[Freeipa-users] Re: Enroll CentOS 5 on FreeIPA 4.3

Wed, 07 Jun 2017 10:50:35 -0700 

Hi Rob

Thanks for your response

No, there is nothing after this line in the output neither in 
/var/log/ipaclient-install.log

This is my /var/log/ipaclient-install.log


[root@l1 log]# cat /var/log/ipaclient-install.log   
2017-06-07 09:57:29,671 DEBUG /usr/sbin/ipa-client-install was invoked with 
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 
'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': 
False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 
'dns_updates': False, 'preserve_sssd': False, 'debug': True, 'on_master': 
False, 'ca_cert_file': None, 'realm_name': None, 'unattended': None, 
'ntp_server': None, 'principal': None}
2017-06-07 09:57:29,671 DEBUG missing options might be asked for interactively 
later

2017-06-07 09:57:29,671 DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-06-07 09:57:29,671 DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-06-07 09:57:29,676 DEBUG [IPA Discovery]
2017-06-07 09:57:29,676 DEBUG Starting IPA discovery with domain=None, 
servers=None, hostname=l1.example.com
2017-06-07 09:57:29,676 DEBUG [ipadnssearchldap(example.com)]
2017-06-07 09:57:29,733 DEBUG [ipadnssearchkrb]
2017-06-07 09:57:29,851 DEBUG [ipacheckldap]
2017-06-07 09:57:29,851 DEBUG Verifying that ipa.example.com (realm 
EXAMPLE.COM) is an IPA server
2017-06-07 09:57:29,851 DEBUG Init ldap with: ldap://ipa.example.com:389
2017-06-07 09:57:29,890 DEBUG Search LDAP server for IPA base DN
2017-06-07 09:57:29,894 DEBUG Check if naming context 'cn=changelog' is for IPA
2017-06-07 09:57:29,895 DEBUG Info attribute with IPA server version not found
2017-06-07 09:57:29,895 DEBUG Check if naming context 'dc=example,dc=com' is 
for IPA
2017-06-07 09:57:29,896 DEBUG Naming context 'dc=example,dc=com' is a valid IPA 
context
2017-06-07 09:57:29,896 DEBUG Search for (objectClass=krbRealmContainer) in 
dc=example,dc=com(sub)
2017-06-07 09:57:29,898 DEBUG Found: 
[('cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com', {'objectClass': ['top', 
'krbrealmcontainer', 'krbticketpolicyaux'], 'cn': ['example.COM']})]
2017-06-07 09:57:29,898 DEBUG Discovery result: Success; 
server=ipa.example.com, domain=example.com, kdc=ipa.example.com, 
basedn=dc=example,dc=com
2017-06-07 09:57:29,898 DEBUG Validated servers: ipa.example.com
2017-06-07 09:57:29,898 DEBUG will use domain: example.com

2017-06-07 09:57:29,898 DEBUG [ipadnssearchldap(example.com)]
2017-06-07 09:57:29,956 DEBUG DNS validated, enabling discovery
2017-06-07 09:57:29,956 DEBUG will use discovered server: ipa.example.com
2017-06-07 09:57:29,956 DEBUG will use cli_realm: EXAMPLE.COM

2017-06-07 09:57:29,956 DEBUG will use cli_basedn: dc=example,dc=com

2017-06-07 09:58:27,850 DEBUG will use principal: admin

2017-06-07 09:58:28,188 DEBUG args=/usr/sbin/ntpdate -U ntp -s -b 
ipa.example.com
2017-06-07 09:58:28,188 DEBUG stdout=
2017-06-07 09:58:28,188 DEBUG stderr=
2017-06-07 09:58:28,189 DEBUG Writing Kerberos configuration to /tmp/tmpSeQjKB:
#File modified by ipa-client-install

[libdefaults]
  default_realm = EXAMPLE.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  EXAMPLE.COM = {
    kdc = ipa.example.com:88
    master_kdc = ipa.example.com:88
    admin_server = ipa.example.com:749
    default_domain = example.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM


2017-06-07 09:59:58,552 DEBUG args=kinit ad...@example.com
2017-06-07 09:59:58,553 DEBUG stdout=Password for ad...@example.com: 

2017-06-07 09:59:58,553 DEBUG stderr=
2017-06-07 09:59:58,555 DEBUG trying to retrieve CA cert via LDAP from 
ldap://ipa.example.com
2017-06-07 09:59:58,578 DEBUG Existing CA cert and Retrieved CA cert are 
identical


It’s don’t progress. 

Thanks, Regards

Jose Alvarez R.



-----Original Message-----
From: Rob Crittenden via FreeIPA-users 
[mailto:freeipa-users@lists.fedorahosted.org] 
Sent: miércoles 7 de junio de 2017 11:23 a.m.
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: jalva...@cyberfuel.com; Rob Crittenden <rcrit...@redhat.com>
Subject: [Freeipa-users] Re: Enroll CentOS 5 on FreeIPA 4.3

Jose Alvarez R. via FreeIPA-users wrote:
> Hello
> 
>  
> 
> A question
> 
>  
> 
> What another way I can enroll my server client on my IPA server ?
> 
>  
> 
> I have a server IPA with S.O. Fedora 24 and
> freeipa-server-4.3.3-1.fc24.x86_64
> 
>  
> 
> My client server have a S.O. CentOS release 5.10  with
> ipa-client-2.1.3-7.el5
> 
>  
> 
> This is the “ipa-client-install –d”
> 
>  
> 
> [root@l1 ~]# ipa-client-install -d
> 
> root        : DEBUG    /usr/sbin/ipa-client-install was invoked with
> options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
> False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None,
> 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir':
> False, 'dns_updates': False, 'preserve_sssd': False, 'debug': True,
> 'on_master': False, 'ca_cert_file': None, 'realm_name': None,
> 'unattended': None, 'ntp_server': None, 'principal': None}
> 
> root        : DEBUG    missing options might be asked for interactively
> later
> 
>  
> 
> root        : DEBUG    Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 
> root        : DEBUG    Loading StateFile from
> '/var/lib/ipa-client/sysrestore/sysrestore.state'
> 
> root        : DEBUG    [IPA Discovery]
> 
> root        : DEBUG    Starting IPA discovery with domain=None,
> servers=None, hostname=l1.example.com
> 
> root        : DEBUG    [ipadnssearchldap(example.com)]
> 
> root        : DEBUG    [ipadnssearchkrb]
> 
> root        : DEBUG    [ipacheckldap]
> 
> root        : DEBUG    Verifying that ipa.example.com (realm
> EXAMPLE.COM) is an IPA server
> 
> root        : DEBUG    Init ldap with: ldap://ipa.example.com:389
> 
> root        : DEBUG    Search LDAP server for IPA base DN
> 
> root        : DEBUG    Check if naming context 'cn=changelog' is for IPA
> 
> root        : DEBUG    Info attribute with IPA server version not found
> 
> root        : DEBUG    Check if naming context 'dc=example,dc=com' is
> for IPA
> 
> root        : DEBUG    Naming context 'dc=example,dc=com' is a valid IPA
> context
> 
> root        : DEBUG    Search for (objectClass=krbRealmContainer) in
> dc=example,dc=com(sub)
> 
> root        : DEBUG    Found:
> [('cn=example.COM,cn=kerberos,dc=example,dc=com', {'objectClass':
> ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'cn': 
> ['example.COM']})]
> 
> root        : DEBUG    Discovery result: Success;
> server=ipa.example.com, domain=example.com, kdc=ipa.example.com, 
> basedn=dc=example,dc=com
> 
> root        : DEBUG    Validated servers: ipa.example.com
> 
> root        : DEBUG    will use domain: example.com
> 
>  
> 
> root        : DEBUG    [ipadnssearchldap(example.com)]
> 
> root        : DEBUG    DNS validated, enabling discovery
> 
> root        : DEBUG    will use discovered server: ipa.example.com
> 
> Discovery was successful!
> 
> root        : DEBUG    will use cli_realm: EXAMPLE.COM
> 
>  
> 
> root        : DEBUG    will use cli_basedn: dc=example,dc=com
> 
>  
> 
> Hostname: l1.example.com
> 
> Realm: example.COM
> 
> DNS Domain: example.com
> 
> IPA Server: ipa.example.com
> 
> BaseDN: dc=example,dc=com
> 
>  
> 
>  
> 
> Continue to configure the system with these values? [no]: yes
> 
> User authorized to enroll computers: admin
> 
> root        : DEBUG    will use principal: admin
> 
>  
> 
> Synchronizing time with KDC...
> 
> root        : DEBUG    args=/usr/sbin/ntpdate -U ntp -s -b ipa.example.com
> 
> root        : DEBUG    stdout=
> 
> root        : DEBUG    stderr=
> 
> root        : DEBUG    Writing Kerberos configuration to /tmp/tmpSeQjKB:
> 
> #File modified by ipa-client-install
> 
>  
> 
> [libdefaults]
> 
>   default_realm = EXAMPLE.COM
> 
>   dns_lookup_realm = false
> 
>   dns_lookup_kdc = false
> 
>   rdns = false
> 
>   ticket_lifetime = 24h
> 
>   forwardable = yes
> 
>  
> 
> [realms]
> 
>   example.COM = {
> 
>     kdc = ipa.example.com:88
> 
>     master_kdc = ipa.example.com:88
> 
>     admin_server = ipa.example.com:749
> 
>     default_domain = example.com
> 
>     pkinit_anchors = FILE:/etc/ipa/ca.crt
> 
>   }
> 
>  
> 
> [domain_realm]
> 
>   .example.com = EXAMPLE.COM
> 
>   example.com = EXAMPLE.COM
> 
>  
> 
>  
> 
> Password for ad...@example.com:
> 
> root        : DEBUG    args=kinit ad...@example.com
> 
> root        : DEBUG    stdout=Password for ad...@example.com:
> 
>  
> 
> root        : DEBUG    stderr=
> 
>  
> 
> root        : DEBUG    trying to retrieve CA cert via LDAP from
> ldap://ipa.example.com
> 
> root        : DEBUG    Existing CA cert and Retrieved CA cert are identical
> 
>  
> 
>  
> 
>  
> 
> In the line “*root        : DEBUG    Existing CA cert and Retrieved CA
> cert are identical*”   It’s don’t progress.

I'm surprised it would end here as this isn't an error case. There is nothing 
after this line in the output or in /var/log/ipaclient-install.log?

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to