Hi Rob
Thanks for your response
No, there is nothing after this line in the output neither in
/var/log/ipaclient-install.log
This is my /var/log/ipaclient-install.log
[root@l1 log]# cat /var/log/ipaclient-install.log
2017-06-07 09:57:29,671 DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False,
'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit':
False, 'server': None, 'prompt_password': False, 'mkhomedir': False,
'dns_updates': False, 'preserve_sssd': False, 'debug': True, 'on_master':
False, 'ca_cert_file': None, 'realm_name': None, 'unattended': None,
'ntp_server': None, 'principal': None}
2017-06-07 09:57:29,671 DEBUG missing options might be asked for interactively
later
2017-06-07 09:57:29,671 DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-06-07 09:57:29,671 DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-06-07 09:57:29,676 DEBUG [IPA Discovery]
2017-06-07 09:57:29,676 DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=l1.example.com
2017-06-07 09:57:29,676 DEBUG [ipadnssearchldap(example.com)]
2017-06-07 09:57:29,733 DEBUG [ipadnssearchkrb]
2017-06-07 09:57:29,851 DEBUG [ipacheckldap]
2017-06-07 09:57:29,851 DEBUG Verifying that ipa.example.com (realm
EXAMPLE.COM) is an IPA server
2017-06-07 09:57:29,851 DEBUG Init ldap with: ldap://ipa.example.com:389
2017-06-07 09:57:29,890 DEBUG Search LDAP server for IPA base DN
2017-06-07 09:57:29,894 DEBUG Check if naming context 'cn=changelog' is for IPA
2017-06-07 09:57:29,895 DEBUG Info attribute with IPA server version not found
2017-06-07 09:57:29,895 DEBUG Check if naming context 'dc=example,dc=com' is
for IPA
2017-06-07 09:57:29,896 DEBUG Naming context 'dc=example,dc=com' is a valid IPA
context
2017-06-07 09:57:29,896 DEBUG Search for (objectClass=krbRealmContainer) in
dc=example,dc=com(sub)
2017-06-07 09:57:29,898 DEBUG Found:
[('cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com', {'objectClass': ['top',
'krbrealmcontainer', 'krbticketpolicyaux'], 'cn': ['example.COM']})]
2017-06-07 09:57:29,898 DEBUG Discovery result: Success;
server=ipa.example.com, domain=example.com, kdc=ipa.example.com,
basedn=dc=example,dc=com
2017-06-07 09:57:29,898 DEBUG Validated servers: ipa.example.com
2017-06-07 09:57:29,898 DEBUG will use domain: example.com
2017-06-07 09:57:29,898 DEBUG [ipadnssearchldap(example.com)]
2017-06-07 09:57:29,956 DEBUG DNS validated, enabling discovery
2017-06-07 09:57:29,956 DEBUG will use discovered server: ipa.example.com
2017-06-07 09:57:29,956 DEBUG will use cli_realm: EXAMPLE.COM
2017-06-07 09:57:29,956 DEBUG will use cli_basedn: dc=example,dc=com
2017-06-07 09:58:27,850 DEBUG will use principal: admin
2017-06-07 09:58:28,188 DEBUG args=/usr/sbin/ntpdate -U ntp -s -b
ipa.example.com
2017-06-07 09:58:28,188 DEBUG stdout=
2017-06-07 09:58:28,188 DEBUG stderr=
2017-06-07 09:58:28,189 DEBUG Writing Kerberos configuration to /tmp/tmpSeQjKB:
#File modified by ipa-client-install
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = ipa.example.com:88
master_kdc = ipa.example.com:88
admin_server = ipa.example.com:749
default_domain = example.com
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
2017-06-07 09:59:58,552 DEBUG args=kinit ad...@example.com
2017-06-07 09:59:58,553 DEBUG stdout=Password for ad...@example.com:
2017-06-07 09:59:58,553 DEBUG stderr=
2017-06-07 09:59:58,555 DEBUG trying to retrieve CA cert via LDAP from
ldap://ipa.example.com
2017-06-07 09:59:58,578 DEBUG Existing CA cert and Retrieved CA cert are
identical
It’s don’t progress.
Thanks, Regards
Jose Alvarez R.
-Original Message-
From: Rob Crittenden via FreeIPA-users
[mailto:freeipa-users@lists.fedorahosted.org]
Sent: miércoles 7 de junio de 2017 11:23 a.m.
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: jalva...@cyberfuel.com; Rob Crittenden <rcrit...@redhat.com>
Subject: [Freeipa-users] Re: Enroll CentOS 5 on FreeIPA 4.3
Jose Alvarez R. via FreeIPA-users wrote:
> Hello
>
>
>
> A question
>
>
>
> What another way I can enroll my server client on my IPA server ?
>
>
>
> I have a server IPA with S.O. Fedora 24 and
> freeipa-server-4.3.3-1.fc24.x86_64
>
>
>
> My client server have a S.O. CentOS release 5.10 with
> ipa-client-2.1.3-7.el5
>
>
>
> This is the “ipa-client-install –d”
>
>
>
> [root@l1 ~]# ipa-client-install -d
>
> root: DEBUG/usr/sbin/ipa-client-install was invoked with
> options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
>