Hello Sumit ipa-client-install hasn't set krb5_realm. I did that.
We're using Chef-Solo to manage our systems and I have /etc/sssd/sssd.conf in chef. So it overwrote, whatever ipa-client-install put there. And that's how the mistake happened. I think the ipa-client-install discovered everything right. I'm attaching the log. Best regards, Alexander 2015-10-06 15:01 GMT+02:00 Sumit Bose <sb...@redhat.com>: > On Tue, Oct 06, 2015 at 11:26:42AM +0200, Alexander Skwar wrote: > > Hi > > > > With further debugging, I discovered, that I messed up the > > /etc/sssd/sssd.conf file. There, I added: > > > > … > > [domain/customer.company.internal] > > > > krb5_realm = customer.company.internal > > … > > > > > > > > Exactly like that. With "krb5_realm = customer.company.internal"; ie. > with > > the realm in lowercase letters. > > > > After having changed that to uppercase letters (ie. "krb5_realm = > > CUSTOMER.COMPANY.INTERNAL"), it works fine. > > Thank you for the feedback. Can you check /var/log/ipaclient-install.log > to see which realm ipa-client-install has discovered? In general > ipa-client-install should be able to determine the right realm. In your > case where domain and realm are the same except the case it shouldn't > have set krb5_realm at all. > > bye, > Sumit > > > > > > > > > Thanks for your time and help ;) > > > > Cheers, > > Alexander > > > > > > > > 2015-10-05 14:07 GMT+02:00 Sumit Bose <sb...@redhat.com>: > > > > > On Mon, Oct 05, 2015 at 09:00:13AM +0200, Alexander Skwar wrote: > > > > Hi > > > > > > > > Hm, there's nothing at all in the /var/log/sssd/krb5_child.log when > I try > > > > to login with SSH and enter a password. > > > > > > Can you try to increase the debug_level to 0xFFF0? > > > > > > > > > > > kinit doesn't work. > > > > > > > > $ kinit -k > > > > kinit: Permission denied while getting initial credentials > > > > > > > > For this test, I was root and then did a "su - user" and then "kinit > -k". > > > > Also after the "kinit -k", nothing is in the krb5_child.log. > > > > > > The 'kinit -k' has to be done as root. It will only check if the client > > > can connect to the KDC at all and tries to get a TGT for the host. > > > > > > It's expected that during this operation nothing is added to the SSSD > > > logs because the kinit utility work independent of SSSD. > > > > > > bye, > > > Sumit > > > > > > > > > > > Regards, > > > > Alexander > > > > > > > > > > > > 2015-10-02 17:59 GMT+02:00 Jakub Hrozek <jhro...@redhat.com>: > > > > > > > > > On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote: > > > > > > Hello > > > > > > > > > > > > How do I get password authentication to work with freeipa-client > > > > > > 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo? > > > > > > > > > > > > Long version follows :) > > > > > > > > > > > > We've got an IPA server with the Red Hat Identity Management > server > > > > > > on RHEL 7.1 servers; FreeIPA v4.1.0 is being used there. I > configured > > > > > > users and groups there and would now like to login with SSH. > When I > > > > > > store a SSH key for the user account, I can login just fine, > using > > > > > > this SSH key. But I'd like/need to use passwords as well. And > sudo > > > > > > also doesn't work, when it's asking for passwords - I supposed, > > > > > > it's the same root cause. > > > > > > > > > > > > Let's stick with SSH. > > > > > > > > > > > > Initially, I installed the FreeIPA client with this command line: > > > > > > > > > > > > ipa-client-install --force-join --mkhomedir --ssh-trust-dns \ > > > > > > --enable-dns-updates --unattended \ > > > > > > --principal=admin --password=correctone \ > > > > > > --domain=customer.company.internal \ > > > > > > --server=auth01.customer.company.internal > > > > > > > > > > > > I then try to do a SSH login with: > > > > > > > > > > > > ssh -l ewt@customer.company.internal 192.168.229.143 > > > > > > or: > > > > > > ssh -l ewt 192.168.229.143 > > > > > > > > > > > > Password authentication doesn't work. > > > > > > > > > > > > In the /var/log/syslog on the system where I try to login, I find > > > this: > > > > > > > > > > > > 2015-10-02T15:33:38.771291+02:00 mgmt02 > > > [sssd[krb5_child[14154]]]: > > > > > > Key table entry not found > > > > > > > > > > > > After having turned up the debug level of the sssd with "sssd -i > -f > > > -d > > > > > > 0x0770 --debug-timestamps=1", I find the following in the system > log > > > > > > files: > > > > > > > > > > > > 2015-10-02T15:40:48.756399+02:00 mgmt02 sshd[14194]: > > > > > > pam_unix(sshd:auth): authentication failure; logname= uid=0 > euid=0 > > > > > > tty=ssh ruser= rhost=212.71.117.1 user=ewt > > > > > > 2015-10-02T15:40:48.775896+02:00 mgmt02 sshd[14194]: > > > > > > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > > > > > > tty=ssh ruser= rhost=212.71.117.1 user=ewt > > > > > > 2015-10-02T15:40:48.775927+02:00 mgmt02 sshd[14194]: > > > > > > pam_sss(sshd:auth): received for user ewt: 4 (System error) > > > > > > 2015-10-02T15:40:50.988591+02:00 mgmt02 sshd[14194]: Failed > > > > > > password for ewt from 212.71.117.1 port 58136 ssh2 > > > > > > > > > > > > TBH, I don't quite understand it. Anyway, in > > > > > > /var/log/sssd/sssd_customer.company.internal.log I noticed: > > > > > > > > > > > > (Fri Oct 2 15:46:26 2015) > [sssd[be[customer.company.internal]]] > > > > > > [read_pipe_handler] (0x0400): EOF received, client finished > > > > > > (Fri Oct 2 15:46:26 2015) > [sssd[be[customer.company.internal]]] > > > > > > [parse_krb5_child_response] (0x0020): message too short. > > > > > > (Fri Oct 2 15:46:26 2015) > [sssd[be[customer.company.internal]]] > > > > > > [krb5_auth_done] (0x0040): Could not parse child response [22]: > > > > > > Invalid argument > > > > > > (Fri Oct 2 15:46:26 2015) > [sssd[be[customer.company.internal]]] > > > > > > [ipa_auth_handler_done] (0x0040): krb5_auth_recv request failed. > > > > > > > > > > > > Well… What am I doing wrong or what might I have forgotten? > > > > > > > > > > We need to also see the krb5_child.log but please check if the > keytab > > > is > > > > > correct (ie kinit -k works). > > > > > > > > > > -- > > > > > Manage your subscription for the Freeipa-users mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > Go to http://freeipa.org for more info on the project > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Alexander > > > > -- > > > > => *Google+* => http://plus.skwar.me <== > > > > => *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <== > > > > > > > -- > > > > Manage your subscription for the Freeipa-users mailing list: > > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > Go to http://freeipa.org for more info on the project > > > > > > > > > > > > -- > > > > > > Alexander > > -- > > => *Google+* => http://plus.skwar.me <== > > => *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <== > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- Alexander -- => *Google+* => http://plus.skwar.me <== => *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <==
2015-10-06T09:11:36Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'customer.company.internal', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': True, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': ['auth01-ka.customer.company.internal'], 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-10-06T09:11:36Z DEBUG missing options might be asked for interactively later 2015-10-06T09:11:36Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:36Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/service chronyd status 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr=chronyd: unrecognized service 2015-10-06T09:11:36Z DEBUG [IPA Discovery] 2015-10-06T09:11:36Z DEBUG Starting IPA discovery with domain=customer.company.internal, servers=['auth01-ka.customer.company.internal'], hostname=mgmt02-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Server and domain forced 2015-10-06T09:11:36Z DEBUG [Kerberos realm search] 2015-10-06T09:11:36Z DEBUG Search DNS for TXT record of _kerberos.customer.company.internal 2015-10-06T09:11:36Z DEBUG DNS record found: "CUSTOMER.COMPANY.INTERNAL" 2015-10-06T09:11:36Z DEBUG Search DNS for SRV record of _kerberos._udp.customer.company.internal 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth02-prod.customer.company.internal. 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth01-prod.customer.company.internal. 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth01-ka.customer.company.internal. 2015-10-06T09:11:36Z DEBUG [LDAP server check] 2015-10-06T09:11:36Z DEBUG Verifying that auth01-ka.customer.company.internal (realm CUSTOMER.COMPANY.INTERNAL) is an IPA server 2015-10-06T09:11:36Z DEBUG Init LDAP connection to: auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Search LDAP server for IPA base DN 2015-10-06T09:11:36Z DEBUG Check if naming context 'dc=snbng,dc=everyware,dc=internal' is for IPA 2015-10-06T09:11:36Z DEBUG Naming context 'dc=snbng,dc=everyware,dc=internal' is a valid IPA context 2015-10-06T09:11:36Z DEBUG Search for (objectClass=krbRealmContainer) in dc=snbng,dc=everyware,dc=internal (sub) 2015-10-06T09:11:36Z DEBUG Found: cn=CUSTOMER.COMPANY.INTERNAL,cn=kerberos,dc=snbng,dc=everyware,dc=internal 2015-10-06T09:11:36Z DEBUG Discovery result: Success; server=auth01-ka.customer.company.internal, domain=customer.company.internal, kdc=auth02-prod.customer.company.internal,auth01-prod.customer.company.internal,auth01-ka.customer.company.internal, basedn=dc=snbng,dc=everyware,dc=internal 2015-10-06T09:11:36Z DEBUG Validated servers: auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG will use discovered domain: customer.company.internal 2015-10-06T09:11:36Z DEBUG Using servers from command line, disabling DNS discovery 2015-10-06T09:11:36Z DEBUG will use provided server: auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG will use discovered realm: CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:36Z DEBUG will use discovered basedn: dc=snbng,dc=everyware,dc=internal 2015-10-06T09:11:36Z INFO Hostname: mgmt02-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Hostname source: Machine's FQDN 2015-10-06T09:11:36Z INFO Realm: CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:36Z DEBUG Realm source: Discovered from LDAP DNS records in auth01-ka.customer.company.internal 2015-10-06T09:11:36Z INFO DNS Domain: customer.company.internal 2015-10-06T09:11:36Z DEBUG DNS Domain source: Forced 2015-10-06T09:11:36Z INFO IPA Server: auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG IPA Server source: Provided as option 2015-10-06T09:11:36Z INFO BaseDN: dc=snbng,dc=everyware,dc=internal 2015-10-06T09:11:36Z DEBUG BaseDN source: From IPA server ldap://auth01-ka.customer.company.internal:389 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:36Z DEBUG Process finished, return code=3 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory 2015-10-06T09:11:36Z INFO Synchronizing time with KDC... 2015-10-06T09:11:36Z DEBUG Search DNS for SRV record of _ntp._udp.customer.company.internal 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth01-ka.customer.company.internal. 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth02-prod.customer.company.internal. 2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth01-prod.customer.company.internal. 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal 2015-10-06T09:11:36Z DEBUG Process finished, return code=1 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z WARNING Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=keyctl get_persistent @s 0 2015-10-06T09:11:36Z DEBUG Process finished, return code=2 2015-10-06T09:11:36Z DEBUG stdout= 2015-10-06T09:11:36Z DEBUG stderr=Unknown command 2015-10-06T09:11:36Z DEBUG Writing Kerberos configuration to /tmp/tmpxjOLEw: 2015-10-06T09:11:36Z DEBUG #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = CUSTOMER.COMPANY.INTERNAL dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] CUSTOMER.COMPANY.INTERNAL = { kdc = auth01-ka.customer.company.internal:88 master_kdc = auth01-ka.customer.company.internal:88 admin_server = auth01-ka.customer.company.internal:749 default_domain = customer.company.internal pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .customer.company.internal = CUSTOMER.COMPANY.INTERNAL customer.company.internal = CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:36Z DEBUG Starting external process 2015-10-06T09:11:36Z DEBUG args=kinit admin@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:36Z DEBUG Process finished, return code=0 2015-10-06T09:11:36Z DEBUG stdout=Password for admin@CUSTOMER.COMPANY.INTERNAL: 2015-10-06T09:11:36Z DEBUG stderr= 2015-10-06T09:11:36Z DEBUG trying to retrieve CA cert via LDAP from auth01-ka.customer.company.internal 2015-10-06T09:11:38Z DEBUG flushing ldap://auth01-ka.customer.company.internal:389 from SchemaCache 2015-10-06T09:11:38Z DEBUG retrieving schema for SchemaCache url=ldap://auth01-ka.customer.company.internal:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f7545d2de60> 2015-10-06T09:11:39Z INFO Successfully retrieved CA cert Subject: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Valid From: Thu Aug 13 16:17:49 2015 UTC Valid Until: Mon Aug 13 16:17:49 2035 UTC 2015-10-06T09:11:39Z DEBUG Starting external process 2015-10-06T09:11:39Z DEBUG args=/usr/sbin/ipa-join -s auth01-ka.customer.company.internal -b dc=snbng,dc=everyware,dc=internal -h mgmt02-ka.customer.company.internal -f 2015-10-06T09:11:39Z DEBUG Process finished, return code=0 2015-10-06T09:11:39Z DEBUG stdout= 2015-10-06T09:11:39Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:39Z INFO Enrolled in IPA realm CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:39Z DEBUG Starting external process 2015-10-06T09:11:39Z DEBUG args=kdestroy 2015-10-06T09:11:39Z DEBUG Process finished, return code=0 2015-10-06T09:11:39Z DEBUG stdout= 2015-10-06T09:11:39Z DEBUG stderr= 2015-10-06T09:11:39Z DEBUG Starting external process 2015-10-06T09:11:39Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:39Z DEBUG Process finished, return code=0 2015-10-06T09:11:39Z DEBUG stdout= 2015-10-06T09:11:39Z DEBUG stderr= 2015-10-06T09:11:39Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2015-10-06T09:11:39Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2015-10-06T09:11:39Z INFO Created /etc/ipa/default.conf 2015-10-06T09:11:39Z DEBUG importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'... 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py' 2015-10-06T09:11:39Z DEBUG Starting external process 2015-10-06T09:11:39Z DEBUG args=klist -V 2015-10-06T09:11:39Z DEBUG Process finished, return code=0 2015-10-06T09:11:39Z DEBUG stdout=Kerberos 5 version 1.12 2015-10-06T09:11:39Z DEBUG stderr= 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py' 2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py' 2015-10-06T09:11:40Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2015-10-06T09:11:40Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist 2015-10-06T09:11:40Z INFO New SSSD config will be created 2015-10-06T09:11:40Z INFO Configured /etc/sssd/sssd.conf 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=/usr/bin/certutil -A -d sql:/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2015-10-06T09:11:40Z DEBUG Process finished, return code=0 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr= 2015-10-06T09:11:40Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2015-10-06T09:11:40Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl get_persistent @s 0 2015-10-06T09:11:40Z DEBUG Process finished, return code=2 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr=Unknown command 2015-10-06T09:11:40Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: 2015-10-06T09:11:40Z DEBUG #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = CUSTOMER.COMPANY.INTERNAL dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] CUSTOMER.COMPANY.INTERNAL = { kdc = auth01-ka.customer.company.internal:88 master_kdc = auth01-ka.customer.company.internal:88 admin_server = auth01-ka.customer.company.internal:749 default_domain = customer.company.internal pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .customer.company.internal = CUSTOMER.COMPANY.INTERNAL customer.company.internal = CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z INFO Configured /etc/krb5.conf for IPA realm CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Process finished, return code=1 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Process finished, return code=1 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available 2015-10-06T09:11:40Z DEBUG failed to find session_cookie in persistent storage for principal 'host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL' 2015-10-06T09:11:40Z DEBUG trying https://auth01-ka.customer.company.internal/ipa/xml 2015-10-06T09:11:40Z DEBUG NSSConnection init auth01-ka.customer.company.internal 2015-10-06T09:11:40Z DEBUG Connecting: 192.168.229.145:0 2015-10-06T09:11:40Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 19 (0x13) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Validity: Not Before: Fri Aug 14 09:14:59 2015 UTC Not After : Mon Aug 14 09:14:59 2017 UTC Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28: 0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb: 4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b: 73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50: c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10: f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9: a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11: ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9: 27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3: df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9: c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be: 98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d: b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48: 66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16: 28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12: 28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7 Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: 1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf: f9:4e:b3:b1 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e: 9d:c4:0e:ee Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4: 96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96: e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16: 83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8: c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99: cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f: b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a: 6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee: 17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba: de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f: 27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b: fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6: d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2: 11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b: d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9: 30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da Fingerprint (MD5): bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c Fingerprint (SHA1): 18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80: c5:af:70:c7 2015-10-06T09:11:40Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-10-06T09:11:40Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL" 2015-10-06T09:11:40Z DEBUG handshake complete, peer = 192.168.229.145:443 2015-10-06T09:11:40Z DEBUG received Set-Cookie 'ipa_session=f40d81751b8744638adb1bf0d17f20e1; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:40 GMT; Secure; HttpOnly' 2015-10-06T09:11:40Z DEBUG storing cookie 'ipa_session=f40d81751b8744638adb1bf0d17f20e1; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:40 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Process finished, return code=1 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:40Z DEBUG Process finished, return code=1 2015-10-06T09:11:40Z DEBUG stdout= 2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available 2015-10-06T09:11:40Z DEBUG Starting external process 2015-10-06T09:11:40Z DEBUG args=keyctl padd user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL @s 2015-10-06T09:11:40Z DEBUG Process finished, return code=0 2015-10-06T09:11:40Z DEBUG stdout=353147855 2015-10-06T09:11:40Z DEBUG stderr= 2015-10-06T09:11:40Z DEBUG Created connection context.xmlclient 2015-10-06T09:11:40Z DEBUG Try RPC connection 2015-10-06T09:11:40Z DEBUG Forwarding 'ping' to server 'https://auth01-ka.customer.company.internal/ipa/xml' 2015-10-06T09:11:40Z DEBUG NSSConnection init auth01-ka.customer.company.internal 2015-10-06T09:11:40Z DEBUG Connecting: 192.168.229.145:0 2015-10-06T09:11:40Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 19 (0x13) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Validity: Not Before: Fri Aug 14 09:14:59 2015 UTC Not After : Mon Aug 14 09:14:59 2017 UTC Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28: 0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb: 4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b: 73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50: c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10: f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9: a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11: ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9: 27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3: df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9: c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be: 98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d: b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48: 66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16: 28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12: 28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7 Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: 1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf: f9:4e:b3:b1 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e: 9d:c4:0e:ee Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4: 96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96: e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16: 83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8: c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99: cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f: b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a: 6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee: 17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba: de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f: 27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b: fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6: d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2: 11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b: d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9: 30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da Fingerprint (MD5): bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c Fingerprint (SHA1): 18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80: c5:af:70:c7 2015-10-06T09:11:40Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-10-06T09:11:40Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL" 2015-10-06T09:11:40Z DEBUG handshake complete, peer = 192.168.229.145:443 2015-10-06T09:11:42Z DEBUG received Set-Cookie 'ipa_session=7e8a59443eee8a8c7dabaa5ca94de268; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' 2015-10-06T09:11:42Z DEBUG storing cookie 'ipa_session=7e8a59443eee8a8c7dabaa5ca94de268; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout=353147855 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout=353147855 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl pupdate 353147855 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout= 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Forwarding 'env' to server 'https://auth01-ka.customer.company.internal/ipa/xml' 2015-10-06T09:11:42Z DEBUG NSSConnection init auth01-ka.customer.company.internal 2015-10-06T09:11:42Z DEBUG Connecting: 192.168.229.145:0 2015-10-06T09:11:42Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 19 (0x13) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Validity: Not Before: Fri Aug 14 09:14:59 2015 UTC Not After : Mon Aug 14 09:14:59 2017 UTC Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28: 0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb: 4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b: 73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50: c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10: f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9: a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11: ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9: 27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3: df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9: c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be: 98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d: b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48: 66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16: 28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12: 28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7 Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: 1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf: f9:4e:b3:b1 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e: 9d:c4:0e:ee Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4: 96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96: e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16: 83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8: c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99: cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f: b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a: 6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee: 17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba: de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f: 27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b: fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6: d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2: 11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b: d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9: 30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da Fingerprint (MD5): bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c Fingerprint (SHA1): 18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80: c5:af:70:c7 2015-10-06T09:11:42Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-10-06T09:11:42Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL" 2015-10-06T09:11:42Z DEBUG handshake complete, peer = 192.168.229.145:443 2015-10-06T09:11:42Z DEBUG received Set-Cookie 'ipa_session=a7cacdd5d5ac6a509b6a5c942521fee2; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' 2015-10-06T09:11:42Z DEBUG storing cookie 'ipa_session=a7cacdd5d5ac6a509b6a5c942521fee2; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout=353147855 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout=353147855 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=keyctl pupdate 353147855 2015-10-06T09:11:42Z DEBUG Process finished, return code=0 2015-10-06T09:11:42Z DEBUG stdout= 2015-10-06T09:11:42Z DEBUG stderr= 2015-10-06T09:11:42Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2015-10-06T09:11:42Z DEBUG debug zone customer.company.internal. update delete mgmt02-ka.customer.company.internal. IN A show send update add mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143 show send 2015-10-06T09:11:42Z DEBUG Starting external process 2015-10-06T09:11:42Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2015-10-06T09:11:43Z DEBUG Process finished, return code=0 2015-10-06T09:11:43Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 0 ANY A Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15996 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4133435401.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ADDITIONAL SECTION: 4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444122703 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBDCCAQCgAwIBEqKB+ASB 9TSTq9rEGV5YVHnc3ra9voP7K6NugQXEJrS1sMTI8nQl2gemuYrkI1dO F0Wh29Hwf0B+Y2Uo8MMRutQ57feibfh0XvOcq3vZbgF3a4GjJUdyoGhI 3C9bxMXnG4dzYFq4XCDIeOkKBCLGyX7MkspdrYtfzCH+6RTPa+a+kHo7 qm0Brd23RzT/j9UfZTn0176tPn7PirEn1XJWh4c77dRRxTn1wrzGGAnd 2fyPURVSLT/aHmrHnBJSOg3LDQrIj2CS4pYFIg5mjMemN5JNJ/pc8kLL kEpLV2ZozsSm+IDGVfhaXmsEP/DMEa/cAl0K0BznVeR4o6Lx 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 51044 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 0 ANY A ;; TSIG PSEUDOSECTION: 4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQE//////8AAAAAC6fdQlgsRsFtt/N1D97dLA== 51044 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38425 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;2494113905.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ADDITIONAL SECTION: 2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444122703 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBDCCAQCgAwIBEqKB+ASB 9Sj4mwIYwIY2STV+hlgg27muTTAmmDeaNZVrO8/NgGrfo/xL07IvSqzy 5qa5c5v6w0A+8iUC44T28N0hu9xeYyz67LNxI6onoGf1M6yCFAJPfJS0 N5vrxFMrEZ0wnibyFud5KADtLvWQM15+j11vv/wuZD+vgi7sBSpLZPs8 7EFfrZWbfclT2dRYgBmUFnqi0KOar8DB4SvJvNENZjP932dt4VCvobec htlAH8gucCkuPR1KLlsEVQ3qvOJuo0VaDsLr1uj+iwCLCZQYddTXK9Fo gkrxIeEaVz228+Xq3bDL4r5nwS0I5LZrJ4gmNXbkPdfZjAsF 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 8187 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143 ;; TSIG PSEUDOSECTION: 2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQE//////8AAAAAOnXVt6kbLShy4CL9H2Aq0A== 8187 NOERROR 0 2015-10-06T09:11:43Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54163 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;customer.company.internal. IN SOA ;; ANSWER SECTION: customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051732 3600 900 1209600 3600 ;; AUTHORITY SECTION: customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal. customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal. customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal. ;; ADDITIONAL SECTION: auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45 auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145 auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55 Found zone name: customer.company.internal The master is: auth01-ka.customer.company.internal start_gssrequest Found realm from ticket: CUSTOMER.COMPANY.INTERNAL send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15996 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;4133435401.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ANSWER SECTION: 4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444126303 3 NOERROR 185 oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIB AgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuVQO5hz8dci7u lQs2jrgn8phsJIEofnua6ERzpy32/teYA8zTSLi+ChJAYGnzdF1rW/mK 5npxPzSRve0V2il3UayUW/vs+JTcw+cTVv0TQi0alT4PQ/wZs+Q2oZn9 CbS5XR7A6k9xqB8tYpPcOiA= 0 Sending update to 192.168.229.145#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 51044 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; TSIG PSEUDOSECTION: 4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQF//////8AAAAAJbMveIVOcmx91ueSrfgc9A== 51044 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53771 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;customer.company.internal. IN SOA ;; ANSWER SECTION: customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051733 3600 900 1209600 3600 ;; AUTHORITY SECTION: customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal. customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal. customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal. ;; ADDITIONAL SECTION: auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45 auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145 auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55 Found zone name: customer.company.internal The master is: auth01-ka.customer.company.internal start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38425 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;2494113905.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ANSWER SECTION: 2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444126303 3 NOERROR 185 oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIB AgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARu1RNhqTv7dVJe 6bluz4C+no8Ws4i4fIP3TOoueOZk6Y6MZTLpvzvuTc+wuxCCcmIqq2RL iDe08YAQo87sawFnMjuq42ToYQvUfDdiJ11oEAM/cAsKNZDgo4Hu/GXw h/s3G9ztwP1YScb0VBPZHhA= 0 Sending update to 192.168.229.145#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 8187 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; TSIG PSEUDOSECTION: 2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQF//////8AAAAACg400qZnkhX79ryPIGcedg== 8187 NOERROR 0 2015-10-06T09:11:43Z INFO DNS server record set to: mgmt02-ka.customer.company.internal -> 192.168.229.143 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service dbus status 2015-10-06T09:11:43Z DEBUG Process finished, return code=1 2015-10-06T09:11:43Z DEBUG stdout= 2015-10-06T09:11:43Z DEBUG stderr=dbus: unrecognized service 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service dbus start 2015-10-06T09:11:43Z DEBUG Process finished, return code=1 2015-10-06T09:11:43Z DEBUG stdout= 2015-10-06T09:11:43Z DEBUG stderr=dbus: unrecognized service 2015-10-06T09:11:43Z ERROR dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger restart 2015-10-06T09:11:43Z DEBUG Process finished, return code=0 2015-10-06T09:11:43Z DEBUG stdout=certmonger stop/waiting certmonger start/running 2015-10-06T09:11:43Z DEBUG stderr= 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger status 2015-10-06T09:11:43Z DEBUG Process finished, return code=0 2015-10-06T09:11:43Z DEBUG stdout=certmonger start/running 2015-10-06T09:11:43Z DEBUG stderr= 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger restart 2015-10-06T09:11:43Z DEBUG Process finished, return code=0 2015-10-06T09:11:43Z DEBUG stdout=certmonger stop/waiting certmonger start/running 2015-10-06T09:11:43Z DEBUG stderr= 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger status 2015-10-06T09:11:43Z DEBUG Process finished, return code=0 2015-10-06T09:11:43Z DEBUG stdout=certmonger start/running 2015-10-06T09:11:43Z DEBUG stderr= 2015-10-06T09:11:43Z DEBUG Starting external process 2015-10-06T09:11:43Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - mgmt02-ka.customer.company.internal -N CN=mgmt02-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL -K host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:43Z DEBUG Process finished, return code=1 2015-10-06T09:11:43Z DEBUG stdout=Error connecting to DBus. Please verify that the message bus (D-Bus) service is running. 2015-10-06T09:11:43Z DEBUG stderr= 2015-10-06T09:11:43Z ERROR certmonger request for host certificate failed 2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub 2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub 2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub 2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub 2015-10-06T09:11:43Z DEBUG Forwarding 'host_mod' to server 'https://auth01-ka.customer.company.internal/ipa/xml' 2015-10-06T09:11:43Z DEBUG NSSConnection init auth01-ka.customer.company.internal 2015-10-06T09:11:43Z DEBUG Connecting: 192.168.229.145:0 2015-10-06T09:11:43Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 19 (0x13) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL Validity: Not Before: Fri Aug 14 09:14:59 2015 UTC Not After : Mon Aug 14 09:14:59 2017 UTC Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28: 0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb: 4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b: 73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50: c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10: f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9: a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11: ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9: 27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3: df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9: c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be: 98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d: b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48: 66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16: 28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12: 28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7 Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: 1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf: f9:4e:b3:b1 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e: 9d:c4:0e:ee Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4: 96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96: e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16: 83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8: c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99: cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f: b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a: 6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee: 17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba: de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f: 27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b: fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6: d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2: 11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b: d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9: 30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da Fingerprint (MD5): bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c Fingerprint (SHA1): 18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80: c5:af:70:c7 2015-10-06T09:11:43Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2015-10-06T09:11:43Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL" 2015-10-06T09:11:43Z DEBUG handshake complete, peer = 192.168.229.145:443 2015-10-06T09:11:44Z DEBUG received Set-Cookie 'ipa_session=4108c07c92bcd0ff2fb4868590e8aec0; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:44 GMT; Secure; HttpOnly' 2015-10-06T09:11:44Z DEBUG storing cookie 'ipa_session=4108c07c92bcd0ff2fb4868590e8aec0; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:44 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout=353147855 2015-10-06T09:11:44Z DEBUG stderr= 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout=353147855 2015-10-06T09:11:44Z DEBUG stderr= 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=keyctl pupdate 353147855 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout= 2015-10-06T09:11:44Z DEBUG stderr= 2015-10-06T09:11:44Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2015-10-06T09:11:44Z DEBUG debug zone customer.company.internal. update delete mgmt02-ka.customer.company.internal. IN SSHFP show send update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0965A0C94 update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A67603E9D0 update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E55639067C236134 show send 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 0 ANY SSHFP Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30427 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;3390531495.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ADDITIONAL SECTION: 3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444122704 3 NOERROR 793 YIIDFQYGKwYBBQUCoIIDCTCCAwWgDTALBgkqhkiG9xIBAgKiggLyBIIC 7mCCAuoGCSqGSIb3EgECAgEAboIC2TCCAtWgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBTCCAQGgAwIBEqKB+QSB 9iRdcUnHuoPHOzQR26ipbDXtrbrrfxcwmc5BRpZVUVMN1rLbAjh8hLeX A8WFuaCTLarVq3r3mkg+nI4YNeIxG+wnFn1jW63KlN5T4WSl7LHaa6GK 2Gt1LqWanSCDLwVQIdmymI6jChvmLNerA4+bII1wS0YL/Ny6VFIOHNS+ 11lH2UJRD0RlM600CgK03EQoSdiG+urEpsNuuc5pwmU7wKRGMlEF17F5 X9qmrSLRNOQNowP+Fyw2Uw8dVlJfjeFEt1HdMTJO+pyuVjrH1QtgfdPW PMzd8ppQ1+rKT3eNpCDwWKrCVUHahjGDzJQ78uXwjh3pBUvArw== 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 21871 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 0 ANY SSHFP ;; TSIG PSEUDOSECTION: 3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQE//////8AAAAAA898JoKQ1Vli4n878bRW3g== 21871 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0 965A0C94 mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A6 7603E9D0 mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E5563906 7C236134 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54983 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4267511099.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ADDITIONAL SECTION: 4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444122704 3 NOERROR 793 YIIDFQYGKwYBBQUCoIIDCTCCAwWgDTALBgkqhkiG9xIBAgKiggLyBIIC 7mCCAuoGCSqGSIb3EgECAgEAboIC2TCCAtWgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBTCCAQGgAwIBEqKB+QSB 9gDBwCapaUb4dEK6EZBwt1kH/esx936qkh9iX/vVVDP4kvMPO/CZUFSQ qnlQBeGDXiK5nug5DW1vPi2e4zvVbF8Uez/zlHy1VuA4nAp3WEuR6p9R 2z+7h227kS8DfwVyabSyzDtkZ700JPeYFEJcq1uOSjZIlbCs3yAf+GTp xBaUCRf17QkyKCN79aDqnk6ojraSTXWFEvPZd9pzvuvr7wzL5KoCmNsB XxeljlRBrqJiuxqr0lIqtw1wU2nuoErjEA0BkeqHsyScuSM9b7rD0yML PKWYIEP1qzWexJHuobtyjIgmukIsvm32RVPhOD5o2wgASwmweA== 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6502 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 6, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; UPDATE SECTION: mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0 965A0C94 mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A6 7603E9D0 mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E5563906 7C236134 ;; TSIG PSEUDOSECTION: 4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQE//////8AAAAAG/0/YFlRii/SapinV1kHfg== 6502 NOERROR 0 2015-10-06T09:11:44Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38403 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;customer.company.internal. IN SOA ;; ANSWER SECTION: customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051734 3600 900 1209600 3600 ;; AUTHORITY SECTION: customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal. customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal. customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal. ;; ADDITIONAL SECTION: auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45 auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145 auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55 Found zone name: customer.company.internal The master is: auth01-ka.customer.company.internal start_gssrequest Found realm from ticket: CUSTOMER.COMPANY.INTERNAL send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30427 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;3390531495.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ANSWER SECTION: 3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444126304 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvc2mXmspCWZMs aGogdq7iEIKjrQ84LHXFnEXS3mJ8Eqrs8Gad6J2heOVDoMAD47RdaOVk ijGH/omhKf1suAmgTvlQ/KvHZ6zSOsqi0PdSCO76EVSofUruDLwCElzL MkfltXtikAjd4B4+j9PdGuda 0 Sending update to 192.168.229.145#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 21871 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; TSIG PSEUDOSECTION: 3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQF//////8AAAAAPahQUDX87F18ZUku1KappA== 21871 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4775 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;customer.company.internal. IN SOA ;; ANSWER SECTION: customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444122706 3600 900 1209600 3600 ;; AUTHORITY SECTION: customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal. customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal. customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal. ;; ADDITIONAL SECTION: auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45 auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145 auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55 Found zone name: customer.company.internal The master is: auth01-ka.customer.company.internal start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54983 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;4267511099.sig-auth01-ka.customer.company.internal. ANY TKEY ;; ANSWER SECTION: 4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444126304 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvOgT0ksqsG0d1 F/1i7Vembh/F+48wq/o84UkM7lIM0ebE3b/K89g/3hd8yxdLLmEF5BQm o20gOK+prgFdhczITdUwvn0NFfDH5HC9gn2I0wLSckzKAdmCpWOZYk0u LEqoGiFkMT00wwBXZmRKuPa2 0 Sending update to 192.168.229.145#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6502 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;customer.company.internal. IN SOA ;; TSIG PSEUDOSECTION: 4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQF//////8AAAAAP6cfPnuAvI46WesWYCFLLQ== 6502 NOERROR 0 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service nscd status 2015-10-06T09:11:44Z DEBUG Process finished, return code=1 2015-10-06T09:11:44Z DEBUG stdout= 2015-10-06T09:11:44Z DEBUG stderr=nscd: unrecognized service 2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=/usr/sbin/pam-auth-update --force --package 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout= 2015-10-06T09:11:44Z DEBUG stderr=debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline 2015-10-06T09:11:44Z INFO SSSD enabled 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service sssd restart 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout=sssd start/running, process 17669 2015-10-06T09:11:44Z DEBUG stderr=stop: Unknown instance: 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service sssd status 2015-10-06T09:11:44Z DEBUG Process finished, return code=0 2015-10-06T09:11:44Z DEBUG stdout=sssd start/running, process 17669 2015-10-06T09:11:44Z DEBUG stderr= 2015-10-06T09:11:44Z DEBUG Backing up system configuration file '/etc/ldap/ldap.conf' 2015-10-06T09:11:44Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:44Z INFO Configured /etc/openldap/ldap.conf 2015-10-06T09:11:44Z DEBUG Starting external process 2015-10-06T09:11:44Z DEBUG args=getent passwd admin@customer.company.internal 2015-10-06T09:11:44Z DEBUG Process finished, return code=2 2015-10-06T09:11:44Z DEBUG stdout= 2015-10-06T09:11:44Z DEBUG stderr= 2015-10-06T09:11:45Z DEBUG Starting external process 2015-10-06T09:11:45Z DEBUG args=getent passwd admin@customer.company.internal 2015-10-06T09:11:45Z DEBUG Process finished, return code=0 2015-10-06T09:11:45Z DEBUG stdout=admin:*:1242600000:1242600000:Administrator:/home/admin:/bin/bash 2015-10-06T09:11:45Z DEBUG stderr= 2015-10-06T09:11:45Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-10-06T09:11:45Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2015-10-06T09:11:45Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:45Z DEBUG Backing up system configuration file '/etc/default/ntp' 2015-10-06T09:11:45Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:45Z DEBUG Starting external process 2015-10-06T09:11:45Z DEBUG args=/usr/sbin/service ntp restart 2015-10-06T09:11:47Z DEBUG Process finished, return code=0 2015-10-06T09:11:47Z DEBUG stdout= * Stopping NTP server ntpd ...done. * Starting NTP server ntpd ...done. 2015-10-06T09:11:47Z DEBUG stderr= 2015-10-06T09:11:47Z DEBUG Starting external process 2015-10-06T09:11:47Z DEBUG args=/usr/sbin/service ntp status 2015-10-06T09:11:47Z DEBUG Process finished, return code=0 2015-10-06T09:11:47Z DEBUG stdout= * NTP server is running 2015-10-06T09:11:47Z DEBUG stderr= 2015-10-06T09:11:47Z INFO NTP enabled 2015-10-06T09:11:47Z DEBUG Backing up system configuration file '/etc/ssh/ssh_config' 2015-10-06T09:11:47Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:47Z INFO Configured /etc/ssh/ssh_config 2015-10-06T09:11:47Z DEBUG Backing up system configuration file '/etc/ssh/sshd_config' 2015-10-06T09:11:47Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-10-06T09:11:47Z DEBUG Starting external process 2015-10-06T09:11:47Z DEBUG args=sshd -t -f /dev/null -o AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys -o AuthorizedKeysCommandUser=nobody 2015-10-06T09:11:47Z DEBUG Process finished, return code=0 2015-10-06T09:11:47Z DEBUG stdout= 2015-10-06T09:11:47Z DEBUG stderr= 2015-10-06T09:11:47Z INFO Configured /etc/ssh/sshd_config 2015-10-06T09:11:47Z DEBUG Starting external process 2015-10-06T09:11:47Z DEBUG args=/usr/sbin/service sshd status 2015-10-06T09:11:47Z DEBUG Process finished, return code=1 2015-10-06T09:11:47Z DEBUG stdout= 2015-10-06T09:11:47Z DEBUG stderr=sshd: unrecognized service 2015-10-06T09:11:47Z INFO Client configuration complete.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project