Bradley Bishop
2017-03-28 13:00:12 UTC
Hello,
I am new to this community and have a FreeIPA server install that is
trusted to AD using AD dns.
I am having problems getting my clients to work properly. Everything seems
to install properly the first time i try it but i get the following logs
after that:
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_cli_connect_recv] (0x0040): Unable to establish connection
[1432158225]: Authentication Failed
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv:
2048
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'not working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_handle_release]
(0x2000): Trace: sh[0x7efdeeccb150], connected[1], ops[(nil)],
ldap[0x7efdeecf6730], destructor_lock[0], release_memory[0]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[remove_connection_callback] (0x4000): Successfully removed connection
callback.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): attempting failover retry on op #1
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_step] (0x4000): beginning to connect
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 389 for server 'homeipa01.brad.local' is 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 0 for server 'homeipa01.brad.local' is 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): attempting failover retry on op #2
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_step] (0x4000): waiting for connection to complete
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_release_conn_data] (0x4000): releasing unused connection
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline]
(0x2000): Going offline!
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline]
(0x2000): Enable check_if_online_ptask.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_enable]
(0x0400): Task [Check if online (periodic)]: enabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 73 seconds
from now [1490682941]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_run_offline_cb]
(0x0080): Going offline. Running callbacks.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): notify offline to op #1
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_subdomains_refresh_connect_done] (0x0020): Unable to connect to LDAP
[11]: Resource temporarily unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_subdomains_refresh_connect_done] (0x0080): No IPA server is available,
cannot get the subdomain list while offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0040): Task [Subdomains Refresh]: failed with [1432158212]: SSSD is
offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Subdomains Refresh]: scheduling task 14400 seconds from now
[1490697268]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): notify offline to op #2
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_sudo_refresh_connect_done] (0x0020): SUDO LDAP connection failed [11]:
Resource temporarily unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0040): Task [SUDO Full Refresh]: failed with [11]: Resource temporarily
unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from now
[1490704468]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_release_conn_data] (0x4000): releasing unused connection
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[delayed_online_authentication_callback] (0x0200): Backend is online,
starting delayed online authentication.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [Subdomains Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [SUDO Smart Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [SUDO Full Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[remove_krb5_info_files] (0x0200): Could not remove
[/var/lib/sss/pubconf/kpasswdinfo.IPA.BRAD.LOCAL], [2][No such file or
directory]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute]
(0x0400): Back end is offline
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute]
(0x0400): Task [Check if online (periodic)]: executing task, timeout 60
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_run_unconditional_online_cb] (0x4000): List of unconditional online
callbacks is empty, nothing to do.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [check_if_online]
(0x2000): Trying to go back online!
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_reset_services]
(0x1000): Resetting all servers in all services
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'homeipa01.brad.local' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 389 of duplicate server 'homeipa01.brad.local' as
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req]
(0x0400): DP Request [Online Check #8]: New request. Flags [0000].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 389 for server 'homeipa01.brad.local' is
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is neutral
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [collapse_srv_lookup]
(0x0100): Need to refresh SRV lookup for domain ipa.brad.local
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
'ldap'. Will use DNS discovery domain 'ipa.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_send]
(0x0100): Trying to resolve SRV record of '_ldap._tcp.ipa.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0400): Task [Check if online (periodic)]: finished successfully
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 67 seconds
from last execution time [1490683008]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_done]
(0x1000): Using TTL [3600]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_discover_srv_done] (0x0400): Got 1 servers
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_add_server_to_list] (0x0400): Inserted primary server
'homeipa01.brad.local:389' to service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_is_address]
(0x4000): [homeipa01.brad.local] does not look like an IP address
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'homeipa01.brad.local' in files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'resolving name'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record
of 'homeipa01.brad.local' in files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying DNS
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'homeipa01.brad.local' in DNS
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x0200): Found address for server
homeipa01.brad.local: [11.10.10.17] TTL 3600
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://homeipa01.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sssd_async_socket_init_send] (0x4000): Using file descriptor [21] for the
connection.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for
connecting
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://homeipa01.brad.local:389/??base] with fd [21].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_send] (0x4000): Getting rootdse
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_print_server]
(0x2000): Searching 11.10.10.17:389
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectclass=*)][].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedLDAPVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedSASLMechanisms]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[domainControllerFunctionality]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[defaultNamingContext]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[highestCommittedUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_add]
(0x2000): New operation 1 timeout 6
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_entry]
(0x1000): OriginalDN: [].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [vendorName]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [vendorVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [dataversion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [netscapemdsuffix]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [changeLog]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [firstchangenumber]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [lastchangenumber]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipatopologypluginversion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipatopologyismanaged]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaDomainLevel]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [namingContexts]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedControl]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedExtension]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedFeatures]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedLDAPVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedSASLMechanisms]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [defaultNamingContext]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [lastUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_destructor]
(0x2000): Operation 1 finished
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_done] (0x2000): Got rootdse
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_server_opts_from_rootdse] (0x4000): USN value: 26095 (int: 26095)
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_send]
(0x0400): Attempting kinit (default, host/bradltest01.brad.local,
IPA.BRAD.LOCAL, 86400)
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_next_kdc]
(0x1000): Resolving next KDC for service IPA
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x0200): Found address for server
homeipa01.brad.local: [11.10.10.17] TTL 3600
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[create_tgt_req_send_buffer] (0x0400): buffer size: 65
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [11463]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [11463]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[(nil)],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler]
(0x1000): Waiting for child [11463].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler]
(0x0100): child [11463] finished successfully.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_IPA.BRAD.LOCAL],
expired on [1490769341]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step]
(0x0100): expire timeout is 900
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step]
(0x1000): the connection will expire at 1490683841
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: GSSAPI, user:
host/bradltest01.brad.local
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0020): ldap_sasl_bind failed (-2)[Local error]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information
(Server krbtgt/***@IPA.BRAD.LOCAL not found in Kerberos database)]
If i uninstall and try to install again i get the following error:
/usr/sbin/ipa-client-install was invoked with options: {'domain':
'ipa.brad.local', 'force': False, 'krb5_offline_passwords': True,
'ip_addresses': [], 'configure_firefox': False, 'primary': False,
'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd':
True, 'conf_ntp': False, 'on_master': False, 'no_nisdomain': False,
'nisdomain': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab':
None, 'hostname': None, 'request_cert': False, 'trust_sshfp': True,
'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location':
None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5,
'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join':
False, 'firefox_dir': None, 'server': None, 'prompt_password': False,
'permit': True, 'debug': True, 'preserve_sssd': False, 'mkhomedir': False,
'uninstall': False}
missing options might be asked for interactively later
IPA version 4.4.0-14.el7.centos.6
[IPA Discovery]
Starting IPA discovery with domain=ipa.brad.local, servers=None,
hostname=bradltest01.brad.local
Search for LDAP SRV record in ipa.brad.local
Search DNS for SRV record of _ldap._tcp.ipa.brad.local
DNS record found: 0 100 389 homeipa01.brad.local.
[Kerberos realm search]
Search DNS for TXT record of _kerberos.ipa.brad.local
DNS record not found: NXDOMAIN
Search DNS for SRV record of _kerberos._udp.ipa.brad.local
DNS record found: 0 100 88 homeipa01.brad.local.
[LDAP server check]
Verifying that homeipa01.brad.local (realm None) is an IPA server
Init LDAP connection to: homeipa01.brad.local
Search LDAP server for IPA base DN
Check if naming context 'dc=ipa,dc=brad,dc=local' is for IPA
Naming context 'dc=ipa,dc=brad,dc=local' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=ipa,dc=brad,dc=local (sub)
Found: cn=IPA.BRAD.LOCAL,cn=kerberos,dc=ipa,dc=brad,dc=local
Discovery result: Success; server=homeipa01.brad.local,
domain=ipa.brad.local, kdc=homeipa01.brad.local,
basedn=dc=ipa,dc=brad,dc=local
Validated servers: homeipa01.brad.local
will use discovered domain: ipa.brad.local
Start searching for LDAP SRV record in "ipa.brad.local" (Validating DNS
Discovery) and its sub-domains
Search DNS for SRV record of _ldap._tcp.ipa.brad.local
DNS record found: 0 100 389 homeipa01.brad.local.
DNS validated, enabling discovery
will use discovered server: homeipa01.brad.local
Discovery was successful!
will use discovered realm: IPA.BRAD.LOCAL
will use discovered basedn: dc=ipa,dc=brad,dc=local
Client hostname: bradltest01.brad.local
Hostname source: Machine's FQDN
Realm: IPA.BRAD.LOCAL
Realm source: Discovered from LDAP DNS records in homeipa01.brad.local
DNS Domain: ipa.brad.local
DNS Domain source: Discovered LDAP SRV records from ipa.brad.local
IPA Server: homeipa01.brad.local
IPA Server source: Discovered from LDAP DNS records in homeipa01.brad.local
BaseDN: dc=ipa,dc=brad,dc=local
BaseDN source: From IPA server ldap://homeipa01.brad.local:389
Continue to configure the system with these values? [no]: yes
Starting external process
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.BRAD.LOCAL
Process finished, return code=5
stdout=
stderr=realm not found
Skipping synchronizing time with NTP server.
Starting external process
args=keyctl get_persistent @s 0
Process finished, return code=0
stdout=104729494
stderr=
Enabling persistent keyring CCACHE
Writing Kerberos configuration to /tmp/tmpsd7Fyb:
#File modified by ipa-client-install
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = IPA.BRAD.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
IPA.BRAD.LOCAL = {
kdc = homeipa01.brad.local:88
master_kdc = homeipa01.brad.local:88
admin_server = homeipa01.brad.local:749
kpasswd_server = homeipa01.brad.local:464
default_domain = ipa.brad.local
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.ipa.brad.local = IPA.BRAD.LOCAL
ipa.brad.local = IPA.BRAD.LOCAL
bradltest01.brad.local = IPA.BRAD.LOCAL
.brad.local = IPA.BRAD.LOCAL
brad.local = IPA.BRAD.LOCAL
Initializing principal ***@IPA.BRAD.LOCAL using password
Starting external process
args=/usr/bin/kinit ***@IPA.BRAD.LOCAL -c /tmp/krbccfpGaQu/ccache
Process finished, return code=0
stdout=Password for ***@IPA.BRAD.LOCAL:
stderr=
trying to retrieve CA cert via LDAP from homeipa01.brad.local
get_ca_certs_from_ldap() error: Insufficient access: SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Server krbtgt/***@IPA.BRAD.LOCAL not found in
Kerberos database)
Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (Server
krbtgt/***@IPA.BRAD.LOCAL not found in Kerberos database)
Unable to download CA cert from LDAP.
Do you want to download the CA cert from
http://homeipa01.brad.local/ipa/config/ca.crt?
(this is INSECURE) [no]: yes
Downloading the CA certificate via HTTP, this is INSECURE
trying to retrieve CA cert via HTTP from
http://homeipa01.brad.local/ipa/config/ca.crt
Starting external process
args=/usr/bin/curl -o - http://homeipa01.brad.local/ipa/config/ca.crt
Process finished, return code=0
stdout=-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIQYau2KCRYq5hGa+sV/gII8zANBgkqhkiG9w0BAQUFADBI
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFkMRkw
FwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDEyMTAwMTAzOVoXDTIyMDEy
MTAwMjAzOFowSDEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRQwEgYKCZImiZPyLGQB
GRYEYnJhZDEZMBcGA1UEAxMQYnJhZC1IT01FQ0EwMS1DQTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAJ8vxTTGRThnp8sYvOPNMs6t/PtfP/Bd5W0JYT/4
zpFE1pL6zHQ7BlyVyxVKg91YaYy/HgLoFQ6FfIaI15SWre5GSGmlZwR3NgRu0PCx
EoCOBisSMCiIrSTAPJV745d7hArlPi9faeKpqaBSmsu3OE5uDdSqy2FiNCfUNmv+
oEJHqIk16eg+MvMCMHeOk/7fWrCC3hG+Maalo9u62cyo/xJ+EQa1YSfllPxgGE3r
AV/+jKo3vq2LV6sEEYtoNOnTeGxwixhaC6p2Qxq2DD4IYmRPerz8FQiJiWDEuIyL
L8jRiF2tKW2CF2OLreVxBSQ56NT5NyPDz2qsnV6Kz9PPaG+NFznG7FFNNaZ9nSaX
YqiyHhhIuTdE8LIr7fBbLhW2aYT4Mrj4xRiuzpaAxCn9zoDIgk95XsSpjP/upG2n
B2RzwmY/vAigE7XsR3Qr4HNuUQUfqJj+M+lp+OmLiQhXKDEqnM8YAPnJv/TTUlKL
Q8dABrL/nAsm7hbIz1CBHQGIU9ScGDgi1xmxGV5VfOd70OqJN1U2TbwL+oHh8kSw
6hBkYniUqHFfedBWTYwjMDUlh2fXco9VDJFV9I8CDUSXi+l6MYuwYYN8xZjEAFj1
bCib7vLrCj6W2rDjzuRF+AJF3nWF/WekyoPk+Y9NI27EgcR587GlFvSA0Iiy38Hk
sROtAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBQQ1Sn0uCerKAA+WfPUL0Y6fJ6OxDAQBgkrBgEEAYI3FQEEAwIBADANBgkq
hkiG9w0BAQUFAAOCAgEActCFolsyfeyp0AzspbmIiqb7q3/wId/arbX+TsKeR+Pd
8nrUuSTaCASnbjRi069uZ/+CYeZDWuUqnUeOcmsX5iRsdwHztf5F5ON5Qlhsat2y
RQyclB8yC52Yv+opCxU5kWgL/j8S0uDfm/XIhIAMwtBim22Wvt/2b82ceWGNdmd5
/PReO7tNO7pDVyAd5Ltren8hIOxfAGNztU/oKz3ph36qKyNYL3lA3UYVMMFKLn4o
HzJjObISHBJfS+n+T0yntSMevt/yjbg5a/0t8I63IvsZlMqFJJakZ+Vxr4amtHHS
CsS5eGIAvTzTsU5uQ9H59WFbKlUsH39uSESKIvtE5RnPZmfyIxuD+Ol+l9qcikEL
E3hp3LoPNx/t75oR+NkMwfBt4pYB0goeYiEt7T0OJKPSlrq3fY2iJW4X0zcaRrFX
1Dm5pZv3KOUcn7vIjATMui6KfNWgmnIUNX2t0mIfwJ84NQhNRvuePgNn1449mUpo
DCNgWbhofQD2uLWX0HPQJmrBf0xOlLAMpubVVgVCVp+2qUVWDBq+HkjsqZRphnHk
xXE2k8Ze/SUtHzP1DafThtP28991GY70aboIbls7MrZvOGaT5IlCKk65BTqT66/W
DYznMTU0p1BAPritw7yBQVQXWh1EBAbT0Zz+fGIzBcxoeGV44tXpWpLZwcwhJo8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGvjCCBKagAwIBAgITHQAAAAnwrIVvC23kXwAAAAAACTANBgkqhkiG9w0BAQUF
ADBIMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFk
MRkwFwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDMyNTIwNDUzN1oXDTE5
MDMyNTIwNTUzN1owOTEXMBUGA1UEChMOSVBBLkJSQUQuTE9DQUwxHjAcBgNVBAMT
FUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKAZxtb8lGt3TPxT2hMY1u+tWb8nMDdewoVcpKh3ejvEN16cnpyb8BM+
nr+pjmtANHZ70X9rhyJI7K4lnYgeurE4+ORt1HBRsBqbYMu3NYRCU6R9mlKtJMbg
S6wja3Vp3HmlWhv8eU9g+AH+CALQ5hlJJJTIifUcX79B3ZJdlUSdnWnRkVi48h5P
Min9Ek3IAy8JBfPSzzZQkfPBd0iBqvg887Di1wS8QkOaIP1lz0GkxDEbLBbVyXKE
PndEIhiSDjMitv3cSuLzdortajSUPGkchsX01DCQQWkj5LLY/uSrq35p/HF55mbA
6o/I4fTNWNe0aXTS0GGdCO8tLljbGfUCAwEAAaOCAq4wggKqMBkGCSsGAQQBgjcU
AgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
MB0GA1UdDgQWBBRAxpShbiY7S1phNzVlNnpYo/4DGDAfBgNVHSMEGDAWgBQQ1Sn0
uCerKAA+WfPUL0Y6fJ6OxDCCAQkGA1UdHwSCAQAwgf0wgfqggfeggfSGgbdsZGFw
Oi8vL0NOPWJyYWQtSE9NRUNBMDEtQ0EsQ049aG9tZWNhMDEsQ049Q0RQLENOPVB1
YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRp
b24sREM9YnJhZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGOGh0dHA6Ly9ob21l
Y2EwMS5icmFkLmxvY2FsL0NlcnREYXRhL2JyYWQtSE9NRUNBMDEtQ0EuY3JsMIIB
HQYIKwYBBQUHAQEEggEPMIIBCzCBrgYIKwYBBQUHMAKGgaFsZGFwOi8vL0NOPWJy
YWQtSE9NRUNBMDEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2Vz
LENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YnJhZCxEQz1sb2NhbD9j
QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
cml0eTBYBggrBgEFBQcwAoZMaHR0cDovL2hvbWVjYTAxLmJyYWQubG9jYWwvQ2Vy
dERhdGEvaG9tZWNhMDEuYnJhZC5sb2NhbF9icmFkLUhPTUVDQTAxLUNBLmNydDAN
BgkqhkiG9w0BAQUFAAOCAgEANfSlBa5FmsEt6bx4lbPP6EJ2OvKLq8K5SVvrLosa
JpiFx6qdN33JeSyKsyRKyfbK6Pigolj9cCZuBpyGdyD64cd7HSPwjH1FFRNbYDCc
CvCgpAgRHYejPmuVemp1bRb05ZS8EFsJz18UWRyO4U9GJIXArGJ7ZWumzsfndtm1
qAolNCMusweMytboWt/gjO5FFUn4B7Z8Q+EEi9SxOBGoyHNzZS7ZsBxpq4zvG+oh
bBq3QH00lOnfPGlY9M8mYCBkDBsw/6Pp+3ffOOqlCM4ncdBmrsZyiJYprb+zsEKM
1K8H2+l7DNl/f818LG0AUYXM++lKjn5HOq9dvHGCRwngGtn16W6ujxYaiALB5Gxl
sQMs5JggGV48cAEjDpxtK5+WZUe1Kpas32sgKr3vCfSTham9/KbOxXiBq2T19h6h
/tZUxv7t75EncTYc2KR8/Dd7VvrIbctPatUJvN83yIWnLgzJIWskCN8LRQbD7T3y
9EjdG/7Nv+WDfo7SBeXxtJbcXOHFW4C3CcQTZAsGxfzSHl1WknowtmifoM4tdq0o
GPa5+D3p/fmJNz6yhdzTjPRVngwTMJIK2dXTeSQfSKDCHQHp4GHQN0L3eYTmBR0z
pjEX1C56uFr4hMSd49cQKMW2FXUld3QIKrpo6SMso8myGe6C52If8BjAhsXGBv1V
gr8=
-----END CERTIFICATE-----
stderr= % Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent Left
Speed
100 4402 100 4402 0 0 597k 0 --:--:-- --:--:-- --:--:--
614k
Successfully retrieved CA cert
Subject: CN=brad-HOMECA01-CA,DC=brad,DC=local
Issuer: CN=brad-HOMECA01-CA,DC=brad,DC=local
Valid From: Sat Jan 21 00:10:39 2017 UTC
Valid Until: Fri Jan 21 00:20:38 2022 UTC
Subject: CN=Certificate Authority,O=IPA.BRAD.LOCAL
Issuer: CN=brad-HOMECA01-CA,DC=brad,DC=local
Valid From: Sat Mar 25 20:45:37 2017 UTC
Valid Until: Mon Mar 25 20:55:37 2019 UTC
Starting external process
args=/usr/sbin/ipa-join -s homeipa01.brad.local -b dc=ipa,dc=brad,dc=local
-h bradltest01.brad.local -d
Process finished, return code=17
stdout=
stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>bradltest01.brad.local</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to homeipa01.brad.local port 443 (#0)
* Trying 11.10.10.17...
* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL
* start date: Mar 25 21:13:09 2017 GMT
* expire date: Mar 25 20:55:37 2019 GMT
* common name: homeipa01.brad.local
* issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.4.0
Referer: https://homeipa01.brad.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 482
* upload completely sent off: 482 out of 482 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 28 Mar 2017 12:57:48 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14
NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5
* gss_init_sec_context() failed: : Server krbtgt/***@IPA.BRAD.LOCAL
not found in Kerberos database
< WWW-Authenticate: Negotiate
< X-Frame-Options: DENY
< Content-Security-Policy: frame-ancestors 'none'
< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host homeipa01.brad.local left intact
HTTP response code is 401, not 200
Joining realm failed: XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>bradltest01.brad.local</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to homeipa01.brad.local port 443 (#0)
* Trying 11.10.10.17...
* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL
* start date: Mar 25 21:13:09 2017 GMT
* expire date: Mar 25 20:55:37 2019 GMT
* common name: homeipa01.brad.local
* issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.4.0
Referer: https://homeipa01.brad.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 482
* upload completely sent off: 482 out of 482 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 28 Mar 2017 12:57:48 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14
NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5
* gss_init_sec_context() failed: : Server krbtgt/***@IPA.BRAD.LOCAL
not found in Kerberos database
< WWW-Authenticate: Negotiate
< X-Frame-Options: DENY
< Content-Security-Policy: frame-ancestors 'none'
< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host homeipa01.brad.local left intact
HTTP response code is 401, not 200
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Kinda at loss on what to try next and where to look so any direction would
be much appreciated.
Thank you,
Bradley Bishop
I am new to this community and have a FreeIPA server install that is
trusted to AD using AD dns.
I am having problems getting my clients to work properly. Everything seems
to install properly the first time i try it but i get the following logs
after that:
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_cli_connect_recv] (0x0040): Unable to establish connection
[1432158225]: Authentication Failed
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv:
2048
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'not working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [sdap_handle_release]
(0x2000): Trace: sh[0x7efdeeccb150], connected[1], ops[(nil)],
ldap[0x7efdeecf6730], destructor_lock[0], release_memory[0]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[remove_connection_callback] (0x4000): Successfully removed connection
callback.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): attempting failover retry on op #1
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_step] (0x4000): beginning to connect
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 389 for server 'homeipa01.brad.local' is 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 0 for server 'homeipa01.brad.local' is 'not
working'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): attempting failover retry on op #2
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_step] (0x4000): waiting for connection to complete
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_release_conn_data] (0x4000): releasing unused connection
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline]
(0x2000): Going offline!
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_mark_offline]
(0x2000): Enable check_if_online_ptask.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_enable]
(0x0400): Task [Check if online (periodic)]: enabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 73 seconds
from now [1490682941]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_run_offline_cb]
(0x0080): Going offline. Running callbacks.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): notify offline to op #1
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_subdomains_refresh_connect_done] (0x0020): Unable to connect to LDAP
[11]: Resource temporarily unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_subdomains_refresh_connect_done] (0x0080): No IPA server is available,
cannot get the subdomain list while offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0040): Task [Subdomains Refresh]: failed with [1432158212]: SSSD is
offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Subdomains Refresh]: scheduling task 14400 seconds from now
[1490697268]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_op_connect_done] (0x4000): notify offline to op #2
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[ipa_sudo_refresh_connect_done] (0x0020): SUDO LDAP connection failed [11]:
Resource temporarily unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0040): Task [SUDO Full Refresh]: failed with [11]: Resource temporarily
unavailable
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from now
[1490704468]
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[sdap_id_release_conn_data] (0x4000): releasing unused connection
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[delayed_online_authentication_callback] (0x0200): Backend is online,
starting delayed online authentication.
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [Subdomains Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [SUDO Smart Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_offline_cb]
(0x0400): Back end is offline
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]] [be_ptask_disable]
(0x0400): Task [SUDO Full Refresh]: disabling task
(Tue Mar 28 02:34:28 2017) [sssd[be[ipa.brad.local]]]
[remove_krb5_info_files] (0x0200): Could not remove
[/var/lib/sss/pubconf/kpasswdinfo.IPA.BRAD.LOCAL], [2][No such file or
directory]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute]
(0x0400): Back end is offline
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_execute]
(0x0400): Task [Check if online (periodic)]: executing task, timeout 60
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_run_unconditional_online_cb] (0x4000): List of unconditional online
callbacks is empty, nothing to do.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [check_if_online]
(0x2000): Trying to go back online!
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_reset_services]
(0x1000): Resetting all servers in all services
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'homeipa01.brad.local' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 389 of duplicate server 'homeipa01.brad.local' as
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'homeipa01.brad.local' as 'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [fo_set_port_status]
(0x0400): Marking port 0 of duplicate server 'homeipa01.brad.local' as
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req]
(0x0400): DP Request [Online Check #8]: New request. Flags [0000].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_port_status]
(0x1000): Port status of port 389 for server 'homeipa01.brad.local' is
'neutral'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is neutral
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [collapse_srv_lookup]
(0x0100): Need to refresh SRV lookup for domain ipa.brad.local
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
'ldap'. Will use DNS discovery domain 'ipa.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_send]
(0x0100): Trying to resolve SRV record of '_ldap._tcp.ipa.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_done]
(0x0400): Task [Check if online (periodic)]: finished successfully
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 67 seconds
from last execution time [1490683008]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_getsrv_done]
(0x1000): Using TTL [3600]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_discover_srv_done] (0x0400): Got 1 servers
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_add_server_to_list] (0x0400): Inserted primary server
'homeipa01.brad.local:389' to service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'IPA' as 'resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name not resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolv_is_address]
(0x4000): [homeipa01.brad.local] does not look like an IP address
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'homeipa01.brad.local' in files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'resolving name'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record
of 'homeipa01.brad.local' in files
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_step] (0x2000): Querying DNS
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'homeipa01.brad.local' in DNS
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_server_common_status] (0x0100): Marking server 'homeipa01.brad.local'
as 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x0200): Found address for server
homeipa01.brad.local: [11.10.10.17] TTL 3600
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://homeipa01.brad.local'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_ir439Z]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sssd_async_socket_init_send] (0x4000): Using file descriptor [21] for the
connection.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for
connecting
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://homeipa01.brad.local:389/??base] with fd [21].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_send] (0x4000): Getting rootdse
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_print_server]
(0x2000): Searching 11.10.10.17:389
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectclass=*)][].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedLDAPVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedSASLMechanisms]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[domainControllerFunctionality]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[defaultNamingContext]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[highestCommittedUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_add]
(0x2000): New operation 1 timeout 6
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_entry]
(0x1000): OriginalDN: [].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [vendorName]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [vendorVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [dataversion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [netscapemdsuffix]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [changeLog]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [firstchangenumber]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [lastchangenumber]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipatopologypluginversion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipatopologyismanaged]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaDomainLevel]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [namingContexts]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedControl]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedExtension]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedFeatures]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedLDAPVersion]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [supportedSASLMechanisms]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [defaultNamingContext]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_parse_range]
(0x2000): No sub-attributes for [lastUSN]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[0x7efdeecff7a0],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_op_destructor]
(0x2000): Operation 1 finished
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_done] (0x2000): Got rootdse
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_get_server_opts_from_rootdse] (0x4000): USN value: 26095 (int: 26095)
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_send]
(0x0400): Attempting kinit (default, host/bradltest01.brad.local,
IPA.BRAD.LOCAL, 86400)
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_kinit_next_kdc]
(0x1000): Resolving next KDC for service IPA
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [get_server_status]
(0x1000): Status of server 'homeipa01.brad.local' is 'name resolved'
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[be_resolve_server_process] (0x0200): Found address for server
homeipa01.brad.local: [11.10.10.17] TTL 3600
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[create_tgt_req_send_buffer] (0x0400): buffer size: 65
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [11463]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [11463]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]]
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: sh[0x7efdeecce630], connected[1], ops[(nil)],
ldap[0x7efdeecae060]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler]
(0x1000): Waiting for child [11463].
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [child_sig_handler]
(0x0100): child [11463] finished successfully.
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_IPA.BRAD.LOCAL],
expired on [1490769341]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step]
(0x0100): expire timeout is 900
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sdap_cli_auth_step]
(0x1000): the connection will expire at 1490683841
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: GSSAPI, user:
host/bradltest01.brad.local
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0020): ldap_sasl_bind failed (-2)[Local error]
(Tue Mar 28 02:35:41 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send]
(0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information
(Server krbtgt/***@IPA.BRAD.LOCAL not found in Kerberos database)]
If i uninstall and try to install again i get the following error:
/usr/sbin/ipa-client-install was invoked with options: {'domain':
'ipa.brad.local', 'force': False, 'krb5_offline_passwords': True,
'ip_addresses': [], 'configure_firefox': False, 'primary': False,
'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd':
True, 'conf_ntp': False, 'on_master': False, 'no_nisdomain': False,
'nisdomain': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab':
None, 'hostname': None, 'request_cert': False, 'trust_sshfp': True,
'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location':
None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5,
'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join':
False, 'firefox_dir': None, 'server': None, 'prompt_password': False,
'permit': True, 'debug': True, 'preserve_sssd': False, 'mkhomedir': False,
'uninstall': False}
missing options might be asked for interactively later
IPA version 4.4.0-14.el7.centos.6
[IPA Discovery]
Starting IPA discovery with domain=ipa.brad.local, servers=None,
hostname=bradltest01.brad.local
Search for LDAP SRV record in ipa.brad.local
Search DNS for SRV record of _ldap._tcp.ipa.brad.local
DNS record found: 0 100 389 homeipa01.brad.local.
[Kerberos realm search]
Search DNS for TXT record of _kerberos.ipa.brad.local
DNS record not found: NXDOMAIN
Search DNS for SRV record of _kerberos._udp.ipa.brad.local
DNS record found: 0 100 88 homeipa01.brad.local.
[LDAP server check]
Verifying that homeipa01.brad.local (realm None) is an IPA server
Init LDAP connection to: homeipa01.brad.local
Search LDAP server for IPA base DN
Check if naming context 'dc=ipa,dc=brad,dc=local' is for IPA
Naming context 'dc=ipa,dc=brad,dc=local' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=ipa,dc=brad,dc=local (sub)
Found: cn=IPA.BRAD.LOCAL,cn=kerberos,dc=ipa,dc=brad,dc=local
Discovery result: Success; server=homeipa01.brad.local,
domain=ipa.brad.local, kdc=homeipa01.brad.local,
basedn=dc=ipa,dc=brad,dc=local
Validated servers: homeipa01.brad.local
will use discovered domain: ipa.brad.local
Start searching for LDAP SRV record in "ipa.brad.local" (Validating DNS
Discovery) and its sub-domains
Search DNS for SRV record of _ldap._tcp.ipa.brad.local
DNS record found: 0 100 389 homeipa01.brad.local.
DNS validated, enabling discovery
will use discovered server: homeipa01.brad.local
Discovery was successful!
will use discovered realm: IPA.BRAD.LOCAL
will use discovered basedn: dc=ipa,dc=brad,dc=local
Client hostname: bradltest01.brad.local
Hostname source: Machine's FQDN
Realm: IPA.BRAD.LOCAL
Realm source: Discovered from LDAP DNS records in homeipa01.brad.local
DNS Domain: ipa.brad.local
DNS Domain source: Discovered LDAP SRV records from ipa.brad.local
IPA Server: homeipa01.brad.local
IPA Server source: Discovered from LDAP DNS records in homeipa01.brad.local
BaseDN: dc=ipa,dc=brad,dc=local
BaseDN source: From IPA server ldap://homeipa01.brad.local:389
Continue to configure the system with these values? [no]: yes
Starting external process
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.BRAD.LOCAL
Process finished, return code=5
stdout=
stderr=realm not found
Skipping synchronizing time with NTP server.
Starting external process
args=keyctl get_persistent @s 0
Process finished, return code=0
stdout=104729494
stderr=
Enabling persistent keyring CCACHE
Writing Kerberos configuration to /tmp/tmpsd7Fyb:
#File modified by ipa-client-install
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = IPA.BRAD.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
IPA.BRAD.LOCAL = {
kdc = homeipa01.brad.local:88
master_kdc = homeipa01.brad.local:88
admin_server = homeipa01.brad.local:749
kpasswd_server = homeipa01.brad.local:464
default_domain = ipa.brad.local
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.ipa.brad.local = IPA.BRAD.LOCAL
ipa.brad.local = IPA.BRAD.LOCAL
bradltest01.brad.local = IPA.BRAD.LOCAL
.brad.local = IPA.BRAD.LOCAL
brad.local = IPA.BRAD.LOCAL
Initializing principal ***@IPA.BRAD.LOCAL using password
Starting external process
args=/usr/bin/kinit ***@IPA.BRAD.LOCAL -c /tmp/krbccfpGaQu/ccache
Process finished, return code=0
stdout=Password for ***@IPA.BRAD.LOCAL:
stderr=
trying to retrieve CA cert via LDAP from homeipa01.brad.local
get_ca_certs_from_ldap() error: Insufficient access: SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (Server krbtgt/***@IPA.BRAD.LOCAL not found in
Kerberos database)
Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (Server
krbtgt/***@IPA.BRAD.LOCAL not found in Kerberos database)
Unable to download CA cert from LDAP.
Do you want to download the CA cert from
http://homeipa01.brad.local/ipa/config/ca.crt?
(this is INSECURE) [no]: yes
Downloading the CA certificate via HTTP, this is INSECURE
trying to retrieve CA cert via HTTP from
http://homeipa01.brad.local/ipa/config/ca.crt
Starting external process
args=/usr/bin/curl -o - http://homeipa01.brad.local/ipa/config/ca.crt
Process finished, return code=0
stdout=-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIQYau2KCRYq5hGa+sV/gII8zANBgkqhkiG9w0BAQUFADBI
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFkMRkw
FwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDEyMTAwMTAzOVoXDTIyMDEy
MTAwMjAzOFowSDEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRQwEgYKCZImiZPyLGQB
GRYEYnJhZDEZMBcGA1UEAxMQYnJhZC1IT01FQ0EwMS1DQTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAJ8vxTTGRThnp8sYvOPNMs6t/PtfP/Bd5W0JYT/4
zpFE1pL6zHQ7BlyVyxVKg91YaYy/HgLoFQ6FfIaI15SWre5GSGmlZwR3NgRu0PCx
EoCOBisSMCiIrSTAPJV745d7hArlPi9faeKpqaBSmsu3OE5uDdSqy2FiNCfUNmv+
oEJHqIk16eg+MvMCMHeOk/7fWrCC3hG+Maalo9u62cyo/xJ+EQa1YSfllPxgGE3r
AV/+jKo3vq2LV6sEEYtoNOnTeGxwixhaC6p2Qxq2DD4IYmRPerz8FQiJiWDEuIyL
L8jRiF2tKW2CF2OLreVxBSQ56NT5NyPDz2qsnV6Kz9PPaG+NFznG7FFNNaZ9nSaX
YqiyHhhIuTdE8LIr7fBbLhW2aYT4Mrj4xRiuzpaAxCn9zoDIgk95XsSpjP/upG2n
B2RzwmY/vAigE7XsR3Qr4HNuUQUfqJj+M+lp+OmLiQhXKDEqnM8YAPnJv/TTUlKL
Q8dABrL/nAsm7hbIz1CBHQGIU9ScGDgi1xmxGV5VfOd70OqJN1U2TbwL+oHh8kSw
6hBkYniUqHFfedBWTYwjMDUlh2fXco9VDJFV9I8CDUSXi+l6MYuwYYN8xZjEAFj1
bCib7vLrCj6W2rDjzuRF+AJF3nWF/WekyoPk+Y9NI27EgcR587GlFvSA0Iiy38Hk
sROtAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBQQ1Sn0uCerKAA+WfPUL0Y6fJ6OxDAQBgkrBgEEAYI3FQEEAwIBADANBgkq
hkiG9w0BAQUFAAOCAgEActCFolsyfeyp0AzspbmIiqb7q3/wId/arbX+TsKeR+Pd
8nrUuSTaCASnbjRi069uZ/+CYeZDWuUqnUeOcmsX5iRsdwHztf5F5ON5Qlhsat2y
RQyclB8yC52Yv+opCxU5kWgL/j8S0uDfm/XIhIAMwtBim22Wvt/2b82ceWGNdmd5
/PReO7tNO7pDVyAd5Ltren8hIOxfAGNztU/oKz3ph36qKyNYL3lA3UYVMMFKLn4o
HzJjObISHBJfS+n+T0yntSMevt/yjbg5a/0t8I63IvsZlMqFJJakZ+Vxr4amtHHS
CsS5eGIAvTzTsU5uQ9H59WFbKlUsH39uSESKIvtE5RnPZmfyIxuD+Ol+l9qcikEL
E3hp3LoPNx/t75oR+NkMwfBt4pYB0goeYiEt7T0OJKPSlrq3fY2iJW4X0zcaRrFX
1Dm5pZv3KOUcn7vIjATMui6KfNWgmnIUNX2t0mIfwJ84NQhNRvuePgNn1449mUpo
DCNgWbhofQD2uLWX0HPQJmrBf0xOlLAMpubVVgVCVp+2qUVWDBq+HkjsqZRphnHk
xXE2k8Ze/SUtHzP1DafThtP28991GY70aboIbls7MrZvOGaT5IlCKk65BTqT66/W
DYznMTU0p1BAPritw7yBQVQXWh1EBAbT0Zz+fGIzBcxoeGV44tXpWpLZwcwhJo8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGvjCCBKagAwIBAgITHQAAAAnwrIVvC23kXwAAAAAACTANBgkqhkiG9w0BAQUF
ADBIMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRicmFk
MRkwFwYDVQQDExBicmFkLUhPTUVDQTAxLUNBMB4XDTE3MDMyNTIwNDUzN1oXDTE5
MDMyNTIwNTUzN1owOTEXMBUGA1UEChMOSVBBLkJSQUQuTE9DQUwxHjAcBgNVBAMT
FUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKAZxtb8lGt3TPxT2hMY1u+tWb8nMDdewoVcpKh3ejvEN16cnpyb8BM+
nr+pjmtANHZ70X9rhyJI7K4lnYgeurE4+ORt1HBRsBqbYMu3NYRCU6R9mlKtJMbg
S6wja3Vp3HmlWhv8eU9g+AH+CALQ5hlJJJTIifUcX79B3ZJdlUSdnWnRkVi48h5P
Min9Ek3IAy8JBfPSzzZQkfPBd0iBqvg887Di1wS8QkOaIP1lz0GkxDEbLBbVyXKE
PndEIhiSDjMitv3cSuLzdortajSUPGkchsX01DCQQWkj5LLY/uSrq35p/HF55mbA
6o/I4fTNWNe0aXTS0GGdCO8tLljbGfUCAwEAAaOCAq4wggKqMBkGCSsGAQQBgjcU
AgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
MB0GA1UdDgQWBBRAxpShbiY7S1phNzVlNnpYo/4DGDAfBgNVHSMEGDAWgBQQ1Sn0
uCerKAA+WfPUL0Y6fJ6OxDCCAQkGA1UdHwSCAQAwgf0wgfqggfeggfSGgbdsZGFw
Oi8vL0NOPWJyYWQtSE9NRUNBMDEtQ0EsQ049aG9tZWNhMDEsQ049Q0RQLENOPVB1
YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRp
b24sREM9YnJhZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGOGh0dHA6Ly9ob21l
Y2EwMS5icmFkLmxvY2FsL0NlcnREYXRhL2JyYWQtSE9NRUNBMDEtQ0EuY3JsMIIB
HQYIKwYBBQUHAQEEggEPMIIBCzCBrgYIKwYBBQUHMAKGgaFsZGFwOi8vL0NOPWJy
YWQtSE9NRUNBMDEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2Vz
LENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YnJhZCxEQz1sb2NhbD9j
QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
cml0eTBYBggrBgEFBQcwAoZMaHR0cDovL2hvbWVjYTAxLmJyYWQubG9jYWwvQ2Vy
dERhdGEvaG9tZWNhMDEuYnJhZC5sb2NhbF9icmFkLUhPTUVDQTAxLUNBLmNydDAN
BgkqhkiG9w0BAQUFAAOCAgEANfSlBa5FmsEt6bx4lbPP6EJ2OvKLq8K5SVvrLosa
JpiFx6qdN33JeSyKsyRKyfbK6Pigolj9cCZuBpyGdyD64cd7HSPwjH1FFRNbYDCc
CvCgpAgRHYejPmuVemp1bRb05ZS8EFsJz18UWRyO4U9GJIXArGJ7ZWumzsfndtm1
qAolNCMusweMytboWt/gjO5FFUn4B7Z8Q+EEi9SxOBGoyHNzZS7ZsBxpq4zvG+oh
bBq3QH00lOnfPGlY9M8mYCBkDBsw/6Pp+3ffOOqlCM4ncdBmrsZyiJYprb+zsEKM
1K8H2+l7DNl/f818LG0AUYXM++lKjn5HOq9dvHGCRwngGtn16W6ujxYaiALB5Gxl
sQMs5JggGV48cAEjDpxtK5+WZUe1Kpas32sgKr3vCfSTham9/KbOxXiBq2T19h6h
/tZUxv7t75EncTYc2KR8/Dd7VvrIbctPatUJvN83yIWnLgzJIWskCN8LRQbD7T3y
9EjdG/7Nv+WDfo7SBeXxtJbcXOHFW4C3CcQTZAsGxfzSHl1WknowtmifoM4tdq0o
GPa5+D3p/fmJNz6yhdzTjPRVngwTMJIK2dXTeSQfSKDCHQHp4GHQN0L3eYTmBR0z
pjEX1C56uFr4hMSd49cQKMW2FXUld3QIKrpo6SMso8myGe6C52If8BjAhsXGBv1V
gr8=
-----END CERTIFICATE-----
stderr= % Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent Left
Speed
100 4402 100 4402 0 0 597k 0 --:--:-- --:--:-- --:--:--
614k
Successfully retrieved CA cert
Subject: CN=brad-HOMECA01-CA,DC=brad,DC=local
Issuer: CN=brad-HOMECA01-CA,DC=brad,DC=local
Valid From: Sat Jan 21 00:10:39 2017 UTC
Valid Until: Fri Jan 21 00:20:38 2022 UTC
Subject: CN=Certificate Authority,O=IPA.BRAD.LOCAL
Issuer: CN=brad-HOMECA01-CA,DC=brad,DC=local
Valid From: Sat Mar 25 20:45:37 2017 UTC
Valid Until: Mon Mar 25 20:55:37 2019 UTC
Starting external process
args=/usr/sbin/ipa-join -s homeipa01.brad.local -b dc=ipa,dc=brad,dc=local
-h bradltest01.brad.local -d
Process finished, return code=17
stdout=
stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>bradltest01.brad.local</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to homeipa01.brad.local port 443 (#0)
* Trying 11.10.10.17...
* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL
* start date: Mar 25 21:13:09 2017 GMT
* expire date: Mar 25 20:55:37 2019 GMT
* common name: homeipa01.brad.local
* issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL
POST /ipa/xml HTTP/1.1
Host: homeipa01.brad.localAccept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.4.0
Referer: https://homeipa01.brad.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 482
* upload completely sent off: 482 out of 482 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 28 Mar 2017 12:57:48 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14
NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5
* gss_init_sec_context() failed: : Server krbtgt/***@IPA.BRAD.LOCAL
not found in Kerberos database
< WWW-Authenticate: Negotiate
< X-Frame-Options: DENY
< Content-Security-Policy: frame-ancestors 'none'
< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host homeipa01.brad.local left intact
HTTP response code is 401, not 200
Joining realm failed: XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>bradltest01.brad.local</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.10.0-514.6.1.el7.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to homeipa01.brad.local port 443 (#0)
* Trying 11.10.10.17...
* Connected to homeipa01.brad.local (11.10.10.17) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=homeipa01.brad.local,O=IPA.BRAD.LOCAL
* start date: Mar 25 21:13:09 2017 GMT
* expire date: Mar 25 20:55:37 2019 GMT
* common name: homeipa01.brad.local
* issuer: CN=Certificate Authority,O=IPA.BRAD.LOCAL
POST /ipa/xml HTTP/1.1
Host: homeipa01.brad.localAccept: */*
Content-Type: text/xml
User-Agent: ipa-join/4.4.0
Referer: https://homeipa01.brad.local/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0
Content-Length: 482
* upload completely sent off: 482 out of 482 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 28 Mar 2017 12:57:48 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14
NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5
* gss_init_sec_context() failed: : Server krbtgt/***@IPA.BRAD.LOCAL
not found in Kerberos database
< WWW-Authenticate: Negotiate
< X-Frame-Options: DENY
< Content-Security-Policy: frame-ancestors 'none'
< Last-Modified: Fri, 03 Mar 2017 00:56:04 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host homeipa01.brad.local left intact
HTTP response code is 401, not 200
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Kinda at loss on what to try next and where to look so any direction would
be much appreciated.
Thank you,
Bradley Bishop