadomain.net.,type:16,class:1,rdata={data:ipadomain.net} 2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of _kerberos._udp.ipadomain.net. 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_kerberos._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:dc2.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_kerberos._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:dc1.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG [LDAP server check] 2015-09-11T16:24:05Z DEBUG Verifying that dc1.ipadomain.net (realm ipadomain.net) is an IPA server 2015-09-11T16:24:05Z DEBUG Init LDAP connection with: ldap://dc1.ipadomain.net:389 2015-09-11T16:24:05Z DEBUG Search LDAP server for IPA base DN 2015-09-11T16:24:05Z DEBUG Check if naming context 'dc=ipadomain,dc=net' is for IPA 2015-09-11T16:24:05Z DEBUG Naming context 'dc=ipadomain,dc=net' is a valid IPA context 2015-09-11T16:24:05Z DEBUG Search for (objectClass=krbRealmContainer) in dc=ipadomain,dc=net (sub) 2015-09-11T16:24:05Z DEBUG Found: cn=ipadomain.net,cn=kerberos,dc=ipadomain,dc=net 2015-09-11T16:24:05Z DEBUG Discovery result: Success; server=dc1.ipadomain.net, domain=ipadomain.net, kdc=dc2.ipadomain.net,dc1.ipadomain.net, basedn=dc=ipadomain,dc=net 2015-09-11T16:24:05Z DEBUG Validated servers: dc1.ipadomain.net 2015-09-11T16:24:05Z DEBUG will use discovered domain: ipadomain.net 2015-09-11T16:24:05Z DEBUG Start searching for LDAP SRV record in "ipadomain.net" (Validating DNS Discovery) and its sub-domains 2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of _ldap._tcp.ipadomain.net. 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc2.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ldap._tcp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:dc1.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG DNS validated, enabling discovery 2015-09-11T16:24:05Z DEBUG will use discovered server: dc1.ipadomain.net 2015-09-11T16:24:05Z INFO Discovery was successful! 2015-09-11T16:24:05Z DEBUG will use discovered realm: ipadomain.net 2015-09-11T16:24:05Z DEBUG will use discovered basedn: dc=ipadomain,dc=net 2015-09-11T16:24:05Z INFO Hostname: ipaclient.ipadomain.net 2015-09-11T16:24:05Z DEBUG Hostname source: Provided as option 2015-09-11T16:24:05Z INFO Realm: ipadomain.net 2015-09-11T16:24:05Z DEBUG Realm source: Discovered from LDAP DNS records in dc1.ipadomain.net 2015-09-11T16:24:05Z INFO DNS Domain: ipadomain.net 2015-09-11T16:24:05Z DEBUG DNS Domain source: Discovered LDAP SRV records from ipadomain.net (domain of the hostname) 2015-09-11T16:24:05Z INFO IPA Server: dc1.ipadomain.net 2015-09-11T16:24:05Z DEBUG IPA Server source: Discovered from LDAP DNS records in dc1.ipadomain.net 2015-09-11T16:24:05Z INFO BaseDN: dc=ipadomain,dc=net 2015-09-11T16:24:05Z DEBUG BaseDN source: From IPA server ldap://dc1.ipadomain.net:389 2015-09-11T16:24:05Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r ipadomain.net 2015-09-11T16:24:05Z DEBUG stdout= 2015-09-11T16:24:05Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory 2015-09-11T16:24:05Z DEBUG args=/bin/hostname ipaclient.ipadomain.net 2015-09-11T16:24:05Z DEBUG stdout= 2015-09-11T16:24:05Z DEBUG stderr= 2015-09-11T16:24:05Z DEBUG Backing up system configuration file '/etc/sysconfig/network' 2015-09-11T16:24:05Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:05Z DEBUG args=/usr/sbin/selinuxenabled 2015-09-11T16:24:05Z DEBUG stdout= 2015-09-11T16:24:05Z DEBUG stderr= 2015-09-11T16:24:05Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:05Z INFO Synchronizing time with KDC... 2015-09-11T16:24:05Z DEBUG Search DNS for SRV record of _ntp._udp.ipadomain.net. 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ntp._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:dc1.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG DNS record found: DNSResult::name:_ntp._udp.ipadomain.net.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:dc2.ipadomain.net.} 2015-09-11T16:24:05Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v dc1.ipadomain.net 2015-09-11T16:24:05Z DEBUG stdout= 2015-09-11T16:24:05Z DEBUG stderr= 2015-09-11T16:24:05Z DEBUG Writing Kerberos configuration to /tmp/tmpfa2hME: 2015-09-11T16:24:05Z DEBUG #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = ipadomain.net dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] ipadomain.net = { kdc = dc1.ipadomain.net:88 master_kdc = dc1.ipadomain.net:88 admin_server = dc1.ipadomain.net:749 default_domain = ipadomain.net pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .ipadomain.net = ipadomain.net ipadomain.net = ipadomain.net 2015-09-11T16:24:05Z DEBUG args=kinit joinscr...@ipadomain.net 2015-09-11T16:24:05Z DEBUG stdout=Password for joinscr...@ipadomain.net: 2015-09-11T16:24:05Z DEBUG stderr= 2015-09-11T16:24:05Z DEBUG trying to retrieve CA cert via LDAP from ldap://dc1.ipadomain.net 2015-09-11T16:24:06Z INFO Successfully retrieved CA cert Subject: CN=Certificate Authority,O=ipadomain.net Issuer: CN=Certificate Authority,O=ipadomain.net Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC 2015-09-11T16:24:07Z DEBUG args=/usr/sbin/ipa-join -s dc1.ipadomain.net -b dc=ipadomain,dc=net -h ipaclient.ipadomain.net -f 2015-09-11T16:24:07Z DEBUG stdout= 2015-09-11T16:24:07Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=ipadomain.net 2015-09-11T16:24:07Z INFO Enrolled in IPA realm ipadomain.net 2015-09-11T16:24:07Z DEBUG args=kdestroy 2015-09-11T16:24:07Z DEBUG stdout= 2015-09-11T16:24:07Z DEBUG stderr= 2015-09-11T16:24:07Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:07Z DEBUG stdout= 2015-09-11T16:24:07Z DEBUG stderr= 2015-09-11T16:24:07Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2015-09-11T16:24:07Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2015-09-11T16:24:07Z INFO Created /etc/ipa/default.conf 2015-09-11T16:24:07Z DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' 2015-09-11T16:24:07Z DEBUG args=klist -V 2015-09-11T16:24:07Z DEBUG stdout=Kerberos 5 version 1.10.3 2015-09-11T16:24:07Z DEBUG stderr= 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' 2015-09-11T16:24:07Z DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' 2015-09-11T16:24:08Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2015-09-11T16:24:08Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist 2015-09-11T16:24:08Z INFO New SSSD config will be created 2015-09-11T16:24:08Z DEBUG Backing up system configuration file '/etc/nsswitch.conf' 2015-09-11T16:24:08Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:08Z INFO Configured sudoers in /etc/nsswitch.conf 2015-09-11T16:24:08Z INFO Configured /etc/sssd/sssd.conf 2015-09-11T16:24:08Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2015-09-11T16:24:08Z DEBUG stdout= 2015-09-11T16:24:08Z DEBUG stderr= 2015-09-11T16:24:08Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2015-09-11T16:24:08Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:08Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: 2015-09-11T16:24:08Z DEBUG #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = ipadomain.net dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] ipadomain.net = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .ipadomain.net = ipadomain.net ipadomain.net = ipadomain.net 2015-09-11T16:24:08Z INFO Configured /etc/krb5.conf for IPA realm ipadomain.net 2015-09-11T16:24:08Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:08Z DEBUG stdout= 2015-09-11T16:24:08Z DEBUG stderr=keyctl_search: Required key not available 2015-09-11T16:24:09Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:09Z DEBUG stdout= 2015-09-11T16:24:09Z DEBUG stderr=keyctl_search: Required key not available 2015-09-11T16:24:09Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipaclient.ipadomain....@ipadomain.net' 2015-09-11T16:24:09Z INFO trying https://dc1.ipadomain.net/ipa/xml 2015-09-11T16:24:09Z DEBUG NSSConnection init dc1.ipadomain.net 2015-09-11T16:24:09Z DEBUG Connecting: 10.21.0.99:0 2015-09-11T16:24:09Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ipadomain.net Validity: Not Before: Wed Mar 25 18:49:48 2015 UTC Not After: Sat Mar 25 18:49:48 2017 UTC Subject: CN=dc1.ipadomain.net,O=ipadomain.net Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b: af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c: 32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8: 18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da: a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc: d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3: a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00: f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4: c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10: fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04: 28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8: 1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8: 3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70: 0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2: 16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2: 5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1: 65:eb:9b:60 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0: 19:a1:b7:c6 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14: 78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc: b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4: 4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46: 34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66: 37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2: 96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55: aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96: 45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a: aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96: 21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5: a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c: b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77: 7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40: 4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26: 21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70 Fingerprint (MD5): 00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e Fingerprint (SHA1): 6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa: a8:3b:8c:aa 2015-09-11T16:24:09Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-09-11T16:24:09Z DEBUG cert valid True for "CN=dc1.ipadomain.net,O=ipadomain.net" 2015-09-11T16:24:09Z DEBUG handshake complete, peer = 10.21.0.99:443 2015-09-11T16:24:10Z DEBUG received Set-Cookie 'ipa_session=1509570e24e6e2a523849d0eaefc3284; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:09 GMT; Secure; HttpOnly' 2015-09-11T16:24:10Z DEBUG storing cookie 'ipa_session=1509570e24e6e2a523849d0eaefc3284; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:09 GMT; Secure; HttpOnly' for principal host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG stdout= 2015-09-11T16:24:10Z DEBUG stderr=keyctl_search: Required key not available 2015-09-11T16:24:10Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG stdout= 2015-09-11T16:24:10Z DEBUG stderr=keyctl_search: Required key not available 2015-09-11T16:24:10Z DEBUG args=keyctl padd user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net @s 2015-09-11T16:24:10Z DEBUG stdout=371130706 2015-09-11T16:24:10Z DEBUG stderr= 2015-09-11T16:24:10Z DEBUG Created connection context.xmlclient 2015-09-11T16:24:10Z DEBUG raw: env(None, server=True) 2015-09-11T16:24:10Z DEBUG env(None, server=True, all=True) 2015-09-11T16:24:10Z INFO Forwarding 'env' to server u'https://dc1.ipadomain.net/ipa/xml' 2015-09-11T16:24:10Z DEBUG NSSConnection init dc1.ipadomain.net 2015-09-11T16:24:10Z DEBUG Connecting: 10.21.0.99:0 2015-09-11T16:24:10Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ipadomain.net Validity: Not Before: Wed Mar 25 18:49:48 2015 UTC Not After: Sat Mar 25 18:49:48 2017 UTC Subject: CN=dc1.ipadomain.net,O=ipadomain.net Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b: af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c: 32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8: 18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da: a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc: d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3: a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00: f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4: c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10: fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04: 28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8: 1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8: 3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70: 0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2: 16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2: 5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1: 65:eb:9b:60 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0: 19:a1:b7:c6 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14: 78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc: b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4: 4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46: 34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66: 37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2: 96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55: aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96: 45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a: aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96: 21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5: a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c: b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77: 7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40: 4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26: 21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70 Fingerprint (MD5): 00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e Fingerprint (SHA1): 6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa: a8:3b:8c:aa 2015-09-11T16:24:10Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-09-11T16:24:10Z DEBUG cert valid True for "CN=dc1.ipadomain.net,O=ipadomain.net" 2015-09-11T16:24:10Z DEBUG handshake complete, peer = 10.21.0.99:443 2015-09-11T16:24:10Z DEBUG received Set-Cookie 'ipa_session=c95bf33d955de3ac42471d808c43ac90; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:10 GMT; Secure; HttpOnly' 2015-09-11T16:24:10Z DEBUG storing cookie 'ipa_session=c95bf33d955de3ac42471d808c43ac90; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:10 GMT; Secure; HttpOnly' for principal host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG stdout=371130706 2015-09-11T16:24:10Z DEBUG stderr= 2015-09-11T16:24:10Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:10Z DEBUG stdout=371130706 2015-09-11T16:24:10Z DEBUG stderr= 2015-09-11T16:24:10Z DEBUG args=keyctl pupdate 371130706 2015-09-11T16:24:10Z DEBUG stdout= 2015-09-11T16:24:10Z DEBUG stderr= 2015-09-11T16:24:10Z WARNING Hostname (ipaclient.ipadomain.net) not found in DNS 2015-09-11T16:24:10Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2015-09-11T16:24:10Z DEBUG zone ipadomain.net. update delete ipaclient.ipadomain.net. IN A send update add ipaclient.ipadomain.net. 1200 IN A 10.178.37.49 send 2015-09-11T16:24:11Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2015-09-11T16:24:11Z DEBUG stdout= 2015-09-11T16:24:11Z DEBUG stderr= 2015-09-11T16:24:11Z INFO DNS server record set to: ipaclient.ipadomain.net -> 10.178.37.49 2015-09-11T16:24:11Z DEBUG args=/sbin/service messagebus start 2015-09-11T16:24:11Z DEBUG stdout=Starting system message bus: 2015-09-11T16:24:11Z DEBUG stderr= 2015-09-11T16:24:11Z DEBUG args=/sbin/service messagebus status 2015-09-11T16:24:11Z DEBUG stdout=messagebus (pid 4923) is running... 2015-09-11T16:24:11Z DEBUG stderr= 2015-09-11T16:24:11Z DEBUG args=/sbin/service certmonger restart 2015-09-11T16:24:11Z DEBUG stdout=Stopping certmonger: [60G[[0;31mFAILED[0;39m] Starting certmonger: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:11Z DEBUG stderr= 2015-09-11T16:24:11Z DEBUG args=/sbin/service certmonger status 2015-09-11T16:24:11Z DEBUG stdout=certmonger (pid 2604) is running... 2015-09-11T16:24:11Z DEBUG stderr= 2015-09-11T16:24:15Z DEBUG args=/sbin/service certmonger stop 2015-09-11T16:24:15Z DEBUG stdout=Stopping certmonger: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:15Z DEBUG stderr= 2015-09-11T16:24:19Z DEBUG args=/sbin/service certmonger restart 2015-09-11T16:24:19Z DEBUG stdout=Stopping certmonger: [60G[[0;31mFAILED[0;39m] Starting certmonger: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:19Z DEBUG stderr= 2015-09-11T16:24:19Z DEBUG args=/sbin/service certmonger status 2015-09-11T16:24:19Z DEBUG stdout=certmonger (pid 2669) is running... 2015-09-11T16:24:19Z DEBUG stderr= 2015-09-11T16:24:19Z DEBUG args=/sbin/chkconfig certmonger on 2015-09-11T16:24:19Z DEBUG stdout= 2015-09-11T16:24:19Z DEBUG stderr= 2015-09-11T16:24:22Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - ipaclient.ipadomain.net -N CN=ipaclient.ipadomain.net,O=ipadomain.net -K host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:22Z DEBUG stdout=New signing request "20150911162421" added. 2015-09-11T16:24:22Z DEBUG stderr= 2015-09-11T16:24:22Z INFO Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub 2015-09-11T16:24:22Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub 2015-09-11T16:24:22Z DEBUG raw: host_mod(u'ipaclient.ipadomain.net', ipasshpubkey=[u'ssh-dss AAAAB3NzaC1kc3MAAACBAJGrv+zwBF4eML1Kl3wezXIKb6JHxDck8xqZizCxN7JD3IcJBCWU11w8O7ZrKgLm1x7Eu7Ztd7IRCHHyrv+GRC8W76vms9guupvPikfz94DGiQbj+NSG0yOX2kNJuSMya5zctzygsTrWQesL9t+RVNn5Z/TWSJj2QXpzWwXxCh/JAAAAFQCVD4id71lkdvtguRT0uyjvbd+wTwAAAIAHJwMvVemce0Tsxl9cisjsUWRx75R42pelGOtN0/gpbfEMIDFVG9nNB+xdoVzo0xZHe3t4uybOohB5m7QvPeNSiTvMokfqJYnle7F1OK/KGRIq32z8vpV3ldVcN/6dno8Lf3za3taqKqL8C5BfALmO2YAsh+1T+rkpJijxqYJIGgAAAIBbc2PSnSbKl0jhdy7dyYcQCSGZ2J4xJaP5fZvm8N7yiNXmoGETiWL+oWo9AYmsrrN70KSFceKAsWCcoMxFuDcuRNYH/8Lu85Wh2tIWiKgtYum6hpFsMTPvlvc++bJBMzCITjfraxENTcjzMFdP/kBDLpGQOxtlfsFX+HTyBwLynQ==', u'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxFZBLiL1qo7ZgBiCFhGMmfKESbXr8aC2DmAy0pCg/VtmFWRC/QeWxceM6uhQaDedWOOcsHstT+0RThWrlDq4zUWqFaBx1jNqIj2TJa2wK0BtZrM/DvrnhgovGbiFxYwa/Cl/rlYwNj2v7f3+YItXl9iyxKqdF6kcFloPQeTGafUjx36RDWwk+SL3PeyqsszDEEQuSqRK1ZVShEpQYsVQo/bbP6Juyj3drFo9dIEVZw651whiv+wofKSCU8FD9PYFIqk2ncktPYMq/KBmHflfNl2jvYUUmldwlj1C8EhQ0zQBTZu1/HLrjPJVhOXHQ29D5uvmrR4cTqMZ+XibD7nz0w=='], updatedns=False) 2015-09-11T16:24:22Z DEBUG host_mod(u'ipaclient.ipadomain.net', random=False, ipasshpubkey=(u'ssh-dss AAAAB3NzaC1kc3MAAACBAJGrv+zwBF4eML1Kl3wezXIKb6JHxDck8xqZizCxN7JD3IcJBCWU11w8O7ZrKgLm1x7Eu7Ztd7IRCHHyrv+GRC8W76vms9guupvPikfz94DGiQbj+NSG0yOX2kNJuSMya5zctzygsTrWQesL9t+RVNn5Z/TWSJj2QXpzWwXxCh/JAAAAFQCVD4id71lkdvtguRT0uyjvbd+wTwAAAIAHJwMvVemce0Tsxl9cisjsUWRx75R42pelGOtN0/gpbfEMIDFVG9nNB+xdoVzo0xZHe3t4uybOohB5m7QvPeNSiTvMokfqJYnle7F1OK/KGRIq32z8vpV3ldVcN/6dno8Lf3za3taqKqL8C5BfALmO2YAsh+1T+rkpJijxqYJIGgAAAIBbc2PSnSbKl0jhdy7dyYcQCSGZ2J4xJaP5fZvm8N7yiNXmoGETiWL+oWo9AYmsrrN70KSFceKAsWCcoMxFuDcuRNYH/8Lu85Wh2tIWiKgtYum6hpFsMTPvlvc++bJBMzCITjfraxENTcjzMFdP/kBDLpGQOxtlfsFX+HTyBwLynQ==', u'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxFZBLiL1qo7ZgBiCFhGMmfKESbXr8aC2DmAy0pCg/VtmFWRC/QeWxceM6uhQaDedWOOcsHstT+0RThWrlDq4zUWqFaBx1jNqIj2TJa2wK0BtZrM/DvrnhgovGbiFxYwa/Cl/rlYwNj2v7f3+YItXl9iyxKqdF6kcFloPQeTGafUjx36RDWwk+SL3PeyqsszDEEQuSqRK1ZVShEpQYsVQo/bbP6Juyj3drFo9dIEVZw651whiv+wofKSCU8FD9PYFIqk2ncktPYMq/KBmHflfNl2jvYUUmldwlj1C8EhQ0zQBTZu1/HLrjPJVhOXHQ29D5uvmrR4cTqMZ+XibD7nz0w=='), rights=False, updatedns=False, all=False, raw=False, no_members=False) 2015-09-11T16:24:22Z INFO Forwarding 'host_mod' to server u'https://dc1.ipadomain.net/ipa/xml' 2015-09-11T16:24:22Z DEBUG NSSConnection init dc1.ipadomain.net 2015-09-11T16:24:22Z DEBUG Connecting: 10.21.0.99:0 2015-09-11T16:24:22Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ipadomain.net Validity: Not Before: Wed Mar 25 18:49:48 2015 UTC Not After: Sat Mar 25 18:49:48 2017 UTC Subject: CN=dc1.ipadomain.net,O=ipadomain.net Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:d1:8b:93:de:09:72:e1:2e:48:fd:6b:a0:5a:e2:2b: af:b8:fa:c1:d7:e1:da:a3:8f:1f:4b:a7:47:cf:d1:8c: 32:77:37:7e:3b:73:ce:77:c6:74:f9:1e:4e:83:1d:f8: 18:d2:10:2b:a9:42:d0:6d:8c:45:36:52:d7:82:2f:da: a7:18:3a:7b:c5:9b:34:e5:87:e3:45:12:61:34:50:cc: d7:40:27:22:ce:f4:22:e9:1d:3b:3c:13:bb:14:32:c3: a8:0e:b1:85:a1:7e:28:11:92:6c:1e:40:01:98:eb:00: f2:cc:06:22:84:40:93:6a:a3:29:df:c0:5f:36:28:a4: c2:ae:89:c9:32:46:2b:8d:08:cc:15:99:2b:e9:05:10: fb:7e:af:6d:7d:0c:37:80:56:1e:fd:d7:06:e8:ff:04: 28:87:d8:8c:57:0a:cc:02:af:bc:be:92:cd:ee:a6:c8: 1a:8f:2a:0e:31:24:86:f5:68:95:08:d0:d6:97:80:e8: 3e:ee:4a:aa:f5:40:6b:e2:2a:84:71:1b:85:a8:92:70: 0b:2b:b2:c5:d0:5d:9e:c3:29:6c:3d:ac:12:e2:1c:c2: 16:f0:d2:6d:7e:06:90:b6:a2:ac:f9:7f:bf:d3:fc:a2: 5c:41:18:c4:69:84:25:73:8c:e1:e5:5e:4f:1a:ae:ef Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: cd:7d:41:02:e9:c8:84:1b:4d:0e:f0:7f:63:7a:48:c1: 65:eb:9b:60 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.ipadomain.net/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 54:fc:0c:52:ce:43:8e:e2:db:b7:cb:96:9f:96:13:b0: 19:a1:b7:c6 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 05:c1:eb:67:84:5f:f9:65:f1:7f:8a:07:0c:0b:98:14: 78:df:65:b4:e2:a4:4f:9b:83:31:21:63:d7:d1:e3:bc: b8:cd:30:bc:9c:11:e3:2c:a7:e8:ec:41:7d:d3:29:a4: 4c:42:d1:a3:86:a5:84:84:f7:12:70:a3:99:44:26:46: 34:b7:eb:89:3e:02:b3:a4:e7:43:f6:34:91:41:99:66: 37:96:e0:83:17:90:2c:e3:a4:f8:fd:3b:5d:a9:c6:a2: 96:29:21:9c:90:da:2f:c3:83:17:6e:3c:32:fb:e4:55: aa:65:28:b0:b6:eb:0f:25:63:2b:76:4a:88:f4:52:96: 45:33:96:cd:12:17:f4:a8:af:99:14:b2:76:ce:85:5a: aa:ca:73:ea:16:7c:2b:4e:03:81:11:d8:c1:de:d4:96: 21:eb:d6:a5:61:ca:fd:b2:e9:a3:be:1c:59:bf:e9:d5: a5:73:15:99:d7:a4:8b:2d:46:df:e3:f2:b7:38:de:2c: b5:66:58:33:37:a7:6c:5a:3c:ce:5c:11:b2:88:15:77: 7f:6c:e8:7a:37:7a:b2:d7:39:3b:9a:de:ff:10:ad:40: 4b:95:58:26:f1:07:61:90:00:45:37:9a:d9:a7:42:26: 21:ed:ca:54:a9:3e:18:04:3e:aa:a8:a2:9c:94:c2:70 Fingerprint (MD5): 00:88:e0:87:e7:a9:3a:08:d1:f4:4c:e0:57:e9:c9:6e Fingerprint (SHA1): 6e:d8:f8:7b:44:63:47:84:8c:97:58:14:d8:a0:8e:aa: a8:3b:8c:aa 2015-09-11T16:24:22Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-09-11T16:24:22Z DEBUG cert valid True for "CN=dc1.ipadomain.net,O=ipadomain.net" 2015-09-11T16:24:22Z DEBUG handshake complete, peer = 10.21.0.99:443 2015-09-11T16:24:22Z DEBUG received Set-Cookie 'ipa_session=cd117f44aa3f0e864e08d44d907e41b8; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:22 GMT; Secure; HttpOnly' 2015-09-11T16:24:22Z DEBUG storing cookie 'ipa_session=cd117f44aa3f0e864e08d44d907e41b8; Domain=dc1.ipadomain.net; Path=/ipa; Expires=Fri, 11 Sep 2015 16:44:22 GMT; Secure; HttpOnly' for principal host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:22Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:22Z DEBUG stdout=371130706 2015-09-11T16:24:22Z DEBUG stderr= 2015-09-11T16:24:22Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipaclient.ipadomain....@ipadomain.net 2015-09-11T16:24:22Z DEBUG stdout=371130706 2015-09-11T16:24:22Z DEBUG stderr= 2015-09-11T16:24:22Z DEBUG args=keyctl pupdate 371130706 2015-09-11T16:24:22Z DEBUG stdout= 2015-09-11T16:24:22Z DEBUG stderr= 2015-09-11T16:24:22Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2015-09-11T16:24:22Z DEBUG zone ipadomain.net. update delete ipaclient.ipadomain.net. IN SSHFP send update add ipaclient.ipadomain.net. 1200 IN SSHFP 2 1 A26C52744E6753985750E3C2B1C2B10960205317 update add ipaclient.ipadomain.net. 1200 IN SSHFP 1 1 FB6DC352D37F1726884DB2BD2976C8DEB571C3E3 send 2015-09-11T16:24:23Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2015-09-11T16:24:23Z DEBUG stdout= 2015-09-11T16:24:23Z DEBUG stderr= 2015-09-11T16:24:23Z DEBUG args=/sbin/service nscd status 2015-09-11T16:24:23Z DEBUG stdout= 2015-09-11T16:24:23Z DEBUG stderr=nscd: unrecognized service 2015-09-11T16:24:23Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:23Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:23Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:24Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd 2015-09-11T16:24:24Z DEBUG stdout=Starting oddjobd: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:24Z DEBUG stderr= 2015-09-11T16:24:24Z INFO SSSD enabled 2015-09-11T16:24:24Z INFO Configuring ipadomain.net as NIS domain 2015-09-11T16:24:24Z DEBUG args=/bin/nisdomainname 2015-09-11T16:24:24Z DEBUG stdout=(none) 2015-09-11T16:24:24Z DEBUG stderr= 2015-09-11T16:24:24Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:24Z DEBUG args=/usr/sbin/authconfig --update --nisdomain ipadomain.net 2015-09-11T16:24:24Z DEBUG stdout= 2015-09-11T16:24:24Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG args=/bin/nisdomainname ipadomain.net 2015-09-11T16:24:25Z DEBUG stdout= 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG args=/sbin/service sssd restart 2015-09-11T16:24:25Z DEBUG stdout=Stopping sssd: [60G[[0;31mFAILED[0;39m] Starting sssd: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:25Z DEBUG stderr=cat: /var/run/sssd.pid: No such file or directory 2015-09-11T16:24:25Z DEBUG args=/sbin/service sssd status 2015-09-11T16:24:25Z DEBUG stdout=sssd (pid 2824) is running... 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG args=/sbin/chkconfig sssd on 2015-09-11T16:24:25Z DEBUG stdout= 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG Backing up system configuration file '/etc/openldap/ldap.conf' 2015-09-11T16:24:25Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:25Z INFO Configured /etc/openldap/ldap.conf 2015-09-11T16:24:25Z DEBUG args=getent passwd admin 2015-09-11T16:24:25Z DEBUG stdout=admin:*:756600000:756600000:Administrator:/home/admin:/bin/bash 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG Backing up system configuration file '/etc/ntp/step-tickers' 2015-09-11T16:24:25Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:25Z DEBUG args=/usr/sbin/selinuxenabled 2015-09-11T16:24:25Z DEBUG stdout= 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG args=/sbin/chkconfig ntpd 2015-09-11T16:24:25Z DEBUG stdout= 2015-09-11T16:24:25Z DEBUG stderr= 2015-09-11T16:24:25Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:25Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-09-11T16:24:25Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2015-09-11T16:24:25Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:26Z DEBUG args=/usr/sbin/selinuxenabled 2015-09-11T16:24:26Z DEBUG stdout= 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2015-09-11T16:24:26Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:26Z DEBUG args=/usr/sbin/selinuxenabled 2015-09-11T16:24:26Z DEBUG stdout= 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z DEBUG args=/sbin/chkconfig ntpd on 2015-09-11T16:24:26Z DEBUG stdout= 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z DEBUG args=/sbin/service ntpd restart 2015-09-11T16:24:26Z DEBUG stdout=Shutting down ntpd: [60G[[0;31mFAILED[0;39m] Starting ntpd: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z DEBUG args=/sbin/service ntpd status 2015-09-11T16:24:26Z DEBUG stdout=ntpd (pid 2865) is running... 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z INFO NTP enabled 2015-09-11T16:24:26Z DEBUG Backing up system configuration file '/etc/ssh/ssh_config' 2015-09-11T16:24:26Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:26Z INFO Configured /etc/ssh/ssh_config 2015-09-11T16:24:26Z DEBUG Backing up system configuration file '/etc/ssh/sshd_config' 2015-09-11T16:24:26Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-09-11T16:24:26Z DEBUG args=sshd -t -f /dev/null -o AuthorizedKeysCommand= 2015-09-11T16:24:26Z DEBUG stdout= 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:26Z INFO Configured /etc/ssh/sshd_config 2015-09-11T16:24:26Z DEBUG args=/sbin/service sshd status 2015-09-11T16:24:26Z DEBUG stdout=openssh-daemon (pid 5057) is running... 2015-09-11T16:24:26Z DEBUG stderr= 2015-09-11T16:24:27Z DEBUG args=/sbin/service sshd restart 2015-09-11T16:24:27Z DEBUG stdout=Stopping sshd: [60G[[0;32m OK [0;39m] Starting sshd: [60G[[0;32m OK [0;39m] 2015-09-11T16:24:27Z DEBUG stderr= 2015-09-11T16:24:27Z DEBUG args=/sbin/service sshd status 2015-09-11T16:24:27Z DEBUG stdout=openssh-daemon (pid 2908) is running... 2015-09-11T16:24:27Z DEBUG stderr= 2015-09-11T16:24:27Z INFO Client configuration complete. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project