Hello everyone,
I'm trying to add a CentOS 7 64bit host to our FreeIPA domain.
Client FreeIPA is 4.5.4-10 Server FreeIPA is 4.4.0
Client FreeIPA rpms: ipa-common-4.5.4-10.el7.centos.3.noarch python-ipaddress-1.0.16-2.el7.noarch python2-ipalib-4.5.4-10.el7.centos.3.noarch ipa-client-4.5.4-10.el7.centos.3.x86_64 ipa-client-common-4.5.4-10.el7.centos.3.noarch libipa_hbac-1.16.0-19.el7_5.5.x86_64 python-iniparse-0.4-9.el7.noarch sssd-ipa-1.16.0-19.el7_5.5.x86_64 python2-ipaclient-4.5.4-10.el7.centos.3.noarch python-libipa_hbac-1.16.0-19.el7_5.5.x86_64
The basic steps to reproduce are:
1. Populate /etc/krb5.conf for IPA.GENERIC.ZONE realm
2. kinit admin # for IPA.GENERIC.ZONE
3. ipa-client-install --mkhomedir --no-ntp --ssh-trust-dns --enable-dns-updates
Here's where the errors start:
Enrolled in IPA realm IPA.GENERIC.ZONE Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm IPA.GENERIC.ZONE trying https://sl1mmgplidm0001.ipa.generic.zone/ipa/json Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [root@sl1aosplsecweb2 ~]# less /var/log/ipaclient-install.log File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3628, in main install(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2348, in install _install(options) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2694, in _install api.finalize() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 714, in finalize self.__do_if_not_done('load_plugins') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 421, in __do_if_not_done getattr(self, name)() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 592, in load_plugins for package in self.packages: File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 948, in packages ipaclient.remote_plugins.get_package(self), File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package plugins = schema.get_package(server_info, client) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 537, in get_package schema = Schema(client) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 385, in __init__ fingerprint, ttl = self._fetch(client, ignore_cache=read_failed) File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 397, in _fetch client.connect(verbose=False) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1034, in create_connection command([], {}) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1246, in _call return self.__request(name, args) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1213, in __request verbose=self.__verbose >= 3, File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 677, in single_request self.get_auth_info() File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 629, in get_auth_info self._handle_exception(e, service=service) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 588, in _handle_exception raise errors.KerberosError(message=unicode(e))
2018-07-11T21:39:19Z DEBUG The ipa-client-install command failed, exception: KerberosError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS 2018-07-11T21:39:19Z ERROR Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS 2018-07-11T21:39:19Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
If it would help I can attach the entire ipaclient-install.log file
Thank you for your help --Jim
freeipa-users@lists.fedorahosted.org