Re: [Freeipa-users] Unable to authenticate a client user against IPA
8- getent passwd user however only returns one line, not the two I should expect? Why do you expect two lines? It should only return one, for that user. It also returns very fastlike its not even looking remotely. Is the user in /etc/passwd too? When I tried to get FDS going a few years ago getent used to return 2, the local one and the ldap one, hence two linesif it was working. I guess the ipa manual is lacking somewhat in that it says run these commands, but doesnt say what the expected output is or looks like, so how am I meant to know if its right or wrong? like duh. regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to authenticate a client user against IPA
8-- So how do I fault find? where do I start? ie Where do I start to look to determine why a user cannot login to a client via freeipa? How can I be more clear? because so far the replies have been not very productive. regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to authenticate a client user against IPA
On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote: Steven Jones wrote: 8-- So how do I fault find? where do I start? ie Where do I start to look to determine why a user cannot login to a client via freeipa? How can I be more clear? because so far the replies have been not very productive. regards Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart sssd, and try your login again. Look in/var/log/sssd/sssd_example.com.log for information on the login attempt. Your uid/gid will likely differ. # getent passwd admin admin:*:26420:26420:Administrator:/home/admin:/bin/bash # id admin uid=26420(admin) gid=26420(admins) groups=26420(admins) # getent group admins admins:*:26420:admin # finger admin Login: adminName: Administrator Directory: /home/admin Shell: /bin/bash Never logged in. No mail. No Plan. (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:22 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:24 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:28 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 15:37:30 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 15:37:31 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 15:37:31 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 15:37:31 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 15:37:31 2011)
Re: [Freeipa-users] Unable to authenticate a client user against IPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/08/2011 04:40 PM, Steven Jones wrote: On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote: Steven Jones wrote: 8-- So how do I fault find? where do I start? ie Where do I start to look to determine why a user cannot login to a client via freeipa? How can I be more clear? because so far the replies have been not very productive. regards Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart sssd, and try your login again. Look in/var/log/sssd/sssd_example.com.log for information on the login attempt. Your uid/gid will likely differ. # getent passwd admin admin:*:26420:26420:Administrator:/home/admin:/bin/bash # id admin uid=26420(admin) gid=26420(admins) groups=26420(admins) # getent group admins admins:*:26420:admin # finger admin Login: adminName: Administrator Directory: /home/admin Shell: /bin/bash Never logged in. No mail. No Plan. (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): Could not verify keytab (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): fatal error initializing data providers (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not initialize backend [14] (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] [sss_krb5_verify_keytab_ex] (0): Principal [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab [default] Well, here's your problem. The SSSD isn't starting up successfully because you don't have a host principal for this server in your /etc/krb5.keytab file. This was probably a bug in the ipa-client-install. What does klist -k /etc/krb5.keytab return to you? - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk12qV4ACgkQeiVVYja6o6OH/gCfabjbwcx/WSookcjKPXeq9N70 HpgAn3gj78oH0CW/WKS0F6X1Whvx/Wai =R7BT -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to authenticate a client user against IPA
On Tue, 8 Mar 2011 19:05:45 -0500 (EST) Stephen Gallagher sgall...@redhat.com wrote: On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -- 8- Looks like you have no host key in the keytab. That's the root of the problem. Seems like IPA-client-install failed to populate it. Rob, do you have any insight here? does /var/log/ipaclient-install.log show any error ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to authenticate a client user against IPA
Hi, Log, 2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': True, 'sssd': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': False, 'on_master': False, 'ntp_server': None, 'mkhomedir': False, 'unattended': None, 'principal': None} 2011-03-04 15:08:58,726 DEBUG missing options might be asked for interactively later 2011-03-04 15:08:58,726 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:08:58,726 DEBUG [ipadnssearchldap(ipa.ac.nz)] 2011-03-04 15:08:58,727 DEBUG [ipadnssearchkrb] 2011-03-04 15:08:58,729 DEBUG [ipacheckldap] 2011-03-04 15:08:58,736 DEBUG args=/usr/bin/wget -O /tmp/tmp7MhOze/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:08:58,736 DEBUG stdout= 2011-03-04 15:08:58,736 DEBUG stderr=--2011-03-04 15:08:58-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/tmp/tmp7MhOze/ca.crt' 0K . 100% 237M=0s 2011-03-04 15:08:58 (237 MB/s) - `/tmp/tmp7MhOze/ca.crt' saved [1321/1321] 2011-03-04 15:08:58,736 DEBUG Init ldap with: ldap://fed14-64-ipam001.ipa.ac.nz:389 2011-03-04 15:08:58,749 DEBUG Search rootdse 2011-03-04 15:08:58,750 DEBUG Search for (info=*) in dc=ipa,dc=ac,dc=nz(base) 2011-03-04 15:08:58,751 DEBUG Found: [('dc=ipa,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['ipa.ac.nz'], 'dc': ['ipa'], 'nisDomain': ['ipa.ac.nz']})] 2011-03-04 15:08:58,752 DEBUG Search for (objectClass=krbRealmContainer) in dc=ipa,dc=ac,dc=nz(sub) 2011-03-04 15:08:58,753 DEBUG Found: [('cn=IPA.AC.NZ,cn=kerberos,dc=ipa,dc=ac,dc=nz', {'krbSubTrees': ['dc=ipa,dc=ac,dc=nz'], 'cn': ['IPA.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] 2011-03-04 15:08:58,753 DEBUG will use domain: ipa.ac.nz 2011-03-04 15:08:58,753 DEBUG will use server: fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:08:58,754 DEBUG will use cli_realm: IPA.AC.NZ 2011-03-04 15:08:58,754 DEBUG will use cli_basedn: dc=ipa,dc=ac,dc=nz 2011-03-04 15:09:04,645 DEBUG will use principal: admin 2011-03-04 15:09:04,659 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:09:04,659 DEBUG stdout= 2011-03-04 15:09:04,660 DEBUG stderr=--2011-03-04 15:09:04-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/etc/ipa/ca.crt' 0K . 100% 249M=0s 2011-03-04 15:09:04 (249 MB/s) - `/etc/ipa/ca.crt' saved [1321/1321] 2011-03-04 15:09:11,665 DEBUG args=kinit ad...@ipa.ac.nz 2011-03-04 15:09:11,665 DEBUG stdout=Password for ad...@ipa.ac.nz: 2011-03-04 15:09:11,665 DEBUG stderr= 2011-03-04 15:09:13,931 DEBUG args=/usr/sbin/ipa-join -s fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:09:13,931 DEBUG stdout= 2011-03-04 15:09:13,931 DEBUG stderr=Host is already joined. 2011-03-04 15:09:13,937 DEBUG args=kdestroy 2011-03-04 15:09:13,937 DEBUG stdout= 2011-03-04 15:09:13,937 DEBUG stderr= 2011-03-04 15:09:13,937 DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2011-03-04 15:09:13,938 DEBUG - Not backing up - '/etc/ipa/default.conf' doesn't exist 2011-03-04 15:09:13,938 DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2011-03-04 15:09:13,938 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:14,012 DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2011-03-04 15:09:14,012 DEBUG stdout= 2011-03-04 15:09:14,012 DEBUG stderr= 2011-03-04 15:09:14,012 DEBUG Backing up system configuration file '/etc/krb5.conf' 2011-03-04 15:09:14,013 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04
Re: [Freeipa-users] Unable to authenticate a client user against IPA
Hi, I have just done another F14 client and I have the same issue. regards regards On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote: On Tue, 8 Mar 2011 19:05:45 -0500 (EST) Stephen Gallagher sgall...@redhat.com wrote: On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -- 8- Looks like you have no host key in the keytab. That's the root of the problem. Seems like IPA-client-install failed to populate it. Rob, do you have any insight here? does /var/log/ipaclient-install.log show any error ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Unable to authenticate a client user against IPA
Steven Jones wrote: Hi, Log, The error is Host is already joined so no keytab is requested. The enrollment failed. ipa-client-install --uninstall should unenroll the client (you can verify that Keytab is False in ipa host-show client_fqdn on the IPA server. If so running ipa-client-install on the client should configure things properly. rob 2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': True, 'sssd': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': False, 'on_master': False, 'ntp_server': None, 'mkhomedir': False, 'unattended': None, 'principal': None} 2011-03-04 15:08:58,726 DEBUG missing options might be asked for interactively later 2011-03-04 15:08:58,726 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:08:58,726 DEBUG [ipadnssearchldap(ipa.ac.nz)] 2011-03-04 15:08:58,727 DEBUG [ipadnssearchkrb] 2011-03-04 15:08:58,729 DEBUG [ipacheckldap] 2011-03-04 15:08:58,736 DEBUG args=/usr/bin/wget -O /tmp/tmp7MhOze/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:08:58,736 DEBUG stdout= 2011-03-04 15:08:58,736 DEBUG stderr=--2011-03-04 15:08:58-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/tmp/tmp7MhOze/ca.crt' 0K . 100% 237M=0s 2011-03-04 15:08:58 (237 MB/s) - `/tmp/tmp7MhOze/ca.crt' saved [1321/1321] 2011-03-04 15:08:58,736 DEBUG Init ldap with: ldap://fed14-64-ipam001.ipa.ac.nz:389 2011-03-04 15:08:58,749 DEBUG Search rootdse 2011-03-04 15:08:58,750 DEBUG Search for (info=*) in dc=ipa,dc=ac,dc=nz(base) 2011-03-04 15:08:58,751 DEBUG Found: [('dc=ipa,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['ipa.ac.nz'], 'dc': ['ipa'], 'nisDomain': ['ipa.ac.nz']})] 2011-03-04 15:08:58,752 DEBUG Search for (objectClass=krbRealmContainer) in dc=ipa,dc=ac,dc=nz(sub) 2011-03-04 15:08:58,753 DEBUG Found: [('cn=IPA.AC.NZ,cn=kerberos,dc=ipa,dc=ac,dc=nz', {'krbSubTrees': ['dc=ipa,dc=ac,dc=nz'], 'cn': ['IPA.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] 2011-03-04 15:08:58,753 DEBUG will use domain: ipa.ac.nz 2011-03-04 15:08:58,753 DEBUG will use server: fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:08:58,754 DEBUG will use cli_realm: IPA.AC.NZ 2011-03-04 15:08:58,754 DEBUG will use cli_basedn: dc=ipa,dc=ac,dc=nz 2011-03-04 15:09:04,645 DEBUG will use principal: admin 2011-03-04 15:09:04,659 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt 2011-03-04 15:09:04,659 DEBUG stdout= 2011-03-04 15:09:04,660 DEBUG stderr=--2011-03-04 15:09:04-- http://fed14-64-ipam001.ipa.ac.nz/ipa/config/ca.crt Resolving fed14-64-ipam001.ipa.ac.nz... 192.168.100.2 Connecting to fed14-64-ipam001.ipa.ac.nz|192.168.100.2|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1321 (1.3K) [application/x-x509-ca-cert] Saving to: `/etc/ipa/ca.crt' 0K . 100% 249M=0s 2011-03-04 15:09:04 (249 MB/s) - `/etc/ipa/ca.crt' saved [1321/1321] 2011-03-04 15:09:11,665 DEBUG args=kinit ad...@ipa.ac.nz 2011-03-04 15:09:11,665 DEBUG stdout=Password for ad...@ipa.ac.nz: 2011-03-04 15:09:11,665 DEBUG stderr= 2011-03-04 15:09:13,931 DEBUG args=/usr/sbin/ipa-join -s fed14-64-ipam001.ipa.ac.nz 2011-03-04 15:09:13,931 DEBUG stdout= 2011-03-04 15:09:13,931 DEBUG stderr=Host is already joined. 2011-03-04 15:09:13,937 DEBUG args=kdestroy 2011-03-04 15:09:13,937 DEBUG stdout= 2011-03-04 15:09:13,937 DEBUG stderr= 2011-03-04 15:09:13,937 DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2011-03-04 15:09:13,938 DEBUG - Not backing up - '/etc/ipa/default.conf' doesn't exist 2011-03-04 15:09:13,938 DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2011-03-04 15:09:13,938 DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-03-04 15:09:14,012 DEBUG