Rob,
Yeah i forgot to attach the file when I initially sent. I also attached the
output from all the nodes. I guess what i realized is that my agreements are a
little different than i originally thought. What is also strange is on a few
hosts that initially did enroll from AWS, when I look at the host via the GUI
the host shows:
Kerberos Key Present, Host Provisioned
One-Time-Password Not Present
Host Certificate, No Valid Certificate
So the few that enrolled, they don't show having any Host certificates but they
show Kerberos Key present and Host provisioned. Is there a problem with the way
I provisioned the Replicas? I'm just using subdomains for human clarification
but they all use the same Kerberos domain, etc.
[root@ipa02-ore ~]# ipa-replica-manage list -v `hostname`
Directory Manager password:
ipa01-ore.prod.cloud.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:39:30+00:00
[root@ipa01-ore ~]# ipa-replica-manage list -v `hostname`
ipa02-ore.prod.cloud.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:41:20+00:00
rspsna-ipa01.prod.i2x.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:41:29+00:00
[root@rspsna-ipa01 ~]# ipa-replica-manage list -v `hostname`
ipa01-ore.prod.cloud.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:43:35+00:00
rspsna-ipa02.prod.i2x.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:43:35+00:00
[root@rspsna-ipa02 ~]# ipa-replica-manage list -v `hostname`
rspsna-ipa01.prod.i2x.myinc.local: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-03-03 20:44:14+00:00
See attached file for the initial fail. Thanks very much for your help.
Devin Acosta
arch 3 2016 1:34 PM, "Rob Crittenden" <rcrit...@redhat.com> wrote:
> de...@pabstatencio.com wrote:
>
>> I am running the latest patched CentOS 7.2, with FreeIPA 4.2.0, and I
>> the Master node in the Data Center, then i created 3 replica's, one in
>> the DC for High Availability, and then 2 Replica's in the AWS Cloud. I'm
>> having major issues with the Replica's in the AWS Cloud. I am trying to
>> have it so it auto-discovers the servers automatically so the failover
>> is dynamic. I created the replica's as well to have a Certificate
>> Authority. When I attempt to join a virtual machine in AWS to the domain
>> it fails half way thru the process. I have attached a full debug of my
>> ipa-client-install, hoping someone can assist me. I know prior to
>> joining the 2 replicas in AWS I had absolutely no issues with joining
>> servers in the DC to IDM. I built all my replica's from the Master
>> server (rspsna-ipa01), so rspsna-ipa02, ipa01-ore, ipa02-ore were built
>> from rspsna-ipa01.
>>
>> The main part that seems to fail during the (client) join is:
>
> The important bits are needed. This part of the log is just trying to
> clean things up (so failures are expected and ok). We'd really need to
> see a full ipaclient-install.log.
>
>> When I look at the slapd error log on one of the replica's i see this:
>>
>> [02/Mar/2016:23:40:09 +0000] - Listening on All Interfaces port 636 for
>> LDAPS requests
>> [02/Mar/2016:23:40:09 +0000] - Listening on
>> /var/run/slapd-MYINC-LOCAL.socket for LDAPI requests
>> [02/Mar/2016:23:40:09 +0000] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure. Minor code may provide more information (No Kerberos
>> credentials available)) errno 0 (Success)
>> [02/Mar/2016:23:40:09 +0000] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
>> (Local error)
>> [02/Mar/2016:23:40:09 +0000] NSMMReplicationPlugin -
>> agmt="cn=meTorspsna-ipa01.prod.i2x.myinc.local" (rspsna-ipa01:389):
>> Replication bind with GSSAPI auth failed: LDAP error -2 (Local error)
>> (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (No Kerberos credentials available))
>> [02/Mar/2016:23:40:12 +0000] NSMMReplicationPlugin -
>> agmt="cn=meToipa02-ore.prod.cloud.myinc.local" (ipa02-ore:389):
>> Replication bind with GSSAPI auth resumed
>> [02/Mar/2016:23:40:12 +0000] NSMMReplicationPlugin -
>> agmt="cn=meTorspsna-ipa01.prod.i2x.myinc.local" (rspsna-ipa01:389):
>> Replication bind with GSSAPI auth resumed
>
> Up to here is ok and expected, this is just 389-ds realizing it doesn't
> have Kerberos credentials yet and obtaining them.
>
>> [03/Mar/2016:00:07:00 +0000] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is
>> not connected)
>
> For these I'd run:
>
> $ ipa-replica-manage list -v `hostname` to see the status of the
> agreements. It seems that one is unable to connect.
>
> rob
[root@beanstalk01-ore ~]# cat /etc/resolv.conf
search prod.cloud.myinc.local myinc.local
nameserver 10.77.30.35
nameserver 10.10.0.254
nameserver 10.10.2.246
[root@beanstalk01-ore ~]# ipa-client-install --enable-dns-updates --mkhomedir
--domain prod.cloud.myinc.local --force-join -d
/sbin/ipa-client-install was invoked with options: {'domain':
'prod.cloud.myinc.local', 'force': False, 'krb5_offline_passwords': True,
'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name':
None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp':
True, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None,
'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None,
'request_cert': False, 'trust_sshfp': False, 'no_ac': False, 'unattended':
None, 'all_ip_addresses': False, 'location': None, 'sssd': True, 'ntp_servers':
None, 'kinit_attempts': 5, 'dns_updates': True, 'conf_sudo': True, 'conf_ssh':
True, 'force_join': True, 'firefox_dir': None, 'server': None,
'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd':
False, 'mkhomedir': True, 'uninstall': False}
missing options might be asked for interactively later
IPA version 4.2.0-15.el7_2.6
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Starting external process
args='/bin/systemctl' 'is-enabled' 'chronyd.service'
Process finished, return code=0
stdout=enabled
stderr=
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd
[IPA Discovery]
Starting IPA discovery with domain=prod.cloud.myinc.local, servers=None,
hostname=beanstalk01-ore.prod.cloud.myinc.local
Search for LDAP SRV record in prod.cloud.myinc.local
Search DNS for SRV record of _ldap._tcp.prod.cloud.myinc.local
DNS record found: 0 100 389 ipa02-ore.prod.cloud.myinc.local.
DNS record found: 0 100 389 rspsna-ipa02.prod.i2x.myinc.local.
DNS record found: 0 100 389 rspsna-ipa01.prod.i2x.myinc.local.
DNS record found: 0 100 389 ipa01-ore.prod.cloud.myinc.local.
[Kerberos realm search]
Search DNS for TXT record of _kerberos.prod.cloud.myinc.local
DNS record found: "myinc.LOCAL"
Search DNS for SRV record of _kerberos._udp.prod.cloud.myinc.local
DNS record found: 0 100 88 rspsna-ipa01.prod.i2x.myinc.local.
DNS record found: 0 100 88 ipa02-ore.prod.cloud.myinc.local.
DNS record found: 0 100 88 ipa01-ore.prod.cloud.myinc.local.
DNS record found: 0 100 88 rspsna-ipa02.prod.i2x.myinc.local.
[LDAP server check]
Verifying that ipa02-ore.prod.cloud.myinc.local (realm myinc.LOCAL) is an IPA
server
Init LDAP connection to: ipa02-ore.prod.cloud.myinc.local
Search LDAP server for IPA base DN
Check if naming context 'dc=myinc,dc=local' is for IPA
Naming context 'dc=myinc,dc=local' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=myinc,dc=local (sub)
Found: cn=myinc.LOCAL,cn=kerberos,dc=myinc,dc=local
Discovery result: Success; server=ipa02-ore.prod.cloud.myinc.local,
domain=prod.cloud.myinc.local,
kdc=rspsna-ipa01.prod.i2x.myinc.local,ipa02-ore.prod.cloud.myinc.local,ipa01-ore.prod.cloud.myinc.local,rspsna-ipa02.prod.i2x.myinc.local,
basedn=dc=myinc,dc=local
Validated servers: ipa02-ore.prod.cloud.myinc.local
will use discovered domain: prod.cloud.myinc.local
Start searching for LDAP SRV record in "prod.cloud.myinc.local" (Validating DNS
Discovery) and its sub-domains
Search DNS for SRV record of _ldap._tcp.prod.cloud.myinc.local
DNS record found: 0 100 389 ipa01-ore.prod.cloud.myinc.local.
DNS record found: 0 100 389 rspsna-ipa02.prod.i2x.myinc.local.
DNS record found: 0 100 389 ipa02-ore.prod.cloud.myinc.local.
DNS record found: 0 100 389 rspsna-ipa01.prod.i2x.myinc.local.
DNS validated, enabling discovery
will use discovered server: ipa02-ore.prod.cloud.myinc.local
Discovery was successful!
will use discovered realm: myinc.LOCAL
will use discovered basedn: dc=myinc,dc=local
Client hostname: beanstalk01-ore.prod.cloud.myinc.local
Hostname source: Machine's FQDN
Realm: myinc.LOCAL
Realm source: Discovered from LDAP DNS records in
ipa02-ore.prod.cloud.myinc.local
DNS Domain: prod.cloud.myinc.local
DNS Domain source: Discovered LDAP SRV records from prod.cloud.myinc.local
IPA Server: ipa02-ore.prod.cloud.myinc.local
IPA Server source: Discovered from LDAP DNS records in
ipa02-ore.prod.cloud.myinc.local
BaseDN: dc=myinc,dc=local
BaseDN source: From IPA server ldap://ipa02-ore.prod.cloud.myinc.local:389
Continue to configure the system with these values? [no]: yes
Starting external process
args='/usr/sbin/ipa-rmkeytab' '-k' '/etc/krb5.keytab' '-r' 'myinc.LOCAL'
Process finished, return code=5
stdout=
stderr=realm not found
Skipping synchronizing time with NTP server.
User authorized to enroll computers: dacosta
will use principal provided as option: dacosta
Starting external process
args='keyctl' 'get_persistent' '@s' '0'
Process finished, return code=0
stdout=209143713
stderr=
Enabling persistent keyring CCACHE
Writing Kerberos configuration to /tmp/tmpjHuUwF:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = myinc.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
myinc.LOCAL = {
kdc = ipa02-ore.prod.cloud.myinc.local:88
master_kdc = ipa02-ore.prod.cloud.myinc.local:88
admin_server = ipa02-ore.prod.cloud.myinc.local:749
default_domain = prod.cloud.myinc.local
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.prod.cloud.myinc.local = myinc.LOCAL
prod.cloud.myinc.local = myinc.LOCAL
Password for dacosta@myinc.LOCAL:
Initializing principal dacosta@myinc.LOCAL using password
Starting external process
args='/usr/bin/kinit' 'dacosta@myinc.LOCAL' '-c' '/tmp/tmp8xJJSf'
Process finished, return code=0
stdout=Password for dacosta@myinc.LOCAL:
stderr=
trying to retrieve CA cert via LDAP from ipa02-ore.prod.cloud.myinc.local
flushing ldap://ipa02-ore.prod.cloud.myinc.local:389 from SchemaCache
retrieving schema for SchemaCache
url=ldap://ipa02-ore.prod.cloud.myinc.local:389
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2df8fc8>
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=myinc.LOCAL
Issuer: CN=Certificate Authority,O=myinc.LOCAL
Valid From: Mon Dec 21 19:54:06 2015 UTC
Valid Until: Fri Dec 21 19:54:06 2035 UTC
Starting external process
args='/usr/sbin/ipa-join' '-s' 'ipa02-ore.prod.cloud.myinc.local' '-b'
'dc=myinc,dc=local' '-h' 'beanstalk01-ore.prod.cloud.myinc.local' '-d' '-f'
Process finished, return code=0
stdout=
stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>beanstalk01-ore.prod.cloud.myinc.local</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.10.0-327.10.1.el7.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to ipa02-ore.prod.cloud.myinc.local port 443 (#0)
* Trying 10.10.2.246...
* Connected to ipa02-ore.prod.cloud.myinc.local (10.10.2.246) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=ipa02-ore.prod.cloud.myinc.local,OU=pki-ipa,O=IPA
* start date: Mar 02 17:22:10 2016 GMT
* expire date: Mar 03 17:22:10 2018 GMT
* common name: ipa02-ore.prod.cloud.myinc.local
* issuer: CN=Certificate Authority,O=myinc.LOCAL
> POST /ipa/xml HTTP/1.1
Host: ipa02-ore.prod.cloud.myinc.local
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.2.0
Referer: https://ipa02-ore.prod.cloud.myinc.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 497
* upload completely sent off: 497 out of 497 bytes
< HTTP/1.1 401 Unauthorized
< Date: Thu, 03 Mar 2016 19:54:00 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_nss/2.4.6 NSS/3.19.1
Basic ECC mod_wsgi/3.4 Python/2.7.5
< WWW-Authenticate: Negotiate
< Last-Modified: Tue, 16 Feb 2016 15:54:04 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Ignoring the response-body
* Connection #0 to host ipa02-ore.prod.cloud.myinc.local left intact
* Issue another request to this URL:
'https://ipa02-ore.prod.cloud.myinc.local:443/ipa/xml'
* Found bundle for host ipa02-ore.prod.cloud.myinc.local: 0x7f3917ced600
* Connection 0 seems to be dead!
* Closing connection 0
* About to connect() to ipa02-ore.prod.cloud.myinc.local port 443 (#1)
* Trying 10.10.2.246...
* Connected to ipa02-ore.prod.cloud.myinc.local (10.10.2.246) port 443 (#1)
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=ipa02-ore.prod.cloud.myinc.local,OU=pki-ipa,O=IPA
* start date: Mar 02 17:22:10 2016 GMT
* expire date: Mar 03 17:22:10 2018 GMT
* common name: ipa02-ore.prod.cloud.myinc.local
* issuer: CN=Certificate Authority,O=myinc.LOCAL
* Server auth using GSS-Negotiate with user ''
> POST /ipa/xml HTTP/1.1
Authorization: Negotiate
YIIFEwYJKoZIhvcSAQICAQBuggUCMIIE/qADAgEFoQMCAQ6iBwMFACAAAACjggFpYYIBZTCCAWGgAwIBBaENGwtSU0lOQy5MT0NBTKIxMC+gAwIBA6EoMCYbBEhUVFAbHmlwYTAyLW9yZS5wcm9kLmF3cy5yc2luYy5sb2NhbKOCARYwggESoAMCARKhAwIBAqKCAQQEggEAdKqdPwlmaP+2wi9x4cR5QtmhtmXlhAZamfbOivNxY6QkXH10ex3K5VsAaVHghAcDXZqgq74DtnFoj6ggbNdClwaeaU9ufmfczpNL2+wOMeQ0fg9fa79IhxmIDitjsMk/poE1o7HbtBB9tmlpreRqBh/BxDBU+y/eCXwM7vNQgKKJ9Htotps2BqP4cPwx44hFG3z+Mh3CTdsGNZGxRhwnlnjS57ml1mhcqIgAp+/60AJvVEPtBKvRloqE+nSF1kV+ite282nSMoKZCXkMVqJl/OtbNKcF1snoiloc3WCQCn3wXXwvobqVKvk1SxcdE67TSnTd2cS5C7vcR0RMFElEaqSCA3owggN2oAMCARKiggNtBIIDadoIwnq1iNwa4R7JriOF0BBpAraVjc2DG51aqPneU8VeaE7MzLUWloz8d2THnio6kBmTiVHrDnti3Aap9pwQabaEW4nNKd3Z/hDGk8j4MOTvAw/5bYUky9gk7yykYpFzYPMOa/qSIjTe9My6CWlZQHSV5CxzkGwZFbgPrWN/IBrqNNkI/pqipg4/WbqsPhFJ0PCxNPLysa6wlFGQ5QRM3IaKGCjQMUyOeX9ssvFbMCesv1dOqeXt2gqV8lgnHydbMYFrpXF2lZEGAzwJV9Gya4jDxxSJa+/1YpRwYXXGkteWMC+B4D0f/GuE/za9P1qftD+xImsuT0RYEI5FV97FpjK9A3nxkueBROcljaAEQEfDkhcJb9h8K9qOn/H0Vzn/7X1vEXHVXWg7bkc7IVEKPwIg69ao9GZyoIViKVIJZyea2C/Ag9R7xkdsrZmV1970DmLzdemMXYoxBmitX00LmOIR+bbwvRZF85/h7GcKbQB6mvDZn+1xntMwDs8AJt8CMZsbz7R8gsFwyJ3DtNTR7BSTOrlT3Hk8rGYaUl0vG2q7lf7qvq8EYE+vgXioE85kR//Y/o+v35zi4u15h0iqmdH86U66nflAlRlgf3XPzBgfKZvLohd7FHmvNHAhzYWofatiV1SxyrzuMbuWw0/qATTwTKhw2F1Bi1F/5eAPJQbRfEs+sBhWt22tOGfF/VL+VYRO4ev62MCkiG4QFZEyZsrwd86fHntKhDYnosAC4GLvaO4I2ql0Z8StSCu/jOOEejeeyMpJ8KJKE/PEvSM5Hbgw9sWzzOF2n5mrke65nblOnRio3IOzGq0R7qXQy/fhRqNAz6jVPdYr4s841BkkIcQE2p1gnSKBxxmRf449n6PsT9gHuFbkbImxaECVUUQtDGE6jKr2dsoydawncArHf9at3jNVLDrK8pnPgrrAWJhkeFuuOgMqnuWl+Buvr62TmOS0SRfVE2xOfeogjm6EO4YB/Zd/NJEgCEQo8OzEji5fDReLAnDX1j5Uu6VgLksQGQ1CMvykRfMtP68/9m4W5wD+X7pY2mDMd2lufsyUYOLAnc+xmYo+S4Q33vCuc+IOZAkzx7c/EPr7RSvbLLrMEWTwA5/EHwHlQRwhnBUSyl8EfFm2/HkQmuvED246l2aiJ1VnGYo71xb8tw==
Host: ipa02-ore.prod.cloud.myinc.local
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.2.0
Referer: https://ipa02-ore.prod.cloud.myinc.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 497
* upload completely sent off: 497 out of 497 bytes
< HTTP/1.1 200 Success
< Date: Thu, 03 Mar 2016 19:54:15 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_nss/2.4.6 NSS/3.19.1
Basic ECC mod_wsgi/3.4 Python/2.7.5
* Added cookie ipa_session="b235bc522f42fac8f195f0839228f171" for domain
ipa02-ore.prod.cloud.myinc.local, path /ipa, expire 1457036055
< Set-Cookie: ipa_session=b235bc522f42fac8f195f0839228f171;
Domain=ipa02-ore.prod.cloud.myinc.local; Path=/ipa; Expires=Thu, 03 Mar 2016
20:14:15 GMT; Secure; HttpOnly
< WWW-Authenticate: Negotiate
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvX4MsJ5VSN9X+EA83p5sFFv8123NqNhSBQOuLHPvtF4NijFMVEkHd13Z/ZbMGvgBugybyOwmgUXh+HOUP7LMrr3FjdiSaoJQ/ebfPcJakJSLdkp097JzhMl1Hb3Q6Xiwwg2KaVnsDMOL7Sc//HWvM
< Vary: Accept-Encoding
< Content-Length: 3235
< Content-Type: text/xml; charset=utf-8
<
* Closing connection 1
XML-RPC RESPONSE:
<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=beanstalk01-ore.prod.cloud.myinc.local,cn=computers,cn=accounts,dc=myinc,dc=local</string></value>\n
<value><struct>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=beanstalk01-ore.prod.cloud.myinc.local,cn=computers,cn=accounts,dc=myinc,dc=local</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=myinc.LOCAL</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAKvc9dWaG9zdC9iZWFuc3RhbGswMS1vcmUucHJvZC5hd3MucnNpbmMubG9jYWxAUlNJTkMuTE9D\n
QUwA\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>beanstalk01-ore.prod.cloud.myinc.local</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaSshGroupOfPubKeys</string></value>\n
<value><string>ipaobject</string></value>\n
<value><string>ieee802device</string></value>\n
<value><string>nshost</string></value>\n
<value><string>top</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>ipasshhost</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krblastpwdchange</name>\n
<value><array><data>\n
<value><string>20160302231351Z</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbokasdelegate</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>beanstalk01-ore.prod.cloud.myinc.local</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>beanstalk01-ore.prod.cloud.myinc.local</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krblastsuccessfulauth</name>\n
<value><array><data>\n
<value><string>20160302231401Z</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
<member>\n
<name>has_password</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>eae9a998-e0cb-11e5-8d14-02760e936463</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>beanstalk01-ore.prod.cloud.myinc.local</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>beanstalk01-ore</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>dacosta</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbrequirespreauth</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=myinc.LOCAL
Enrolled in IPA realm myinc.LOCAL
Starting external process
args='kdestroy'
Process finished, return code=0
stdout=
stderr=
Initializing principal host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL
using keytab /etc/krb5.keytab
using ccache /etc/ipa/.dns_ccache
Attempt 1/5: success
Backing up system configuration file '/etc/ipa/default.conf'
-> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
importing all plugin modules in ipalib.plugins...
importing plugin module ipalib.plugins.aci
importing plugin module ipalib.plugins.automember
importing plugin module ipalib.plugins.automount
importing plugin module ipalib.plugins.baseldap
importing plugin module ipalib.plugins.baseuser
importing plugin module ipalib.plugins.batch
importing plugin module ipalib.plugins.caacl
importing plugin module ipalib.plugins.cert
importing plugin module ipalib.plugins.certprofile
importing plugin module ipalib.plugins.config
importing plugin module ipalib.plugins.delegation
importing plugin module ipalib.plugins.dns
importing plugin module ipalib.plugins.domainlevel
importing plugin module ipalib.plugins.group
importing plugin module ipalib.plugins.hbacrule
importing plugin module ipalib.plugins.hbacsvc
importing plugin module ipalib.plugins.hbacsvcgroup
importing plugin module ipalib.plugins.hbactest
importing plugin module ipalib.plugins.host
importing plugin module ipalib.plugins.hostgroup
importing plugin module ipalib.plugins.idrange
importing plugin module ipalib.plugins.idviews
importing plugin module ipalib.plugins.internal
importing plugin module ipalib.plugins.kerberos
importing plugin module ipalib.plugins.krbtpolicy
importing plugin module ipalib.plugins.migration
importing plugin module ipalib.plugins.misc
importing plugin module ipalib.plugins.netgroup
importing plugin module ipalib.plugins.otpconfig
importing plugin module ipalib.plugins.otptoken
importing plugin module ipalib.plugins.otptoken_yubikey
importing plugin module ipalib.plugins.passwd
importing plugin module ipalib.plugins.permission
importing plugin module ipalib.plugins.ping
importing plugin module ipalib.plugins.pkinit
importing plugin module ipalib.plugins.privilege
importing plugin module ipalib.plugins.pwpolicy
Starting external process
args='klist' '-V'
Process finished, return code=0
stdout=Kerberos 5 version 1.13.2
stderr=
importing plugin module ipalib.plugins.radiusproxy
importing plugin module ipalib.plugins.realmdomains
importing plugin module ipalib.plugins.role
importing plugin module ipalib.plugins.rpcclient
importing plugin module ipalib.plugins.selfservice
importing plugin module ipalib.plugins.selinuxusermap
importing plugin module ipalib.plugins.server
importing plugin module ipalib.plugins.service
importing plugin module ipalib.plugins.servicedelegation
importing plugin module ipalib.plugins.session
importing plugin module ipalib.plugins.stageuser
importing plugin module ipalib.plugins.sudocmd
importing plugin module ipalib.plugins.sudocmdgroup
importing plugin module ipalib.plugins.sudorule
importing plugin module ipalib.plugins.topology
importing plugin module ipalib.plugins.trust
importing plugin module ipalib.plugins.user
importing plugin module ipalib.plugins.vault
importing plugin module ipalib.plugins.virtual
Backing up system configuration file '/etc/sssd/sssd.conf'
-> Not backing up - '/etc/sssd/sssd.conf' doesn't exist
New SSSD config will be created
Backing up system configuration file '/etc/nsswitch.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Configured sudoers in /etc/nsswitch.conf
Starting external process
args='/sbin/ip' '-oneline' 'address' 'show'
Process finished, return code=0
stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever
preferred_lft forever
1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft
forever
2: eth0 inet 10.10.11.185/23 brd 10.10.11.255 scope global dynamic eth0\
valid_lft 2825sec preferred_lft 2825sec
2: eth0 inet6 fe80::c2:36ff:fef0:311/64 scope link \ valid_lft forever
preferred_lft forever
stderr=
Configured /etc/sssd/sssd.conf
Backing up system configuration file '/etc/krb5.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Starting external process
args='keyctl' 'get_persistent' '@s' '0'
Process finished, return code=0
stdout=209143713
stderr=
Enabling persistent keyring CCACHE
Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = myinc.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
myinc.LOCAL = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.prod.cloud.myinc.local = myinc.LOCAL
prod.cloud.myinc.local = myinc.LOCAL
Configured /etc/krb5.conf for IPA realm myinc.LOCAL
Starting external process
args='keyctl' 'search' '@s' 'user'
'ipa_session_cookie:host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL'
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
Starting external process
args='/usr/bin/certutil' '-d' '/tmp/tmpKKgv87' '-N' '-f' '/tmp/tmpZdTJ3x'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/usr/bin/certutil' '-d' '/tmp/tmpKKgv87' '-A' '-n' 'CA certificate 1'
'-t' 'C,,'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='keyctl' 'search' '@s' 'user'
'ipa_session_cookie:host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL'
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
failed to find session_cookie in persistent storage for principal
'host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL'
trying https://ipa02-ore.prod.cloud.myinc.local/ipa/json
Cannot connect to the server due to Kerberos error: Kerberos error: Kerberos
error: ('Unspecified GSS failure. Minor code may provide more information',
851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/. Trying with
delegate=True
trying https://ipa02-ore.prod.cloud.myinc.local/ipa/json
Second connect with delegate=True also failed: Kerberos error: Kerberos error:
('Unspecified GSS failure. Minor code may provide more information',
851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/
Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos error:
('Unspecified GSS failure. Minor code may provide more information',
851968)/('Cannot find KDC for realm "myinc.LOCAL"', -1765328230)/
Installation failed. Rolling back changes.
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Starting external process
args='ipa-client-automount' '--uninstall' '--debug'
Process finished, return code=0
stdout=Restoring configuration
stderr=importing all plugin modules in ipalib.plugins...
importing plugin module ipalib.plugins.aci
importing plugin module ipalib.plugins.automember
importing plugin module ipalib.plugins.automount
importing plugin module ipalib.plugins.baseldap
importing plugin module ipalib.plugins.baseuser
importing plugin module ipalib.plugins.batch
importing plugin module ipalib.plugins.caacl
importing plugin module ipalib.plugins.cert
importing plugin module ipalib.plugins.certprofile
importing plugin module ipalib.plugins.config
importing plugin module ipalib.plugins.delegation
importing plugin module ipalib.plugins.dns
importing plugin module ipalib.plugins.domainlevel
importing plugin module ipalib.plugins.group
importing plugin module ipalib.plugins.hbacrule
importing plugin module ipalib.plugins.hbacsvc
importing plugin module ipalib.plugins.hbacsvcgroup
importing plugin module ipalib.plugins.hbactest
importing plugin module ipalib.plugins.host
importing plugin module ipalib.plugins.hostgroup
importing plugin module ipalib.plugins.idrange
importing plugin module ipalib.plugins.idviews
importing plugin module ipalib.plugins.internal
importing plugin module ipalib.plugins.kerberos
importing plugin module ipalib.plugins.krbtpolicy
importing plugin module ipalib.plugins.migration
importing plugin module ipalib.plugins.misc
importing plugin module ipalib.plugins.netgroup
importing plugin module ipalib.plugins.otpconfig
importing plugin module ipalib.plugins.otptoken
importing plugin module ipalib.plugins.otptoken_yubikey
importing plugin module ipalib.plugins.passwd
importing plugin module ipalib.plugins.permission
importing plugin module ipalib.plugins.ping
importing plugin module ipalib.plugins.pkinit
importing plugin module ipalib.plugins.privilege
importing plugin module ipalib.plugins.pwpolicy
Starting external process
args='klist' '-V'
Process finished, return code=0
stdout=Kerberos 5 version 1.13.2
stderr=
importing plugin module ipalib.plugins.radiusproxy
importing plugin module ipalib.plugins.realmdomains
importing plugin module ipalib.plugins.role
importing plugin module ipalib.plugins.rpcclient
importing plugin module ipalib.plugins.selfservice
importing plugin module ipalib.plugins.selinuxusermap
importing plugin module ipalib.plugins.server
importing plugin module ipalib.plugins.service
importing plugin module ipalib.plugins.servicedelegation
importing plugin module ipalib.plugins.session
importing plugin module ipalib.plugins.stageuser
importing plugin module ipalib.plugins.sudocmd
importing plugin module ipalib.plugins.sudocmdgroup
importing plugin module ipalib.plugins.sudorule
importing plugin module ipalib.plugins.topology
importing plugin module ipalib.plugins.trust
importing plugin module ipalib.plugins.user
importing plugin module ipalib.plugins.vault
importing plugin module ipalib.plugins.virtual
Restoring system configuration file '/etc/nsswitch.conf'
Starting external process
args='/usr/sbin/selinuxenabled'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/sbin/restorecon' '/etc/nsswitch.conf'
Process finished, return code=0
stdout=
stderr=
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Starting external process
args='/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L' '-n' 'Local IPA host' '-r'
Process finished, return code=255
stdout=
stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Starting external process
args='/usr/bin/certutil' '-d' '/etc/pki/nssdb' '-L' '-n' 'IPA Machine
Certificate - beanstalk01-ore.prod.cloud.myinc.local' '-r'
Process finished, return code=255
stdout=
stderr=certutil: Could not find cert: IPA Machine Certificate -
beanstalk01-ore.prod.cloud.myinc.local
: PR_FILE_NOT_FOUND_ERROR: File not found
Starting external process
args='/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'
Process finished, return code=255
stdout=
stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Failed to list certificates in /etc/ipa/nssdb: Command ''/usr/bin/certutil'
'-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit status 255
Starting external process
args='/bin/systemctl' 'start' 'certmonger.service'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/bin/systemctl' 'is-active' 'certmonger.service'
Process finished, return code=0
stdout=active
stderr=
Starting external process
args='/bin/systemctl' 'stop' 'certmonger.service'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/bin/systemctl' 'disable' 'certmonger.service'
Process finished, return code=0
stdout=
stderr=
Unenrolling client from IPA server
Starting external process
args='/usr/sbin/ipa-join' '--unenroll' '-h'
'beanstalk01-ore.prod.cloud.myinc.local' '-d'
Process finished, return code=19
stdout=
stderr=Error obtaining initial credentials: Cannot find KDC for requested realm.
Unenrolling host failed: Error obtaining initial credentials: Cannot find KDC
for requested realm.
Removing Kerberos service principals from /etc/krb5.keytab
Starting external process
args='/usr/sbin/ipa-rmkeytab' '-k' '/etc/krb5.keytab' '-r' 'myinc.LOCAL'
Process finished, return code=0
stdout=
stderr=Removing principal
host/beanstalk01-ore.prod.cloud.myinc.local@myinc.LOCAL
Disabling client Kerberos and LDAP configurations
Starting external process
args='/usr/sbin/authconfig' '--disablekrb5' '--disablesssdauth'
'--disablemkhomedir' '--update' '--disableldap'
Process finished, return code=0
stdout=
stderr=
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
Starting external process
args='/bin/systemctl' 'stop' 'sssd.service'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/bin/systemctl' 'disable' 'sssd.service'
Process finished, return code=0
stdout=
stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/sssd.service.
Restoring client configuration files
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Starting external process
args='/usr/sbin/selinuxenabled'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/sbin/restorecon' '/etc/krb5.conf'
Process finished, return code=0
stdout=
stderr=
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
-> no files, removing file
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Starting external process
args='/bin/systemctl' 'disable' 'rhel-domainname.service'
Process finished, return code=0
stdout=
stderr=
Starting external process
args='/bin/systemctl' 'list-unit-files' '--full'
Process finished, return code=0
stdout=UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount masked
var-lib-nfs-rpc_pipefs.mount static
brandbot.path disabled
systemd-ask-password-console.path static
systemd-ask-password-wall.path static
session-1.scope static
session-19.scope static
arp-ethers.service disabled
auditd.service enabled
auth-rpcgss-module.service static
autofs.service disabled
autovt@.service disabled
beanstalkd-30000.service enabled
beanstalkd-30002.service enabled
blk-availability.service disabled
brandbot.service static
certmonger.service disabled
chrony-dnssrv@.service static
chrony-wait.service disabled
chronyd.service enabled
cloud-config.service enabled
cloud-final.service enabled
cloud-init-local.service enabled
cloud-init.service enabled
console-getty.service disabled
console-shell.service disabled
container-getty@.service static
cpupower.service disabled
crond.service enabled
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.machine1.service static
dbus-org.freedesktop.network1.service invalid
dbus-org.freedesktop.timedate1.service static
dbus.service static
debug-shell.service disabled
dnsmasq.service disabled
dracut-cmdline.service static
dracut-initqueue.service static
dracut-mount.service static
dracut-pre-mount.service static
dracut-pre-pivot.service static
dracut-pre-trigger.service static
dracut-pre-udev.service static
dracut-shutdown.service static
emergency.service static
fstrim.service static
getty@.service enabled
gssproxy.service disabled
halt-local.service static
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
irqbalance.service enabled
kdump.service enabled
kmod-static-nodes.service static
ldconfig.service static
messagebus.service static
microcode.service enabled
nfs-blkmap.service disabled
nfs-config.service static
nfs-idmap.service static
nfs-idmapd.service static
nfs-lock.service static
nfs-mountd.service static
nfs-secure-server.service static
nfs-secure.service static
nfs-server.service disabled
nfs-utils.service static
nfs.service disabled
nfslock.service static
ntpd.service disabled
ntpdate.service disabled
oddjobd.service disabled
polkit.service static
postfix.service enabled
quotaon.service static
rc-local.service static
rdisc.service disabled
rdma.service disabled
rescue.service static
rhel-autorelabel-mark.service static
rhel-autorelabel.service static
rhel-configure.service static
rhel-dmesg.service disabled
rhel-domainname.service disabled
rhel-import-state.service static
rhel-loadmodules.service static
rhel-readonly.service static
rpc-gssd.service static
rpc-statd-notify.service static
rpc-statd.service static
rpc-svcgssd.service static
rpcbind.service static
rpcgssd.service static
rpcidmapd.service static
rpcsvcgssd.service static
rsyncd.service disabled
rsyncd@.service static
rsyslog.service enabled
serial-getty@.service disabled
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sssd.service disabled
systemd-ask-password-console.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-bootchart.service disabled
systemd-firstboot.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static
systemd-hostnamed.service static
systemd-hwdb-update.service static
systemd-hybrid-sleep.service static
systemd-initctl.service static
systemd-journal-catalog-update.service static
systemd-journal-flush.service static
systemd-journald.service static
systemd-kexec.service static
systemd-localed.service static
systemd-logind.service static
systemd-machine-id-commit.service static
systemd-machined.service static
systemd-modules-load.service static
systemd-nspawn@.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-readahead-collect.service enabled
systemd-readahead-done.service static
systemd-readahead-drop.service enabled
systemd-readahead-replay.service enabled
systemd-reboot.service static
systemd-remount-fs.service static
systemd-rfkill@.service static
systemd-shutdownd.service static
systemd-suspend.service static
systemd-sysctl.service static
systemd-timedated.service static
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
systemd-udev-settle.service static
systemd-udev-trigger.service static
systemd-udevd.service static
systemd-update-done.service static
systemd-update-utmp-runlevel.service static
systemd-update-utmp.service static
systemd-user-sessions.service static
systemd-vconsole-setup.service static
tcsd.service disabled
teamd@.service static
tuned.service enabled
wpa_supplicant.service disabled
zabbix-agent.service enabled
-.slice static
machine.slice static
system.slice static
user.slice static
dbus.socket static
rpcbind.socket enabled
rsyncd.socket disabled
sshd.socket disabled
syslog.socket static
systemd-initctl.socket static
systemd-journald.socket static
systemd-networkd.socket disabled
systemd-shutdownd.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static
basic.target static
bluetooth.target static
cloud-config.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
default.target enabled
emergency.target static
final.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
kexec.target disabled
local-fs-pre.target static
local-fs.target static
machines.target disabled
multi-user.target enabled
network-online.target static
network-pre.target static
network.target static
nfs-client.target enabled
nss-lookup.target static
nss-user-lookup.target static
paths.target static
poweroff.target disabled
printer.target static
reboot.target disabled
remote-fs-pre.target static
remote-fs.target enabled
rescue.target disabled
rpcbind.target static
runlevel0.target disabled
runlevel1.target disabled
runlevel2.target static
runlevel3.target static
runlevel4.target static
runlevel5.target static
runlevel6.target disabled
shutdown.target static
sigpwr.target static
sleep.target static
slices.target static
smartcard.target static
sockets.target static
sound.target static
suspend.target static
swap.target static
sysinit.target static
system-update.target static
time-sync.target static
timers.target static
umount.target static
chrony-dnssrv@.timer disabled
fstrim.timer disabled
systemd-readahead-done.timer static
systemd-tmpfiles-clean.timer static
247 unit files listed.
stderr=
nscd daemon is not installed, skip configuration
Starting external process
args='/bin/systemctl' 'list-unit-files' '--full'
Process finished, return code=0
stdout=UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount masked
var-lib-nfs-rpc_pipefs.mount static
brandbot.path disabled
systemd-ask-password-console.path static
systemd-ask-password-wall.path static
session-1.scope static
session-19.scope static
arp-ethers.service disabled
auditd.service enabled
auth-rpcgss-module.service static
autofs.service disabled
autovt@.service disabled
beanstalkd-30000.service enabled
beanstalkd-30002.service enabled
blk-availability.service disabled
brandbot.service static
certmonger.service disabled
chrony-dnssrv@.service static
chrony-wait.service disabled
chronyd.service enabled
cloud-config.service enabled
cloud-final.service enabled
cloud-init-local.service enabled
cloud-init.service enabled
console-getty.service disabled
console-shell.service disabled
container-getty@.service static
cpupower.service disabled
crond.service enabled
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.machine1.service static
dbus-org.freedesktop.network1.service invalid
dbus-org.freedesktop.timedate1.service static
dbus.service static
debug-shell.service disabled
dnsmasq.service disabled
dracut-cmdline.service static
dracut-initqueue.service static
dracut-mount.service static
dracut-pre-mount.service static
dracut-pre-pivot.service static
dracut-pre-trigger.service static
dracut-pre-udev.service static
dracut-shutdown.service static
emergency.service static
fstrim.service static
getty@.service enabled
gssproxy.service disabled
halt-local.service static
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
irqbalance.service enabled
kdump.service enabled
kmod-static-nodes.service static
ldconfig.service static
messagebus.service static
microcode.service enabled
nfs-blkmap.service disabled
nfs-config.service static
nfs-idmap.service static
nfs-idmapd.service static
nfs-lock.service static
nfs-mountd.service static
nfs-secure-server.service static
nfs-secure.service static
nfs-server.service disabled
nfs-utils.service static
nfs.service disabled
nfslock.service static
ntpd.service disabled
ntpdate.service disabled
oddjobd.service disabled
polkit.service static
postfix.service enabled
quotaon.service static
rc-local.service static
rdisc.service disabled
rdma.service disabled
rescue.service static
rhel-autorelabel-mark.service static
rhel-autorelabel.service static
rhel-configure.service static
rhel-dmesg.service disabled
rhel-domainname.service disabled
rhel-import-state.service static
rhel-loadmodules.service static
rhel-readonly.service static
rpc-gssd.service static
rpc-statd-notify.service static
rpc-statd.service static
rpc-svcgssd.service static
rpcbind.service static
rpcgssd.service static
rpcidmapd.service static
rpcsvcgssd.service static
rsyncd.service disabled
rsyncd@.service static
rsyslog.service enabled
serial-getty@.service disabled
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sssd.service disabled
systemd-ask-password-console.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-bootchart.service disabled
systemd-firstboot.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static
systemd-hostnamed.service static
systemd-hwdb-update.service static
systemd-hybrid-sleep.service static
systemd-initctl.service static
systemd-journal-catalog-update.service static
systemd-journal-flush.service static
systemd-journald.service static
systemd-kexec.service static
systemd-localed.service static
systemd-logind.service static
systemd-machine-id-commit.service static
systemd-machined.service static
systemd-modules-load.service static
systemd-nspawn@.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-readahead-collect.service enabled
systemd-readahead-done.service static
systemd-readahead-drop.service enabled
systemd-readahead-replay.service enabled
systemd-reboot.service static
systemd-remount-fs.service static
systemd-rfkill@.service static
systemd-shutdownd.service static
systemd-suspend.service static
systemd-sysctl.service static
systemd-timedated.service static
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
systemd-udev-settle.service static
systemd-udev-trigger.service static
systemd-udevd.service static
systemd-update-done.service static
systemd-update-utmp-runlevel.service static
systemd-update-utmp.service static
systemd-user-sessions.service static
systemd-vconsole-setup.service static
tcsd.service disabled
teamd@.service static
tuned.service enabled
wpa_supplicant.service disabled
zabbix-agent.service enabled
-.slice static
machine.slice static
system.slice static
user.slice static
dbus.socket static
rpcbind.socket enabled
rsyncd.socket disabled
sshd.socket disabled
syslog.socket static
systemd-initctl.socket static
systemd-journald.socket static
systemd-networkd.socket disabled
systemd-shutdownd.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static
basic.target static
bluetooth.target static
cloud-config.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
default.target enabled
emergency.target static
final.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
kexec.target disabled
local-fs-pre.target static
local-fs.target static
machines.target disabled
multi-user.target enabled
network-online.target static
network-pre.target static
network.target static
nfs-client.target enabled
nss-lookup.target static
nss-user-lookup.target static
paths.target static
poweroff.target disabled
printer.target static
reboot.target disabled
remote-fs-pre.target static
remote-fs.target enabled
rescue.target disabled
rpcbind.target static
runlevel0.target disabled
runlevel1.target disabled
runlevel2.target static
runlevel3.target static
runlevel4.target static
runlevel5.target static
runlevel6.target disabled
shutdown.target static
sigpwr.target static
sleep.target static
slices.target static
smartcard.target static
sockets.target static
sound.target static
suspend.target static
swap.target static
sysinit.target static
system-update.target static
time-sync.target static
timers.target static
umount.target static
chrony-dnssrv@.timer disabled
fstrim.timer disabled
systemd-readahead-done.timer static
systemd-tmpfiles-clean.timer static
247 unit files listed.
stderr=
nslcd daemon is not installed, skip configuration
Client uninstall complete.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project