Todd Maugh wrote:
thanks Rob! the main issue I am having is that the install is not completing
and setting this ubuntu host up as a client.
I cleared out the old cert as you suggested, the ssh keys were copied over from
a previous attempt. IM not using IPA as DNS and I understand the ntp part.
so now my install finishes up like this:
Forwarding 'host_mod' to server u'https://se-idm-01.boingo.com/ipa/xml'
NSSConnection init se-idm-01.boingo.com
Connecting: 66.103.90.130:0
handshake complete, peer = 66.103.90.130:443
received Set-Cookie 'ipa_session=8df7bbb20b25f2d7ede3c6df88f4832b;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 20:25:02 GMT;
Secure; HttpOnly'
storing cookie 'ipa_session=8df7bbb20b25f2d7ede3c6df88f4832b;
Domain=se-idm-01.boingo.com; Path=/ipa; Expires=Fri, 21 Feb 2014 20:25:02 GMT;
Secure; HttpOnly' for principal
host/se-idm-ubuntu-client-01.boingo....@boingo.com
Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
Starting external process
args=keyctl search @s user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
Starting external process
args=keyctl padd user
ipa_session_cookie:host/se-idm-ubuntu-client-01.boingo....@boingo.com @s
Process finished, return code=0
stdout=700576616
stderr=
Caught fault 4202 from server https://se-idm-01.boingo.com/ipa/xml: no
modifications to be performed
Writing nsupdate commands to /etc/ipa/.dns_update.txt:
zone boingo.com.
update delete se-idm-ubuntu-client-01.boingo.com. IN SSHFP
send
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 1 1
AD5C9E4F7AEA55418455D54D84862A2B6EC16AB4
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 1 2
B1BE4E3E3B4A79CFFCE5B3BBCC31DFB9979F6A1D97EF4E3EF8F8295C2595033A
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 2 1
D456E5C237736406CB5F4B4C24C836217B6D977E
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 2 2
8125272934E18BFDDA77D5B03BBBF600A0833C37669C568A3476D623A191C457
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 3 1
270551D349212B7112D4A9079FF490C8D6733041
update add se-idm-ubuntu-client-01.boingo.com. 1200 IN SSHFP 3 2
0BC5F5FA7155A03BD9B05DDD5882FD907A0FC8C6D6F6F3341521D4F7B57D3662
send
Starting external process
args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
Process finished, return code=1
stdout=
stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor
code may provide more information, Minor = Server
DNS/ns-1454.awsdns-53....@boingo.com not found in Kerberos database.
nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt'
returned non-zero exit status 1
Could not update DNS SSHFP records.
Starting external process
args=/usr/sbin/service nscd status
Process finished, return code=1
stdout=
stderr=nscd: unrecognized service
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
It's hard to say based on this. The next thing it would do in Fedora is
run authconfig. I'm unfamiliar with the Ubuntu port, particularly the
upstream version it is based on.
It isn't possible to know why it is failing without more information.
There is no clear indication in the log of why it died. strace might be
handy here.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
