Re: [Freeipa-users] ipa-client-install errors

Ok, Gady sent the complete file out-of-band and the temporary krb5.conf the client installer creates looks ok. It does include files from /var/lib/sss/pubconf/krb5.include.d/. Can you see if there are any files in there and if so, what the contents are? BTW, what distro and release of

Re: [Freeipa-users] ipa-client-install errors

[root@cd-s-prd-db1 krb5.include.d]# ls -l -rw-r--r--. 1 root root 224 Apr 9 07:24 domain_realm_ipa_candeal_ca -rw-r--r--. 1 root root 118 Apr 9 07:24 localauth_plugin [root@cd-s-prd-db1 krb5.include.d]# cat domain_realm_ipa_candeal_ca # Generated by NetworkManager search ipa.candeal.ca

Re: [Freeipa-users] ipa-client-install errors

On (20/04/16 20:10), Gady Notrica wrote: >[root@cd-s-prd-db1 krb5.include.d]# ls -l > >-rw-r--r--. 1 root root 224 Apr 9 07:24 domain_realm_ipa_candeal_ca > >-rw-r--r--. 1 root root 118 Apr 9 07:24 localauth_plugin > > > >[root@cd-s-prd-db1 krb5.include.d]# cat domain_realm_ipa_candeal_ca > >#

Re: [Freeipa-users] ipa-client-install errors

You guys are awesome # ipa-client-install --enable-dns-updates --mkhomedir --no-ntp Discovery was successful! … Continue to configure the system with these values? [no]: yes … Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf

Re: [Freeipa-users] ipa-client-install errors

Please find below the kr5.conf. Still has with original content. [root@prddb1]# ipa-client-install Discovery was successful! ... Continue to configure the system with these values? [no]: yes Kerberos authentication failed: kinit: Improper format of Kerberos configuration file while

Re: [Freeipa-users] ipa-client-install errors

Gady Notrica wrote: Thank you guys for your help. Still can't enroll the client. Any suggestion on the errors below? /Kerberos authentication failed: kinit: Improper format of Kerberos configuration file while initializing Kerberos 5 library/ What does /etc/krb5.conf look like?

Re: [Freeipa-users] ipa-client-install errors

Gady Notrica wrote: Please find below the kr5.conf. Still has with original content. [root@prddb1]# ipa-client-install Discovery was successful! ... Continue to configure the system with these values? [no]: yes Kerberos authentication failed: kinit: Improper format of Kerberos

Re: [Freeipa-users] ipa-client-install errors

Original file attached - no changes to the file Gady -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: April 20, 2016 3:52 PM To: Gady Notrica; Martin Basti; freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa-client-install errors Gady Notrica wrote: >

[Freeipa-users] Warning about session memcached servers from ipa-replica-manage

Hi I'm getting the following warning on RHEL7 ipa servers (ipa-server-4.2.0-15.el7_2.6.1.x86_64). $ ipa-replica-manage list ipa: WARNING: session memcached servers not running aaa.xxx.yyy: master bbb.xxx.yyy: master Can someone advise please on what the session memcached servers are for and

Re: [Freeipa-users] Warning about session memcached servers from ipa-replica-manage

Roderick Johnstone wrote: Hi I'm getting the following warning on RHEL7 ipa servers (ipa-server-4.2.0-15.el7_2.6.1.x86_64). $ ipa-replica-manage list ipa: WARNING: session memcached servers not running aaa.xxx.yyy: master bbb.xxx.yyy: master Can someone advise please on what the session

[Freeipa-users] FreeIPA and PWM

Hello, I'm trying to set up a self-service page for a new IPA domain and I'm trying to use PWM for that. When I try to bind to FreeIPA from within PWM, with the configured "LDAP Proxy User", I get the following error: error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636':

Re: [Freeipa-users] ipa ERROR on user-add after RHEL 7 yum update

On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote: After doing a yum update on April 14 we are experiencing this error on an ipa user-add: ipa: ERROR: missing attribute "nisMapName" required by object class "nisMap" The /var/log/ipaupgrade.log is too large to attach but I didn't see any

[Freeipa-users] ipa-client-install errors

Hello World, I am having these errors trying to install ipa-client-install. Every other machine is fine and they IPA servers are functioning perfectly Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1 Kerberos authentication failed: kinit: Improper format of Kerberos

Re: [Freeipa-users] FreeIPA and PWM

On Wed, 20 Apr 2016, Tiemen Ruiten wrote: Hello, I'm trying to set up a self-service page for a new IPA domain and I'm trying to use PWM for that. When I try to bind to FreeIPA from within PWM, with the configured "LDAP Proxy User", I get the following error: error connecting to ldap server

Re: [Freeipa-users] Warning about session memcached servers from ipa-replica-manage

On 20/04/16 14:03, Rob Crittenden wrote: Roderick Johnstone wrote: Hi I'm getting the following warning on RHEL7 ipa servers (ipa-server-4.2.0-15.el7_2.6.1.x86_64). $ ipa-replica-manage list ipa: WARNING: session memcached servers not running aaa.xxx.yyy: master bbb.xxx.yyy: master Can

Re: [Freeipa-users] ipa-client-install errors

On 20.04.2016 18:00, Gady Notrica wrote: Hello World, I am having these errors trying to install ipa-client-install. Every other machine is fine and they IPA servers are functioning perfectly Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1 Kerberos authentication failed:

Re: [Freeipa-users] ipa-client-install errors

On 04/20/2016 06:00 PM, Gady Notrica wrote: Hello World, I am having these errors trying to install ipa-client-install. Every other machine is fine and they IPA servers are functioning perfectly Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1 Kerberos authentication failed:

Re: [Freeipa-users] ipa-client-install errors

Please find attached the install log Gady -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky Sent: April 20, 2016 1:04 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa-client-install errors On

Re: [Freeipa-users] ipa-client-install errors

On 04/20/2016 07:12 PM, Gady Notrica wrote: Please find attached the install log Gady -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky Sent: April 20, 2016 1:04 PM To: freeipa-users@redhat.com Subject: Re:

Re: [Freeipa-users] ipa-client-install errors

Thank you Martin, I have tried many different ways. I can't seem to be able to remove anything in the file. Gady From: Martin Basti [mailto:mba...@redhat.com] Sent: April 20, 2016 12:50 PM To: Gady Notrica; freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa-client-install errors On

Re: [Freeipa-users] ipa ERROR on user-add after RHEL 7 yum update SOLVED

Hi Daryl, please always reply to the list. On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote: On 04/20/16 11:10, Alexander Bokovoy wrote: On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote: After doing a yum update on April 14 we are experiencing this error on an ipa user-add: ipa: ERROR:

Re: [Freeipa-users] ipa-client-install errors

Any specific command in particular to remove that keytab? Since these don't work [root@cprddb1 /]# ipa-rmkeytab -r DOMAIN.COM -k /etc/krb5.keytab Kerberos context initialization failed [root@prddb1 /]# ipa-rmkeytab -p ldap/prddb1.ipa.domain.com -k /etc/krb5.keytab Kerberos context

Re: [Freeipa-users] FreeIPA and PWM

Thanks Alexander, that got my past that error. I created the sysaccount and I can bind successfully, but in accordance with the documentation, it doesn't have rights to modify other users: Unexpected error while testing ldap test user LDAP ⇨ LDAP Directories ⇨ default ⇨ LDAP Test User, error:

Re: [Freeipa-users] ipa-client-install errors

Martin Basti wrote: On 20.04.2016 18:00, Gady Notrica wrote: Hello World, I am having these errors trying to install ipa-client-install. Every other machine is fine and they IPA servers are functioning perfectly Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1 Kerberos

Re: [Freeipa-users] Servers intermittently losing connection to IPA

Sumit, Raised the debug level to 10 and let it run for about 24 hours. Uploading the last 2000~ lines of the sssd_domain.com.log. Thanks for your help! https://pastebin.com/MD6N1Dj7 Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support:

Re: [Freeipa-users] ipa-client-install errors

hi Gady, On Wed, Apr 20, 2016 at 8:11 PM, Gady Notrica wrote: > Any specific command in particular to remove that keytab? > > Since these don't work > > [root@cprddb1 /]# ipa-rmkeytab -r DOMAIN.COM -k /etc/krb5.keytab > Kerberos context initialization failed > [root@prddb1

[Freeipa-users] (no subject)

Hi list, This is an re-occurring subject; the dreaded expired certificate. I am following the renew here http://www.freeipa.org/page/IPA_2x_Certificate_Renewal and testing on a clone VM and I am able to get to the step where the serial number is being replaced: ldapmodify -x -h localhost -p

Re: [Freeipa-users] ipa-client-install errors

Thank you guys for your help. Still can't enroll the client. Any suggestion on the errors below? Kerberos authentication failed: kinit: Improper format of Kerberos configuration file while initializing Kerberos 5 library Installation failed. Rolling back changes. Failed to list