date:20110308

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Steven Jones

8-

 
  getent passwd user however only returns one line, not the two I should
  expect?
 
 Why do you expect two lines? It should only return one, for that user.
 
 
  It also returns very fastlike its not even looking remotely.
 
 Is the user in /etc/passwd too?
 

When I tried to get FDS going a few years ago getent used to return 2,
the local one and the ldap one, hence two linesif it was
working.

I guess the ipa manual is lacking somewhat in that it says run these
commands, but doesnt say what the expected output is or looks like, so
how am I meant to know if its right or wrong? like duh.

regards

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Steven Jones

8--


So how do I fault find? where do I start?

ie Where do I start to look to determine why a user cannot login to a
client via freeipa? 

How can I be more clear? because so far the replies have been not very
productive.

regards



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Steven Jones

On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
 Steven Jones wrote:
  8--
 
 
  So how do I fault find? where do I start?
 
  ie Where do I start to look to determine why a user cannot login to a
  client via freeipa?
 
  How can I be more clear? because so far the replies have been not very
  productive.
 
  regards
 
 

 Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart
 sssd, and try your login again. Look
 in/var/log/sssd/sssd_example.com.log for information on the login attempt.

 Your uid/gid will likely differ.

 # getent passwd admin
 admin:*:26420:26420:Administrator:/home/admin:/bin/bash
 # id admin
 uid=26420(admin) gid=26420(admins) groups=26420(admins)
 # getent group admins
 admins:*:26420:admin
 # finger admin
 Login: adminName: Administrator
 Directory: /home/admin  Shell: /bin/bash
 Never logged in.
 No mail.
 No Plan.

(Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 13:28:22 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 13:28:24 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 13:28:28 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 15:37:30 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
fatal error initializing data providers
(Tue Mar  8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
initialize backend [14]
(Tue Mar  8 15:37:31 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
[default]
(Tue Mar  8 15:37:31 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verify keytab
(Tue Mar  8 15:37:31 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
(0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
(Tue Mar  8 15:37:31 2011)

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 03/08/2011 04:40 PM, Steven Jones wrote:
 On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
 Steven Jones wrote:
 8--


 So how do I fault find? where do I start?

 ie Where do I start to look to determine why a user cannot login to a
 client via freeipa?

 How can I be more clear? because so far the replies have been not very
 productive.

 regards



 Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart
 sssd, and try your login again. Look
 in/var/log/sssd/sssd_example.com.log for information on the login attempt.

 Your uid/gid will likely differ.

 # getent passwd admin
 admin:*:26420:26420:Administrator:/home/admin:/bin/bash
 # id admin
 uid=26420(admin) gid=26420(admins) groups=26420(admins)
 # getent group admins
 admins:*:26420:admin
 # finger admin
 Login: adminName: Administrator
 Directory: /home/admin  Shell: /bin/bash
 Never logged in.
 No mail.
 No Plan.
 
 (Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]]
 [sss_krb5_verify_keytab_ex] (0): Principal
 [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
 [default]
 (Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
 Could not verify keytab
 (Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module]
 (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)!
 (Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0):
 fatal error initializing data providers
 (Tue Mar  8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not
 initialize backend [14]
 (Tue Mar  8 13:28:20 2011) [sssd[be[ipa.ac.nz]]]
 [sss_krb5_verify_keytab_ex] (0): Principal
 [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab
 [default]


Well, here's your problem. The SSSD isn't starting up successfully
because you don't have a host principal for this server in your
/etc/krb5.keytab file. This was probably a bug in the ipa-client-install.

What does
klist -k /etc/krb5.keytab
return to you?

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk12qV4ACgkQeiVVYja6o6OH/gCfabjbwcx/WSookcjKPXeq9N70
HpgAn3gj78oH0CW/WKS0F6X1Whvx/Wai
=R7BT
-END PGP SIGNATURE-

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Simo Sorce

On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
Stephen Gallagher sgall...@redhat.com wrote:

 
 
 On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo...@vuw.ac.nz
 wrote:
 
  Keytab name: WRFILE:/etc/krb5.keytab
  KVNO Principal
  
  --
  
  8-
  
  
  
  
 
 Looks like you have no host key in the keytab. That's the root of the
 problem. Seems like IPA-client-install failed to populate it. Rob, do
 you have any insight here?

does /var/log/ipaclient-install.log show any error ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Steven Jones

Hi,

Log,


2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked
with options: {'conf_ntp': True, 'domain': None, 'uninstall': False,
'force': True, 'sssd': True, 'hostname': None, 'permit': False,
'server': None, 'prompt_password': False, 'realm_name': None,
'dns_updates': False, 'debug': False, 'on_master': False, 'ntp_server':
None, 'mkhomedir': False, 'unattended': None, 'principal': None}
2011-03-04 15:08:58,726 DEBUG missing options might be asked for
interactively later

2011-03-04 15:08:58,726 DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04 15:08:58,726 DEBUG [ipadnssearchldap(ipa.ac.nz)]
2011-03-04 15:08:58,727 DEBUG [ipadnssearchkrb]
2011-03-04 15:08:58,729 DEBUG [ipacheckldap]
2011-03-04 15:08:58,736 DEBUG args=/usr/bin/wget
-O /tmp/tmp7MhOze/ca.crt
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
2011-03-04 15:08:58,736 DEBUG stdout=
2011-03-04 15:08:58,736 DEBUG stderr=--2011-03-04 15:08:58--
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2
Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-x509-ca-cert]
Saving to: `/tmp/tmp7MhOze/ca.crt'

 0K . 100%
237M=0s

2011-03-04 15:08:58 (237 MB/s) - `/tmp/tmp7MhOze/ca.crt' saved
[1321/1321]


2011-03-04 15:08:58,736 DEBUG Init ldap with:
ldap://fed14-64-ipam001.ipa.ac.nz:389
2011-03-04 15:08:58,749 DEBUG Search rootdse
2011-03-04 15:08:58,750 DEBUG Search for (info=*) in
dc=ipa,dc=ac,dc=nz(base)
2011-03-04 15:08:58,751 DEBUG Found: [('dc=ipa,dc=ac,dc=nz',
{'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject',
'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
['ipa.ac.nz'], 'dc': ['ipa'], 'nisDomain': ['ipa.ac.nz']})]
2011-03-04 15:08:58,752 DEBUG Search for (objectClass=krbRealmContainer)
in dc=ipa,dc=ac,dc=nz(sub)
2011-03-04 15:08:58,753 DEBUG Found:
[('cn=IPA.AC.NZ,cn=kerberos,dc=ipa,dc=ac,dc=nz', {'krbSubTrees':
['dc=ipa,dc=ac,dc=nz'], 'cn': ['IPA.AC.NZ'], 'krbDefaultEncSaltTypes':
['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special',
'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer',
'krbticketpolicyaux'], 'krbSearchScope': ['2'],
'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
'krbMaxRenewableAge': ['604800']})]
2011-03-04 15:08:58,753 DEBUG will use domain: ipa.ac.nz

2011-03-04 15:08:58,753 DEBUG will use server:
fed14-64-ipam001.ipa.ac.nz

2011-03-04 15:08:58,754 DEBUG will use cli_realm: IPA.AC.NZ

2011-03-04 15:08:58,754 DEBUG will use cli_basedn: dc=ipa,dc=ac,dc=nz

2011-03-04 15:09:04,645 DEBUG will use principal: admin

2011-03-04 15:09:04,659 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
2011-03-04 15:09:04,659 DEBUG stdout=
2011-03-04 15:09:04,660 DEBUG stderr=--2011-03-04 15:09:04--
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2
Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-x509-ca-cert]
Saving to: `/etc/ipa/ca.crt'

 0K . 100%
249M=0s

2011-03-04 15:09:04 (249 MB/s) - `/etc/ipa/ca.crt' saved [1321/1321]


2011-03-04 15:09:11,665 DEBUG args=kinit ad...@ipa.ac.nz
2011-03-04 15:09:11,665 DEBUG stdout=Password for ad...@ipa.ac.nz: 

2011-03-04 15:09:11,665 DEBUG stderr=
2011-03-04 15:09:13,931 DEBUG args=/usr/sbin/ipa-join -s
fed14-64-ipam001.ipa.ac.nz
2011-03-04 15:09:13,931 DEBUG stdout=
2011-03-04 15:09:13,931 DEBUG stderr=Host is already joined.

2011-03-04 15:09:13,937 DEBUG args=kdestroy
2011-03-04 15:09:13,937 DEBUG stdout=
2011-03-04 15:09:13,937 DEBUG stderr=
2011-03-04 15:09:13,937 DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2011-03-04 15:09:13,938 DEBUG   - Not backing up -
'/etc/ipa/default.conf' doesn't exist
2011-03-04 15:09:13,938 DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2011-03-04 15:09:13,938 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04 15:09:14,012 DEBUG args=/usr/bin/certutil -A
-d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2011-03-04 15:09:14,012 DEBUG stdout=
2011-03-04 15:09:14,012 DEBUG stderr=
2011-03-04 15:09:14,012 DEBUG Backing up system configuration file
'/etc/krb5.conf'
2011-03-04 15:09:14,013 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Steven Jones

Hi,

I have just done another F14 client and I have the same issue.

regards

regards

On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote:
 On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
 Stephen Gallagher sgall...@redhat.com wrote:
 
  
  
  On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo...@vuw.ac.nz
  wrote:
  
   Keytab name: WRFILE:/etc/krb5.keytab
   KVNO Principal
   
   --
   
   8-
   
   
   
   
  
  Looks like you have no host key in the keytab. That's the root of the
  problem. Seems like IPA-client-install failed to populate it. Rob, do
  you have any insight here?
 
 does /var/log/ipaclient-install.log show any error ?
 
 Simo.
 
 -- 
 Simo Sorce * Red Hat, Inc * New York
 
 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Unable to authenticate a client user against IPA

2011-03-08 Thread Rob Crittenden


Steven Jones wrote:

Hi,

Log,



The error is Host is already joined so no keytab is requested. The 
enrollment failed.


ipa-client-install --uninstall should unenroll the client (you can 
verify that Keytab is False in ipa host-show client_fqdn on the IPA 
server.


If so running ipa-client-install on the client should configure things 
properly.


rob



2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked
with options: {'conf_ntp': True, 'domain': None, 'uninstall': False,
'force': True, 'sssd': True, 'hostname': None, 'permit': False,
'server': None, 'prompt_password': False, 'realm_name': None,
'dns_updates': False, 'debug': False, 'on_master': False, 'ntp_server':
None, 'mkhomedir': False, 'unattended': None, 'principal': None}
2011-03-04 15:08:58,726 DEBUG missing options might be asked for
interactively later

2011-03-04 15:08:58,726 DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04 15:08:58,726 DEBUG [ipadnssearchldap(ipa.ac.nz)]
2011-03-04 15:08:58,727 DEBUG [ipadnssearchkrb]
2011-03-04 15:08:58,729 DEBUG [ipacheckldap]
2011-03-04 15:08:58,736 DEBUG args=/usr/bin/wget
-O /tmp/tmp7MhOze/ca.crt
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
2011-03-04 15:08:58,736 DEBUG stdout=
2011-03-04 15:08:58,736 DEBUG stderr=--2011-03-04 15:08:58--
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2
Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-x509-ca-cert]
Saving to: `/tmp/tmp7MhOze/ca.crt'

  0K . 100%
237M=0s

2011-03-04 15:08:58 (237 MB/s) - `/tmp/tmp7MhOze/ca.crt' saved
[1321/1321]


2011-03-04 15:08:58,736 DEBUG Init ldap with:
ldap://fed14-64-ipam001.ipa.ac.nz:389
2011-03-04 15:08:58,749 DEBUG Search rootdse
2011-03-04 15:08:58,750 DEBUG Search for (info=*) in
dc=ipa,dc=ac,dc=nz(base)
2011-03-04 15:08:58,751 DEBUG Found: [('dc=ipa,dc=ac,dc=nz',
{'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject',
'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
['ipa.ac.nz'], 'dc': ['ipa'], 'nisDomain': ['ipa.ac.nz']})]
2011-03-04 15:08:58,752 DEBUG Search for (objectClass=krbRealmContainer)
in dc=ipa,dc=ac,dc=nz(sub)
2011-03-04 15:08:58,753 DEBUG Found:
[('cn=IPA.AC.NZ,cn=kerberos,dc=ipa,dc=ac,dc=nz', {'krbSubTrees':
['dc=ipa,dc=ac,dc=nz'], 'cn': ['IPA.AC.NZ'], 'krbDefaultEncSaltTypes':
['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special',
'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer',
'krbticketpolicyaux'], 'krbSearchScope': ['2'],
'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
'krbMaxRenewableAge': ['604800']})]
2011-03-04 15:08:58,753 DEBUG will use domain: ipa.ac.nz

2011-03-04 15:08:58,753 DEBUG will use server:
fed14-64-ipam001.ipa.ac.nz

2011-03-04 15:08:58,754 DEBUG will use cli_realm: IPA.AC.NZ

2011-03-04 15:08:58,754 DEBUG will use cli_basedn: dc=ipa,dc=ac,dc=nz

2011-03-04 15:09:04,645 DEBUG will use principal: admin

2011-03-04 15:09:04,659 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
2011-03-04 15:09:04,659 DEBUG stdout=
2011-03-04 15:09:04,660 DEBUG stderr=--2011-03-04 15:09:04--
http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt
Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2
Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-x509-ca-cert]
Saving to: `/etc/ipa/ca.crt'

  0K . 100%
249M=0s

2011-03-04 15:09:04 (249 MB/s) - `/etc/ipa/ca.crt' saved [1321/1321]


2011-03-04 15:09:11,665 DEBUG args=kinit ad...@ipa.ac.nz
2011-03-04 15:09:11,665 DEBUG stdout=Password for ad...@ipa.ac.nz:

2011-03-04 15:09:11,665 DEBUG stderr=
2011-03-04 15:09:13,931 DEBUG args=/usr/sbin/ipa-join -s
fed14-64-ipam001.ipa.ac.nz
2011-03-04 15:09:13,931 DEBUG stdout=
2011-03-04 15:09:13,931 DEBUG stderr=Host is already joined.

2011-03-04 15:09:13,937 DEBUG args=kdestroy
2011-03-04 15:09:13,937 DEBUG stdout=
2011-03-04 15:09:13,937 DEBUG stderr=
2011-03-04 15:09:13,937 DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2011-03-04 15:09:13,938 DEBUG   -  Not backing up -
'/etc/ipa/default.conf' doesn't exist
2011-03-04 15:09:13,938 DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2011-03-04 15:09:13,938 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04 15:09:14,012 DEBUG

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

Re: [Freeipa-users] Unable to authenticate a client user against IPA

8 matches

Site Navigation

Mail list logo

Footer information