Dmitry Krasov via FreeIPA-users wrote: > Centos 9 ipa-client install error: > Failed to obtain host TGT: Major (458752): No credentials were supplied, or > the credentials were unavailable or inaccessible, Minor (2529639122): > Pre-authentication failed: No key table entry found for > host/ipaclient.dom....@dom.loc > ---------------------------------------------- > > This program will set up IPA client. > > Version 4.11.0 > > > > Client hostname: ipaclient.dom.loc > > Realm: DOM.LOC > > DNS Domain: dom.loc > > IPA Server: ipa.dom.loc > > BaseDN: dc=dom,dc=loc > > > > Synchronizing time > > Configuration of chrony was changed by installer. > > Attempting to sync time with chronyc. > > Time synchronization was successful. > > Successfully retrieved CA cert > > Subject: CN=Certificate Authority,O=DOM.LOC > > Issuer: CN=Certificate Authority,O=DOM.LOC > > Valid From: 2022-12-12 10:19:12+00:00 > > Valid Until: 2042-12-12 10:19:12+00:00 > > > > Enrolled in IPA realm DOM.LOC > > Please make sure the following ports are opened in the firewall settings: > > TCP: 80, 88, 389 > > UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > > Also note that following ports are necessary for ipa-client working properly > after enrollment: > > TCP: 464 > > UDP: 464, 123 (if NTP enabled) > > Failed to obtain host TGT: Major (458752): No credentials were supplied, or > the credentials were unavailable or inaccessible, Minor (2529639122): > Pre-authentication failed: No key table entry found for > host/ipaclient.dom....@dom.loc > > Installation failed. Rolling back changes. > > Disabling client Kerberos and LDAP configurations > > Restoring client configuration files > > nscd daemon is not installed, skip configuration > > nslcd daemon is not installed, skip configuration > > Client uninstall complete.
We need to see /var/log/ipaclient-install.log to be able to tell what is going on. Did you confirm that the mentioned ports are open to the client? rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue