Unable to sync time normally means you've got the ntpd service running on the client (or the port is blocked). Try turn that off and then run ntpdate ipaserver or ipa-client-install again. I noticed this happened to me too a few times. I think it's because the new host you're trying to enroll is in the past and kerberos keys aren't active until x time.
I may be wrong.. On Thu, Sep 26, 2013 at 10:30 PM, Bret Wortman <bret.wort...@damascusgrp.com > wrote: > # ipa-client-install --enable-dns-updates --mkhomedir > Discovery was successful! > Hostname: os105.foo.net > Realm: FOO.NET > DNS Domain: foo.net > IPA Server: osipa.foo.net > BaseDN: dc=foo,dc=net > > > Continue to configure the system with these values? [no]: yes > User authrozied to enroll computers: admin > Synchronizing time with KDC... > Unable to sync time with IPA NTP server, assuming the time is in sync. > Password for ad...@foo.net > > Enrolled in IPA realm FOO.NET > Created /etc/ipa/default.conf > COnfigured /etc/sssd/sssd.conf > COnfigured /etc/krb5.conf for IPA realm FOO.NET > Failed to obtain host TGT. > Installation failed. Rolling back changes. > # > > I've seen the "unable to sync time" error before and have still been able > to enroll, but something's different with this host. It also does this when > I try to enroll with other replicas as well. Thoughts? > > * > * > *Bret Wortman* > > http://damascusgrp.com/ > http://about.me/wortmanbret > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
