Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
trying https://ds01.example.com/ipa/json
[try 1]: Forwarding 'schema' to json server
'https://ds01.example.com/ipa/json'
trying https://ds01.example.com/ipa/session/json
[try 1]: Forwarding 'ping' to json server
'https://ds01.example.com/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server
'https://ds01.example.com/ipa/session/json'
Installation failed. Force set so not rolling back changes.
Failed to add EXAMPLE.COM IPA CA to the IPA NSS database.
The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
The ipa-client-install.log is:
2017-10-05T23:34:37Z DEBUG Logging to /var/log/ipaclient-install.log
2017-10-05T23:34:37Z DEBUG ipa-client-install was invoked with arguments
[] and options: {'no_dns_sshfp': False, 'force': True, 'verbose': False,
'ip_addresses': None, 'configure_firefox': False, 'realm_name': None,
'force_ntpd': False, 'on_master': False, 'no_nisdomain': False,
'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp':
False, 'domain_name': None, 'request_cert': False, 'fixed_primary':
False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None,
'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None,
'enable_dns_updates': False, 'no_sshd': False, 'no_sssd': False,
'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False,
'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet':
False, 'nisdomain': None, 'prompt_password': False, 'host_name': None,
'permit': False, 'automount_location': None, 'preserve_sssd': False,
'mkhomedir': False, 'log_file': None, 'uninstall': False}
2017-10-05T23:34:37Z DEBUG IPA version 4.5.0-21.el7.centos.1.2
2017-10-05T23:34:37Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-10-05T23:34:37Z DEBUG Starting external process
2017-10-05T23:34:37Z DEBUG args=/usr/sbin/selinuxenabled
2017-10-05T23:34:37Z DEBUG Process finished, return code=1
2017-10-05T23:34:37Z DEBUG stdout=
2017-10-05T23:34:37Z DEBUG stderr=
2017-10-05T23:34:37Z DEBUG Starting external process
2017-10-05T23:34:37Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2017-10-05T23:34:37Z DEBUG Process finished, return code=0
2017-10-05T23:34:37Z DEBUG stdout=enabled
2017-10-05T23:34:37Z DEBUG stderr=
2017-10-05T23:34:37Z DEBUG [IPA Discovery]
2017-10-05T23:34:37Z DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=groc-5.example.com
2017-10-05T23:34:37Z DEBUG Start searching for LDAP SRV record in
"example.com" (domain of the hostname) and its sub-domains
2017-10-05T23:34:37Z DEBUG Search DNS for SRV record of
_ldap._tcp.example.com
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds01.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ipa01.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds02.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds03.example.com.
2017-10-05T23:34:37Z DEBUG [Kerberos realm search]
2017-10-05T23:34:37Z DEBUG Search DNS for TXT record of
_kerberos.example.com
2017-10-05T23:34:37Z DEBUG DNS record found: "EXAMPLE.COM"
2017-10-05T23:34:37Z DEBUG Search DNS for SRV record of
_kerberos._udp.example.com
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 88 ipa01.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 88 ds01.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 88 ds03.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 88 ds02.example.com.
2017-10-05T23:34:37Z DEBUG [LDAP server check]
2017-10-05T23:34:37Z DEBUG Verifying that ds01.example.com (realm
EXAMPLE.COM) is an IPA server
2017-10-05T23:34:37Z DEBUG Init LDAP connection to:
ldap://ds01.example.com:389
2017-10-05T23:34:37Z DEBUG Search LDAP server for IPA base DN
2017-10-05T23:34:37Z DEBUG Check if naming context 'dc=example,dc=com'
is for IPA
2017-10-05T23:34:37Z DEBUG Naming context 'dc=example,dc=com' is a valid
IPA context
2017-10-05T23:34:37Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=example,dc=com (sub)
2017-10-05T23:34:37Z DEBUG Found:
cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
2017-10-05T23:34:37Z DEBUG Discovery result: Success;
server=ds01.example.com, domain=example.com,
kdc=ipa01.example.com,ds01.example.com,ds03.example.com,ds02.example.com, basedn=dc=example,dc=com
2017-10-05T23:34:37Z DEBUG Validated servers: ds01.example.com
2017-10-05T23:34:37Z DEBUG will use discovered domain: example.com
2017-10-05T23:34:37Z DEBUG Start searching for LDAP SRV record in
"example.com" (Validating DNS Discovery) and its sub-domains
2017-10-05T23:34:37Z DEBUG Search DNS for SRV record of
_ldap._tcp.example.com
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ipa01.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds02.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds03.example.com.
2017-10-05T23:34:37Z DEBUG DNS record found: 0 100 389 ds01.example.com.
2017-10-05T23:34:37Z DEBUG DNS validated, enabling discovery
2017-10-05T23:34:37Z DEBUG will use discovered server: ds01.example.com
2017-10-05T23:34:37Z INFO Discovery was successful!
2017-10-05T23:34:37Z DEBUG will use discovered realm: EXAMPLE.COM
2017-10-05T23:34:37Z DEBUG will use discovered basedn: dc=example,dc=com
2017-10-05T23:34:37Z INFO Client hostname: groc-5.example.com
2017-10-05T23:34:37Z DEBUG Hostname source: Machine's FQDN
2017-10-05T23:34:37Z INFO Realm: EXAMPLE.COM
2017-10-05T23:34:37Z DEBUG Realm source: Discovered from LDAP DNS
records in ds01.example.com
2017-10-05T23:34:37Z INFO DNS Domain: example.com
2017-10-05T23:34:37Z DEBUG DNS Domain source: Discovered LDAP SRV
records from example.com (domain of the hostname)
2017-10-05T23:34:37Z INFO IPA Server: ds01.example.com
2017-10-05T23:34:37Z DEBUG IPA Server source: Discovered from LDAP DNS
records in ds01.example.com
2017-10-05T23:34:37Z INFO BaseDN: dc=example,dc=com
2017-10-05T23:34:37Z DEBUG BaseDN source: From IPA server
ldap://ds01.example.com:389
2017-10-05T23:34:39Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-10-05T23:34:39Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-10-05T23:34:39Z DEBUG Starting external process
2017-10-05T23:34:39Z DEBUG args=/usr/sbin/ipa-rmkeytab -k
/etc/krb5.keytab -r EXAMPLE.COM
2017-10-05T23:34:39Z DEBUG Process finished, return code=5
2017-10-05T23:34:39Z DEBUG stdout=
2017-10-05T23:34:39Z DEBUG stderr=realm not found
2017-10-05T23:34:39Z INFO Skipping synchronizing time with NTP server.
2017-10-05T23:34:41Z DEBUG will use principal provided as option: admin
2017-10-05T23:34:41Z DEBUG Starting external process
2017-10-05T23:34:41Z DEBUG args=keyctl get_persistent @s 0
2017-10-05T23:34:41Z DEBUG Process finished, return code=0
2017-10-05T23:34:41Z DEBUG stdout=218715285
2017-10-05T23:34:41Z DEBUG stderr=
2017-10-05T23:34:41Z DEBUG Enabling persistent keyring CCACHE
2017-10-05T23:34:41Z DEBUG Writing Kerberos configuration to /tmp/tmpVCsDCR:
2017-10-05T23:34:41Z DEBUG #File modified by ipa-client-install
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
EXAMPLE.COM = {
kdc = ds01.example.com:88
master_kdc = ds01.example.com:88
admin_server = ds01.example.com:749
kpasswd_server = ds01.example.com:464
default_domain = example.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
groc-5.example.com = EXAMPLE.COM
2017-10-05T23:34:45Z DEBUG Initializing principal ad...@example.com
<mailto:ad...@example.com> using password
2017-10-05T23:34:45Z DEBUG Starting external process
2017-10-05T23:34:45Z DEBUG args=/usr/bin/kinit ad...@example.com
<mailto:ad...@example.com> -c /tmp/krbccbP9vNK/ccache
2017-10-05T23:34:45Z DEBUG Process finished, return code=0
2017-10-05T23:34:45Z DEBUG stdout=Password for ad...@example.com
<mailto:ad...@example.com>:
2017-10-05T23:34:45Z DEBUG stderr=
2017-10-05T23:34:45Z DEBUG trying to retrieve CA cert via LDAP from
ds01.example.com
2017-10-05T23:34:45Z DEBUG retrieving schema for SchemaCache
url=ldap://ds01.example.com:389 conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x2c25ea8>
2017-10-05T23:34:45Z INFO Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2014-08-03 19:28:18
Valid Until: 2034-08-03 19:28:18
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2017-05-30 00:17:28
Valid Until: 2037-05-30 00:17:28
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2017-05-30 00:19:13
Valid Until: 2037-05-30 00:19:13
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2017-05-30 00:38:33
Valid Until: 2037-05-30 00:38:33
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2017-06-01 12:55:08
Valid Until: 2037-06-01 12:55:08
2017-10-05T23:34:45Z DEBUG Starting external process
2017-10-05T23:34:45Z DEBUG args=/usr/sbin/ipa-join -s ds01.example.com
-b dc=example,dc=com -h groc-5.example.com
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=Failed to parse result: Failed to
decode GetKeytab Control.
Retrying with pre-4.0 keytab retrieval method...
Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25)
Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26)
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=EXAMPLE.COM
2017-10-05T23:34:47Z INFO Enrolled in IPA realm EXAMPLE.COM
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=kdestroy
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Initializing principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com> using keytab /etc/krb5.keytab
2017-10-05T23:34:47Z DEBUG using ccache /etc/ipa/.dns_ccache
2017-10-05T23:34:47Z DEBUG Attempt 1/5: success
2017-10-05T23:34:47Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2017-10-05T23:34:47Z DEBUG -> Not backing up - '/etc/ipa/default.conf'
doesn't exist
2017-10-05T23:34:47Z INFO Created /etc/ipa/default.conf
2017-10-05T23:34:47Z DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2017-10-05T23:34:47Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf'
doesn't exist
2017-10-05T23:34:47Z INFO New SSSD config will be created
2017-10-05T23:34:47Z DEBUG Backing up system configuration file
'/etc/nsswitch.conf'
2017-10-05T23:34:47Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-10-05T23:34:47Z INFO Configured sudoers in /etc/nsswitch.conf
2017-10-05T23:34:47Z INFO Configured /etc/sssd/sssd.conf
2017-10-05T23:34:47Z DEBUG Backing up system configuration file
'/etc/krb5.conf'
2017-10-05T23:34:47Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=keyctl get_persistent @s 0
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=218715285
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Enabling persistent keyring CCACHE
2017-10-05T23:34:47Z DEBUG Writing Kerberos configuration to /etc/krb5.conf:
2017-10-05T23:34:47Z DEBUG #File modified by ipa-client-install
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
EXAMPLE.COM = {
kdc = ds01.example.com:88
master_kdc = ds01.example.com:88
admin_server = ds01.example.com:749
kpasswd_server = ds01.example.com:464
default_domain = example.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
groc-5.example.com = EXAMPLE.COM
2017-10-05T23:34:47Z INFO Configured /etc/krb5.conf for IPA realm
EXAMPLE.COM
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -N
-f /tmp/tmpzYMe1L/pwdfile.txt -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -A
-n CA certificate 1 -t C,, -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -A
-n CA certificate 2 -t C,, -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -A
-n CA certificate 3 -t C,, -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -A
-n CA certificate 4 -t C,, -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Starting external process
2017-10-05T23:34:47Z DEBUG args=/usr/bin/certutil -d /tmp/tmpzYMe1L -A
-n CA certificate 5 -t C,, -f /tmp/tmpzYMe1L/pwdfile.txt
2017-10-05T23:34:47Z DEBUG Process finished, return code=0
2017-10-05T23:34:47Z DEBUG stdout=
2017-10-05T23:34:47Z DEBUG stderr=
2017-10-05T23:34:47Z DEBUG Error retrieving cookie from the persistent
storage: expected string or buffer
2017-10-05T23:34:47Z DEBUG failed to find session_cookie in persistent
storage for principal 'host/groc-5.example....@example.com'
2017-10-05T23:34:47Z INFO trying https://ds01.example.com/ipa/json
2017-10-05T23:34:47Z DEBUG New HTTP connection (ds01.example.com)
2017-10-05T23:34:47Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=c8b0ad6e060540145a210905bd242379;
Domain=ds01.example.com; Path=/ipa; Expires=Thu, 05 Oct 2017 23:54:47
GMT; Secure; HttpOnly']'
2017-10-05T23:34:47Z DEBUG storing cookie
'ipa_session=c8b0ad6e060540145a210905bd242379;' for principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com>
2017-10-05T23:34:47Z DEBUG Created connection context.rpcclient_53194256
2017-10-05T23:34:47Z INFO [try 1]: Forwarding 'schema' to json server
'https://ds01.example.com/ipa/json'
2017-10-05T23:34:47Z DEBUG HTTP connection keep-alive (ds01.example.com)
2017-10-05T23:34:47Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=0552135805674c077504cbd3fcecfb87;
Domain=ds01.example.com; Path=/ipa; Expires=Thu, 05 Oct 2017 23:54:47
GMT; Secure; HttpOnly']'
2017-10-05T23:34:47Z DEBUG storing cookie
'ipa_session=0552135805674c077504cbd3fcecfb87;' for principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com>
2017-10-05T23:34:48Z DEBUG Destroyed connection context.rpcclient_53194256
2017-10-05T23:34:48Z DEBUG importing all plugin modules in
ipaclient.remote_plugins.schema$ed0ad850...
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.remote_plugins.schema$ed0ad850.plugins
2017-10-05T23:34:48Z DEBUG importing all plugin modules in
ipaclient.plugins...
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.automember
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.automount
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.ca
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.cert
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.certmap
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.certprofile
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.dns
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.hbacrule
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.hbactest
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.host
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.idrange
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.internal
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.location
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.migration
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.misc
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.otptoken
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.otptoken_yubikey
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.passwd
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.permission
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.rpcclient
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.server
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.service
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.sudorule
2017-10-05T23:34:48Z DEBUG importing plugin module
ipaclient.plugins.topology
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.trust
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.user
2017-10-05T23:34:48Z DEBUG importing plugin module ipaclient.plugins.vault
2017-10-05T23:34:48Z DEBUG found session_cookie in persistent storage
for principal 'host/groc-5.example....@example.com', cookie:
'ipa_session=0552135805674c077504cbd3fcecfb87'
2017-10-05T23:34:48Z DEBUG setting session_cookie into context
'ipa_session=0552135805674c077504cbd3fcecfb87;'
2017-10-05T23:34:48Z INFO trying https://ds01.example.com/ipa/session/json
2017-10-05T23:34:48Z DEBUG New HTTP connection (ds01.example.com)
2017-10-05T23:34:48Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=0552135805674c077504cbd3fcecfb87;
Domain=ds01.example.com; Path=/ipa; Expires=Thu, 05 Oct 2017 23:54:48
GMT; Secure; HttpOnly']'
2017-10-05T23:34:48Z DEBUG storing cookie
'ipa_session=0552135805674c077504cbd3fcecfb87;' for principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com>
2017-10-05T23:34:48Z DEBUG Created connection context.rpcclient_94332368
2017-10-05T23:34:48Z DEBUG Try RPC connection
2017-10-05T23:34:48Z INFO [try 1]: Forwarding 'ping' to json server
'https://ds01.example.com/ipa/session/json'
2017-10-05T23:34:48Z DEBUG HTTP connection keep-alive (ds01.example.com)
2017-10-05T23:34:48Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=0552135805674c077504cbd3fcecfb87;
Domain=ds01.example.com; Path=/ipa; Expires=Thu, 05 Oct 2017 23:54:48
GMT; Secure; HttpOnly']'
2017-10-05T23:34:48Z DEBUG storing cookie
'ipa_session=0552135805674c077504cbd3fcecfb87;' for principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com>
2017-10-05T23:34:48Z INFO [try 1]: Forwarding 'ca_is_enabled' to json
server 'https://ds01.example.com/ipa/session/json'
2017-10-05T23:34:48Z DEBUG HTTP connection keep-alive (ds01.example.com)
2017-10-05T23:34:48Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=0552135805674c077504cbd3fcecfb87;
Domain=ds01.example.com; Path=/ipa; Expires=Thu, 05 Oct 2017 23:54:48
GMT; Secure; HttpOnly']'
2017-10-05T23:34:48Z DEBUG storing cookie
'ipa_session=0552135805674c077504cbd3fcecfb87;' for principal
host/groc-5.example....@example.com
<mailto:host/groc-5.example....@example.com>
2017-10-05T23:34:48Z DEBUG Starting external process
2017-10-05T23:34:48Z DEBUG args=/usr/bin/certutil -d /etc/ipa/nssdb -N
-f /etc/ipa/nssdb/pwdfile.txt -f /etc/ipa/nssdb/pwdfile.txt
2017-10-05T23:34:48Z DEBUG Process finished, return code=0
2017-10-05T23:34:48Z DEBUG stdout=
2017-10-05T23:34:48Z DEBUG stderr=
2017-10-05T23:34:49Z DEBUG Adding CA certificates to the IPA NSS database.
2017-10-05T23:34:49Z DEBUG Starting external process
2017-10-05T23:34:49Z DEBUG args=/usr/bin/certutil -d /etc/ipa/nssdb -A
-n EXAMPLE.COM IPA CA -t CT,C,C -f /etc/ipa/nssdb/pwdfile.txt
2017-10-05T23:34:49Z DEBUG Process finished, return code=0
2017-10-05T23:34:49Z DEBUG stdout=
2017-10-05T23:34:49Z DEBUG stderr=
2017-10-05T23:34:49Z DEBUG Starting external process
2017-10-05T23:34:49Z DEBUG args=/usr/bin/certutil -d /etc/ipa/nssdb -A
-n EXAMPLE.COM IPA CA -t CT,C,C -f /etc/ipa/nssdb/pwdfile.txt
2017-10-05T23:34:49Z DEBUG Process finished, return code=255
2017-10-05T23:34:49Z DEBUG stdout=
2017-10-05T23:34:49Z DEBUG stderr=certutil: could not add certificate to
token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to
database.
2017-10-05T23:34:49Z WARNING Installation failed. Force set so not
rolling back changes.
2017-10-05T23:34:49Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 368, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 392, in execute
for _nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 658, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for _nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
line 3621, in main
install(self)
File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
line 2348, in install
_install(options)
File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
line 2791, in _install
rval=CLIENT_INSTALL_ERROR)
2017-10-05T23:34:49Z DEBUG The ipa-client-install command failed,
exception: ScriptError: Failed to add EXAMPLE.COM IPA CA to the IPA NSS
database.
2017-10-05T23:34:49Z ERROR Failed to add EXAMPLE.COM IPA CA to the IPA
NSS database.
2017-10-05T23:34:49Z ERROR The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
Regards,
Bhavin
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org