[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Chris Moody via FreeIPA-users
That being said, just tried again on an ubuntu 14.04 node with these same CLI params, and it failed, but the logs are complaining about "SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user", which never was reported in the ubuntu 16 system's logs.

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Chris Moody via FreeIPA-users
Just attempted the '--server' option you mention, as well as the '--domain' value that the parameter requires, and it actually SUCCEEDED in joining! I received "Client configuration complete." via the ipa-client-install command and was just able to successfully login to this node with a user in

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Chris Moody via FreeIPA-users
Server: = [root@sfca-do-4 ~]# ipa --version VERSION: 4.4.4, API_VERSION: 2.215 [root@sfca-do-4 ~]# cat /etc/fedora-release Fedora release 25 (Twenty Five) Client Node: = root@sfca-do-1:~# ipa-client-install --version 4.3.1 root@sfca-do-1:~# cat /etc/lsb-release DISTRIB_ID=Ubuntu

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Rob Crittenden via FreeIPA-users
Chris Moody wrote: > Thanks for taking a look gents.  Ask and ye shall receive.  :) > What version of IPA is this and what platform? Before an install can you ensure that there is nothing in /etc/krb5.conf.d/ (except may be crypto-policies)? Same with /var/lib/sss/pubconf/krb5.include.d/

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Chris Moody via FreeIPA-users
Affirmative, it is all caps in the logs. I can re-send the log with the redactions case sensitive if that's helpful.  My apologies for causing confusion via my obfuscation. -Chris On 1/17/18 12:36 PM, Robbie Harwood wrote: > Chris Moody writes: > >> On 1/17/18 8:27 AM,

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Robbie Harwood via FreeIPA-users
Chris Moody writes: > On 1/17/18 8:27 AM, Robbie Harwood wrote: >> Chris Moody writes: >> >>> Thanks for taking a look gents.  Ask and ye shall receive.  :) >>> >>> -Chris >>> >>> ===[ CLI output ]== >>> root@sfca-do-1:~# ipa-client-install -p

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Chris Moody via FreeIPA-users
Yes - I am redacting just the 2nd level domain name portion from any logs. -Chris On 1/17/18 8:27 AM, Robbie Harwood wrote: > Chris Moody writes: > >> Thanks for taking a look gents.  Ask and ye shall receive.  :) >> >> -Chris >> >> ===[ CLI output ]== >>

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-17 Thread Robbie Harwood via FreeIPA-users
Chris Moody writes: > Thanks for taking a look gents.  Ask and ye shall receive.  :) > > -Chris > > ===[ CLI output ]== > root@sfca-do-1:~# ipa-client-install -p admin --mkhomedir > --hostname=`hostname` > Discovery was successful! > Client hostname:

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Chris Moody via FreeIPA-users
My reply with the log output is pending moderator approval. -Chris On 1/16/18 1:11 PM, Rob Crittenden wrote: > Robbie Harwood via FreeIPA-users wrote: >> Chris Moody via FreeIPA-users >> writes: >> >>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Rob Crittenden via FreeIPA-users
Robbie Harwood via FreeIPA-users wrote: > Chris Moody via FreeIPA-users > writes: > >> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm >> IPA.XYZ.COM >> 2018-01-15T21:55:24Z DEBUG Starting external process >> 2018-01-15T21:55:24Z DEBUG

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Alexander Bokovoy via FreeIPA-users
On ti, 16 tammi 2018, Robbie Harwood via FreeIPA-users wrote: Chris Moody via FreeIPA-users writes: 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm IPA.XYZ.COM 2018-01-15T21:55:24Z DEBUG Starting external process 2018-01-15T21:55:24Z

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Robbie Harwood via FreeIPA-users
Chris Moody via FreeIPA-users writes: > 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm > IPA.XYZ.COM > 2018-01-15T21:55:24Z DEBUG Starting external process > 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user >