Hi All, I have a new installation of freeipa
ipa-server-3.0.0-37.el6.x86_64
on CentOS 6.5
one of my clients stopped authentication last night, I performed a
ipa-client-install —uninstall from the client then on trying to delete the the
host
# ipa host-del client.x.y.z
ipa: ERROR: Certificate format error: [Errno -5925] error (-5925) unknown
/var/log/krb5kdc.log
Oct 02 10:27:07 <server> krb5kdc[30623](info): TGS_REQ (4 etypes {18 17 16 23})
<server_IP>: ISSUE: authtime 1412221207, etypes {rep=18 tkt=18 ses=18},
HTTP/<server>@<realm> for ldap/<server>@<realm>
Oct 02 10:27:07 <server> krb5kdc[30623](info): ... CONSTRAINED-DELEGATION
s4u-client=admin@<realm>
trying to add back the client
[root@client ~]# ipa-client-install --domain=<doamin> --server=<server>
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always
access the discovered server for all operations and will not fail over to other
servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Hostname: <server>
Realm: <realm>
DNS Domain: <domain>
IPA Server: <server>
BaseDN: dc=<baseDN>
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@<realm>:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=<realm>
Issuer: CN=Certificate Authority,O=<realm>
Valid From: Sun Sep 21 20:42:12 2014 UTC
Valid Until: Thu Sep 21 20:42:12 2034 UTC
Joining realm failed: RPC failed at server. Certificate format error: [Errno
-5925] error (-5925) unknown
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Cheers,
Tim
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
