My company's ipa-client-install fail very often. Debug logs show the process always failed at getting the /etc/krb5.keytab . Is there a way to modify the script to increase number of attempts to create /etc/krb5.keytab ? I noticed "--kinit-attempts=KINIT_ATTEMPTS, number of attempts to obtain host TGT (defaults to 5)." But it comes after setting up the "/etc/krb5.keytab" file. Thanks.
server ipa-server-3.0.0-47.el6_7.1.x86_64 cleint ipa-client-3.0.0-47.el6_7.2.x86_64 ipa-client-3.0.0-50.el6.1.x86_64 #SUCCESSFUL ATTEMPT </member>\n </struct></value>\n </data></array></value>\n </param>\n </params>\n </methodResponse>\n Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=TEST.COM 2016-05-23T14:40:49Z INFO Enrolled in IPA realm TEST.COM 2016-05-23T14:40:49Z DEBUG args=kdestroy 2016-05-23T14:40:49Z DEBUG stdout= 2016-05-23T14:40:49Z DEBUG stderr= #FAILED ATTEMPT </member>\n </struct></value>\n </data></array></value>\n </param>\n </params>\n </methodResponse>\n ipa-getkeytab: ../../../libraries/libldap/extended.c:177: ldap_parse_extended_result: Assertion `res != ((void *)0)' failed. Certificate subject base is: O=TEST.COM 2016-05-23T14:37:08Z INFO Enrolled in IPA realm TEST.COM 2016-05-23T14:37:08Z DEBUG args=kdestroy 2016-05-23T14:37:08Z DEBUG stdout= 2016-05-23T14:37:08Z DEBUG stderr=
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
