I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded freeipa 
to 4.4.  On some clients they failed to re-authenticate post upgrade.  I then 
did an 
ipa-client-install —uninstall , and then tried re-joining to IPA server with 
ipa-client-install --mkhomedir --force-ntpd --force-join.

Now I am getting the below error, and I have no idea how to recover.  Firewall 
is disabled.


User authorized to enroll computers: admin
Password for admin@XXX.LOCAL: 
Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly 
after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Kerberos authentication failed: kinit: Included profile directory could not be 
read while initializing Kerberos 5 library 

Installation failed. Rolling back changes.
IPA client is not configured on this system.

[root@troll ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor 
preset: enabled)
   Active: inactive (dead)

Installed Packages
4.4.0-14.el7.centos                                         @updates 
4.4.0-14.el7.centos                                         @updates 
4.4.0-14.el7.centos                                         @updates 

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to