Hello Sumit
ipa-client-install hasn't set krb5_realm. I did that.
We're using Chef-Solo to manage our systems and I have /etc/sssd/sssd.conf
in chef. So it overwrote, whatever ipa-client-install put there. And that's
how the mistake happened.
I think the ipa-client-install discovered everything right. I'm attaching
the log.
Best regards,
Alexander
2015-10-06 15:01 GMT+02:00 Sumit Bose <sb...@redhat.com>:
> On Tue, Oct 06, 2015 at 11:26:42AM +0200, Alexander Skwar wrote:
> > Hi
> >
> > With further debugging, I discovered, that I messed up the
> > /etc/sssd/sssd.conf file. There, I added:
> >
> > …
> > [domain/customer.company.internal]
> >
> > krb5_realm = customer.company.internal
> > …
> >
> >
> >
> > Exactly like that. With "krb5_realm = customer.company.internal"; ie.
> with
> > the realm in lowercase letters.
> >
> > After having changed that to uppercase letters (ie. "krb5_realm =
> > CUSTOMER.COMPANY.INTERNAL"), it works fine.
>
> Thank you for the feedback. Can you check /var/log/ipaclient-install.log
> to see which realm ipa-client-install has discovered? In general
> ipa-client-install should be able to determine the right realm. In your
> case where domain and realm are the same except the case it shouldn't
> have set krb5_realm at all.
>
> bye,
> Sumit
>
> >
> >
> >
> > Thanks for your time and help ;)
> >
> > Cheers,
> > Alexander
> >
> >
> >
> > 2015-10-05 14:07 GMT+02:00 Sumit Bose <sb...@redhat.com>:
> >
> > > On Mon, Oct 05, 2015 at 09:00:13AM +0200, Alexander Skwar wrote:
> > > > Hi
> > > >
> > > > Hm, there's nothing at all in the /var/log/sssd/krb5_child.log when
> I try
> > > > to login with SSH and enter a password.
> > >
> > > Can you try to increase the debug_level to 0xFFF0?
> > >
> > > >
> > > > kinit doesn't work.
> > > >
> > > > $ kinit -k
> > > > kinit: Permission denied while getting initial credentials
> > > >
> > > > For this test, I was root and then did a "su - user" and then "kinit
> -k".
> > > > Also after the "kinit -k", nothing is in the krb5_child.log.
> > >
> > > The 'kinit -k' has to be done as root. It will only check if the client
> > > can connect to the KDC at all and tries to get a TGT for the host.
> > >
> > > It's expected that during this operation nothing is added to the SSSD
> > > logs because the kinit utility work independent of SSSD.
> > >
> > > bye,
> > > Sumit
> > >
> > > >
> > > > Regards,
> > > > Alexander
> > > >
> > > >
> > > > 2015-10-02 17:59 GMT+02:00 Jakub Hrozek <jhro...@redhat.com>:
> > > >
> > > > > On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote:
> > > > > > Hello
> > > > > >
> > > > > > How do I get password authentication to work with freeipa-client
> > > > > > 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
> > > > > >
> > > > > > Long version follows :)
> > > > > >
> > > > > > We've got an IPA server with the Red Hat Identity Management
> server
> > > > > > on RHEL 7.1 servers; FreeIPA v4.1.0 is being used there. I
> configured
> > > > > > users and groups there and would now like to login with SSH.
> When I
> > > > > > store a SSH key for the user account, I can login just fine,
> using
> > > > > > this SSH key. But I'd like/need to use passwords as well. And
> sudo
> > > > > > also doesn't work, when it's asking for passwords - I supposed,
> > > > > > it's the same root cause.
> > > > > >
> > > > > > Let's stick with SSH.
> > > > > >
> > > > > > Initially, I installed the FreeIPA client with this command line:
> > > > > >
> > > > > > ipa-client-install --force-join --mkhomedir --ssh-trust-dns \
> > > > > > --enable-dns-updates --unattended \
> > > > > > --principal=admin --password=correctone \
> > > > > > --domain=customer.company.internal \
> > > > > > --server=auth01.customer.company.internal
> > > > > >
> > > > > > I then try to do a SSH login with:
> > > > > >
> > > > > > ssh -l ewt@customer.company.internal 192.168.229.143
> > > > > > or:
> > > > > > ssh -l ewt 192.168.229.143
> > > > > >
> > > > > > Password authentication doesn't work.
> > > > > >
> > > > > > In the /var/log/syslog on the system where I try to login, I find
> > > this:
> > > > > >
> > > > > > 2015-10-02T15:33:38.771291+02:00 mgmt02
> > > [sssd[krb5_child[14154]]]:
> > > > > > Key table entry not found
> > > > > >
> > > > > > After having turned up the debug level of the sssd with "sssd -i
> -f
> > > -d
> > > > > > 0x0770 --debug-timestamps=1", I find the following in the system
> log
> > > > > > files:
> > > > > >
> > > > > > 2015-10-02T15:40:48.756399+02:00 mgmt02 sshd[14194]:
> > > > > > pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0
> > > > > > tty=ssh ruser= rhost=212.71.117.1 user=ewt
> > > > > > 2015-10-02T15:40:48.775896+02:00 mgmt02 sshd[14194]:
> > > > > > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0
> > > > > > tty=ssh ruser= rhost=212.71.117.1 user=ewt
> > > > > > 2015-10-02T15:40:48.775927+02:00 mgmt02 sshd[14194]:
> > > > > > pam_sss(sshd:auth): received for user ewt: 4 (System error)
> > > > > > 2015-10-02T15:40:50.988591+02:00 mgmt02 sshd[14194]: Failed
> > > > > > password for ewt from 212.71.117.1 port 58136 ssh2
> > > > > >
> > > > > > TBH, I don't quite understand it. Anyway, in
> > > > > > /var/log/sssd/sssd_customer.company.internal.log I noticed:
> > > > > >
> > > > > > (Fri Oct 2 15:46:26 2015)
> [sssd[be[customer.company.internal]]]
> > > > > > [read_pipe_handler] (0x0400): EOF received, client finished
> > > > > > (Fri Oct 2 15:46:26 2015)
> [sssd[be[customer.company.internal]]]
> > > > > > [parse_krb5_child_response] (0x0020): message too short.
> > > > > > (Fri Oct 2 15:46:26 2015)
> [sssd[be[customer.company.internal]]]
> > > > > > [krb5_auth_done] (0x0040): Could not parse child response [22]:
> > > > > > Invalid argument
> > > > > > (Fri Oct 2 15:46:26 2015)
> [sssd[be[customer.company.internal]]]
> > > > > > [ipa_auth_handler_done] (0x0040): krb5_auth_recv request failed.
> > > > > >
> > > > > > Well… What am I doing wrong or what might I have forgotten?
> > > > >
> > > > > We need to also see the krb5_child.log but please check if the
> keytab
> > > is
> > > > > correct (ie kinit -k works).
> > > > >
> > > > > --
> > > > > Manage your subscription for the Freeipa-users mailing list:
> > > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > Go to http://freeipa.org for more info on the project
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > >
> > > > Alexander
> > > > --
> > > > => *Google+* => http://plus.skwar.me <==
> > > > => *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <==
> > >
> > > > --
> > > > Manage your subscription for the Freeipa-users mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go to http://freeipa.org for more info on the project
> > >
> > >
> >
> >
> > --
> >
> >
> > Alexander
> > --
> > => *Google+* => http://plus.skwar.me <==
> > => *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <==
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
--
Alexander
--
=> *Google+* => http://plus.skwar.me <==
=> *Chat* (Jabber/Google Talk) => a.sk...@gmail.com <==
2015-10-06T09:11:36Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'customer.company.internal', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': True, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': ['auth01-ka.customer.company.internal'], 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False}
2015-10-06T09:11:36Z DEBUG missing options might be asked for interactively later
2015-10-06T09:11:36Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:36Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/service chronyd status
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=chronyd: unrecognized service
2015-10-06T09:11:36Z DEBUG [IPA Discovery]
2015-10-06T09:11:36Z DEBUG Starting IPA discovery with domain=customer.company.internal, servers=['auth01-ka.customer.company.internal'], hostname=mgmt02-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Server and domain forced
2015-10-06T09:11:36Z DEBUG [Kerberos realm search]
2015-10-06T09:11:36Z DEBUG Search DNS for TXT record of _kerberos.customer.company.internal
2015-10-06T09:11:36Z DEBUG DNS record found: "CUSTOMER.COMPANY.INTERNAL"
2015-10-06T09:11:36Z DEBUG Search DNS for SRV record of _kerberos._udp.customer.company.internal
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth02-prod.customer.company.internal.
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth01-prod.customer.company.internal.
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 88 auth01-ka.customer.company.internal.
2015-10-06T09:11:36Z DEBUG [LDAP server check]
2015-10-06T09:11:36Z DEBUG Verifying that auth01-ka.customer.company.internal (realm CUSTOMER.COMPANY.INTERNAL) is an IPA server
2015-10-06T09:11:36Z DEBUG Init LDAP connection to: auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Search LDAP server for IPA base DN
2015-10-06T09:11:36Z DEBUG Check if naming context 'dc=snbng,dc=everyware,dc=internal' is for IPA
2015-10-06T09:11:36Z DEBUG Naming context 'dc=snbng,dc=everyware,dc=internal' is a valid IPA context
2015-10-06T09:11:36Z DEBUG Search for (objectClass=krbRealmContainer) in dc=snbng,dc=everyware,dc=internal (sub)
2015-10-06T09:11:36Z DEBUG Found: cn=CUSTOMER.COMPANY.INTERNAL,cn=kerberos,dc=snbng,dc=everyware,dc=internal
2015-10-06T09:11:36Z DEBUG Discovery result: Success; server=auth01-ka.customer.company.internal, domain=customer.company.internal, kdc=auth02-prod.customer.company.internal,auth01-prod.customer.company.internal,auth01-ka.customer.company.internal, basedn=dc=snbng,dc=everyware,dc=internal
2015-10-06T09:11:36Z DEBUG Validated servers: auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG will use discovered domain: customer.company.internal
2015-10-06T09:11:36Z DEBUG Using servers from command line, disabling DNS discovery
2015-10-06T09:11:36Z DEBUG will use provided server: auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG will use discovered realm: CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:36Z DEBUG will use discovered basedn: dc=snbng,dc=everyware,dc=internal
2015-10-06T09:11:36Z INFO Hostname: mgmt02-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Hostname source: Machine's FQDN
2015-10-06T09:11:36Z INFO Realm: CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:36Z DEBUG Realm source: Discovered from LDAP DNS records in auth01-ka.customer.company.internal
2015-10-06T09:11:36Z INFO DNS Domain: customer.company.internal
2015-10-06T09:11:36Z DEBUG DNS Domain source: Forced
2015-10-06T09:11:36Z INFO IPA Server: auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG IPA Server source: Provided as option
2015-10-06T09:11:36Z INFO BaseDN: dc=snbng,dc=everyware,dc=internal
2015-10-06T09:11:36Z DEBUG BaseDN source: From IPA server ldap://auth01-ka.customer.company.internal:389
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:36Z DEBUG Process finished, return code=3
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory
2015-10-06T09:11:36Z INFO Synchronizing time with KDC...
2015-10-06T09:11:36Z DEBUG Search DNS for SRV record of _ntp._udp.customer.company.internal
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth01-ka.customer.company.internal.
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth02-prod.customer.company.internal.
2015-10-06T09:11:36Z DEBUG DNS record found: 0 100 123 auth01-prod.customer.company.internal.
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth02-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-prod.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=/usr/sbin/ntpdate -s -b -v auth01-ka.customer.company.internal
2015-10-06T09:11:36Z DEBUG Process finished, return code=1
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z WARNING Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=keyctl get_persistent @s 0
2015-10-06T09:11:36Z DEBUG Process finished, return code=2
2015-10-06T09:11:36Z DEBUG stdout=
2015-10-06T09:11:36Z DEBUG stderr=Unknown command
2015-10-06T09:11:36Z DEBUG Writing Kerberos configuration to /tmp/tmpxjOLEw:
2015-10-06T09:11:36Z DEBUG #File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = CUSTOMER.COMPANY.INTERNAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
CUSTOMER.COMPANY.INTERNAL = {
kdc = auth01-ka.customer.company.internal:88
master_kdc = auth01-ka.customer.company.internal:88
admin_server = auth01-ka.customer.company.internal:749
default_domain = customer.company.internal
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.customer.company.internal = CUSTOMER.COMPANY.INTERNAL
customer.company.internal = CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:36Z DEBUG Starting external process
2015-10-06T09:11:36Z DEBUG args=kinit admin@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:36Z DEBUG Process finished, return code=0
2015-10-06T09:11:36Z DEBUG stdout=Password for admin@CUSTOMER.COMPANY.INTERNAL:
2015-10-06T09:11:36Z DEBUG stderr=
2015-10-06T09:11:36Z DEBUG trying to retrieve CA cert via LDAP from auth01-ka.customer.company.internal
2015-10-06T09:11:38Z DEBUG flushing ldap://auth01-ka.customer.company.internal:389 from SchemaCache
2015-10-06T09:11:38Z DEBUG retrieving schema for SchemaCache url=ldap://auth01-ka.customer.company.internal:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f7545d2de60>
2015-10-06T09:11:39Z INFO Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Valid From: Thu Aug 13 16:17:49 2015 UTC
Valid Until: Mon Aug 13 16:17:49 2035 UTC
2015-10-06T09:11:39Z DEBUG Starting external process
2015-10-06T09:11:39Z DEBUG args=/usr/sbin/ipa-join -s auth01-ka.customer.company.internal -b dc=snbng,dc=everyware,dc=internal -h mgmt02-ka.customer.company.internal -f
2015-10-06T09:11:39Z DEBUG Process finished, return code=0
2015-10-06T09:11:39Z DEBUG stdout=
2015-10-06T09:11:39Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:39Z INFO Enrolled in IPA realm CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:39Z DEBUG Starting external process
2015-10-06T09:11:39Z DEBUG args=kdestroy
2015-10-06T09:11:39Z DEBUG Process finished, return code=0
2015-10-06T09:11:39Z DEBUG stdout=
2015-10-06T09:11:39Z DEBUG stderr=
2015-10-06T09:11:39Z DEBUG Starting external process
2015-10-06T09:11:39Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:39Z DEBUG Process finished, return code=0
2015-10-06T09:11:39Z DEBUG stdout=
2015-10-06T09:11:39Z DEBUG stderr=
2015-10-06T09:11:39Z DEBUG Backing up system configuration file '/etc/ipa/default.conf'
2015-10-06T09:11:39Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist
2015-10-06T09:11:39Z INFO Created /etc/ipa/default.conf
2015-10-06T09:11:39Z DEBUG importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
2015-10-06T09:11:39Z DEBUG Starting external process
2015-10-06T09:11:39Z DEBUG args=klist -V
2015-10-06T09:11:39Z DEBUG Process finished, return code=0
2015-10-06T09:11:39Z DEBUG stdout=Kerberos 5 version 1.12
2015-10-06T09:11:39Z DEBUG stderr=
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
2015-10-06T09:11:39Z DEBUG importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
2015-10-06T09:11:40Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf'
2015-10-06T09:11:40Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist
2015-10-06T09:11:40Z INFO New SSSD config will be created
2015-10-06T09:11:40Z INFO Configured /etc/sssd/sssd.conf
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=/usr/bin/certutil -A -d sql:/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2015-10-06T09:11:40Z DEBUG Process finished, return code=0
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=
2015-10-06T09:11:40Z DEBUG Backing up system configuration file '/etc/krb5.conf'
2015-10-06T09:11:40Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl get_persistent @s 0
2015-10-06T09:11:40Z DEBUG Process finished, return code=2
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=Unknown command
2015-10-06T09:11:40Z DEBUG Writing Kerberos configuration to /etc/krb5.conf:
2015-10-06T09:11:40Z DEBUG #File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = CUSTOMER.COMPANY.INTERNAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
CUSTOMER.COMPANY.INTERNAL = {
kdc = auth01-ka.customer.company.internal:88
master_kdc = auth01-ka.customer.company.internal:88
admin_server = auth01-ka.customer.company.internal:749
default_domain = customer.company.internal
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.customer.company.internal = CUSTOMER.COMPANY.INTERNAL
customer.company.internal = CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z INFO Configured /etc/krb5.conf for IPA realm CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Process finished, return code=1
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Process finished, return code=1
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available
2015-10-06T09:11:40Z DEBUG failed to find session_cookie in persistent storage for principal 'host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL'
2015-10-06T09:11:40Z DEBUG trying https://auth01-ka.customer.company.internal/ipa/xml
2015-10-06T09:11:40Z DEBUG NSSConnection init auth01-ka.customer.company.internal
2015-10-06T09:11:40Z DEBUG Connecting: 192.168.229.145:0
2015-10-06T09:11:40Z DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 19 (0x13)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Validity:
Not Before: Fri Aug 14 09:14:59 2015 UTC
Not After : Mon Aug 14 09:14:59 2017 UTC
Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28:
0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb:
4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b:
73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50:
c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10:
f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9:
a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11:
ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9:
27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3:
df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9:
c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be:
98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d:
b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48:
66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16:
28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12:
28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7
Exponent: 65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf:
f9:4e:b3:b1
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e:
9d:c4:0e:ee
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4:
96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96:
e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16:
83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8:
c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99:
cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f:
b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a:
6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee:
17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba:
de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f:
27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b:
fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6:
d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2:
11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b:
d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9:
30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da
Fingerprint (MD5):
bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c
Fingerprint (SHA1):
18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80:
c5:af:70:c7
2015-10-06T09:11:40Z DEBUG approved_usage = SSLServer intended_usage = SSLServer
2015-10-06T09:11:40Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL"
2015-10-06T09:11:40Z DEBUG handshake complete, peer = 192.168.229.145:443
2015-10-06T09:11:40Z DEBUG received Set-Cookie 'ipa_session=f40d81751b8744638adb1bf0d17f20e1; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:40 GMT; Secure; HttpOnly'
2015-10-06T09:11:40Z DEBUG storing cookie 'ipa_session=f40d81751b8744638adb1bf0d17f20e1; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:40 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Process finished, return code=1
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:40Z DEBUG Process finished, return code=1
2015-10-06T09:11:40Z DEBUG stdout=
2015-10-06T09:11:40Z DEBUG stderr=keyctl_search: Required key not available
2015-10-06T09:11:40Z DEBUG Starting external process
2015-10-06T09:11:40Z DEBUG args=keyctl padd user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL @s
2015-10-06T09:11:40Z DEBUG Process finished, return code=0
2015-10-06T09:11:40Z DEBUG stdout=353147855
2015-10-06T09:11:40Z DEBUG stderr=
2015-10-06T09:11:40Z DEBUG Created connection context.xmlclient
2015-10-06T09:11:40Z DEBUG Try RPC connection
2015-10-06T09:11:40Z DEBUG Forwarding 'ping' to server 'https://auth01-ka.customer.company.internal/ipa/xml'
2015-10-06T09:11:40Z DEBUG NSSConnection init auth01-ka.customer.company.internal
2015-10-06T09:11:40Z DEBUG Connecting: 192.168.229.145:0
2015-10-06T09:11:40Z DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 19 (0x13)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Validity:
Not Before: Fri Aug 14 09:14:59 2015 UTC
Not After : Mon Aug 14 09:14:59 2017 UTC
Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28:
0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb:
4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b:
73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50:
c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10:
f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9:
a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11:
ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9:
27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3:
df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9:
c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be:
98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d:
b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48:
66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16:
28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12:
28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7
Exponent: 65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf:
f9:4e:b3:b1
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e:
9d:c4:0e:ee
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4:
96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96:
e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16:
83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8:
c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99:
cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f:
b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a:
6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee:
17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba:
de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f:
27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b:
fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6:
d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2:
11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b:
d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9:
30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da
Fingerprint (MD5):
bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c
Fingerprint (SHA1):
18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80:
c5:af:70:c7
2015-10-06T09:11:40Z DEBUG approved_usage = SSLServer intended_usage = SSLServer
2015-10-06T09:11:40Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL"
2015-10-06T09:11:40Z DEBUG handshake complete, peer = 192.168.229.145:443
2015-10-06T09:11:42Z DEBUG received Set-Cookie 'ipa_session=7e8a59443eee8a8c7dabaa5ca94de268; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly'
2015-10-06T09:11:42Z DEBUG storing cookie 'ipa_session=7e8a59443eee8a8c7dabaa5ca94de268; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=353147855
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=353147855
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl pupdate 353147855
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Forwarding 'env' to server 'https://auth01-ka.customer.company.internal/ipa/xml'
2015-10-06T09:11:42Z DEBUG NSSConnection init auth01-ka.customer.company.internal
2015-10-06T09:11:42Z DEBUG Connecting: 192.168.229.145:0
2015-10-06T09:11:42Z DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 19 (0x13)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Validity:
Not Before: Fri Aug 14 09:14:59 2015 UTC
Not After : Mon Aug 14 09:14:59 2017 UTC
Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28:
0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb:
4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b:
73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50:
c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10:
f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9:
a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11:
ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9:
27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3:
df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9:
c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be:
98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d:
b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48:
66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16:
28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12:
28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7
Exponent: 65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf:
f9:4e:b3:b1
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e:
9d:c4:0e:ee
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4:
96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96:
e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16:
83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8:
c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99:
cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f:
b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a:
6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee:
17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba:
de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f:
27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b:
fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6:
d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2:
11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b:
d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9:
30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da
Fingerprint (MD5):
bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c
Fingerprint (SHA1):
18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80:
c5:af:70:c7
2015-10-06T09:11:42Z DEBUG approved_usage = SSLServer intended_usage = SSLServer
2015-10-06T09:11:42Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL"
2015-10-06T09:11:42Z DEBUG handshake complete, peer = 192.168.229.145:443
2015-10-06T09:11:42Z DEBUG received Set-Cookie 'ipa_session=a7cacdd5d5ac6a509b6a5c942521fee2; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly'
2015-10-06T09:11:42Z DEBUG storing cookie 'ipa_session=a7cacdd5d5ac6a509b6a5c942521fee2; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:42 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=353147855
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=353147855
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=keyctl pupdate 353147855
2015-10-06T09:11:42Z DEBUG Process finished, return code=0
2015-10-06T09:11:42Z DEBUG stdout=
2015-10-06T09:11:42Z DEBUG stderr=
2015-10-06T09:11:42Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt:
2015-10-06T09:11:42Z DEBUG
debug
zone customer.company.internal.
update delete mgmt02-ka.customer.company.internal. IN A
show
send
update add mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143
show
send
2015-10-06T09:11:42Z DEBUG Starting external process
2015-10-06T09:11:42Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2015-10-06T09:11:43Z DEBUG Process finished, return code=0
2015-10-06T09:11:43Z DEBUG stdout=Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 0 ANY A
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15996
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;4133435401.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ADDITIONAL SECTION:
4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444122703 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBDCCAQCgAwIBEqKB+ASB 9TSTq9rEGV5YVHnc3ra9voP7K6NugQXEJrS1sMTI8nQl2gemuYrkI1dO F0Wh29Hwf0B+Y2Uo8MMRutQ57feibfh0XvOcq3vZbgF3a4GjJUdyoGhI 3C9bxMXnG4dzYFq4XCDIeOkKBCLGyX7MkspdrYtfzCH+6RTPa+a+kHo7 qm0Brd23RzT/j9UfZTn0176tPn7PirEn1XJWh4c77dRRxTn1wrzGGAnd 2fyPURVSLT/aHmrHnBJSOg3LDQrIj2CS4pYFIg5mjMemN5JNJ/pc8kLL kEpLV2ZozsSm+IDGVfhaXmsEP/DMEa/cAl0K0BznVeR4o6Lx 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 51044
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 0 ANY A
;; TSIG PSEUDOSECTION:
4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQE//////8AAAAAC6fdQlgsRsFtt/N1D97dLA== 51044 NOERROR 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38425
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;2494113905.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ADDITIONAL SECTION:
2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444122703 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBDCCAQCgAwIBEqKB+ASB 9Sj4mwIYwIY2STV+hlgg27muTTAmmDeaNZVrO8/NgGrfo/xL07IvSqzy 5qa5c5v6w0A+8iUC44T28N0hu9xeYyz67LNxI6onoGf1M6yCFAJPfJS0 N5vrxFMrEZ0wnibyFud5KADtLvWQM15+j11vv/wuZD+vgi7sBSpLZPs8 7EFfrZWbfclT2dRYgBmUFnqi0KOar8DB4SvJvNENZjP932dt4VCvobec htlAH8gucCkuPR1KLlsEVQ3qvOJuo0VaDsLr1uj+iwCLCZQYddTXK9Fo gkrxIeEaVz228+Xq3bDL4r5nwS0I5LZrJ4gmNXbkPdfZjAsF 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 8187
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 1200 IN A 192.168.229.143
;; TSIG PSEUDOSECTION:
2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQE//////8AAAAAOnXVt6kbLShy4CL9H2Aq0A== 8187 NOERROR 0
2015-10-06T09:11:43Z DEBUG stderr=Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54163
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;customer.company.internal. IN SOA
;; ANSWER SECTION:
customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051732 3600 900 1209600 3600
;; AUTHORITY SECTION:
customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal.
;; ADDITIONAL SECTION:
auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45
auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145
auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55
Found zone name: customer.company.internal
The master is: auth01-ka.customer.company.internal
start_gssrequest
Found realm from ticket: CUSTOMER.COMPANY.INTERNAL
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15996
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;4133435401.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ANSWER SECTION:
4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444126303 3 NOERROR 185 oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIB AgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuVQO5hz8dci7u lQs2jrgn8phsJIEofnua6ERzpy32/teYA8zTSLi+ChJAYGnzdF1rW/mK 5npxPzSRve0V2il3UayUW/vs+JTcw+cTVv0TQi0alT4PQ/wZs+Q2oZn9 CbS5XR7A6k9xqB8tYpPcOiA= 0
Sending update to 192.168.229.145#53
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 51044
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; TSIG PSEUDOSECTION:
4133435401.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQF//////8AAAAAJbMveIVOcmx91ueSrfgc9A== 51044 NOERROR 0
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53771
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;customer.company.internal. IN SOA
;; ANSWER SECTION:
customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051733 3600 900 1209600 3600
;; AUTHORITY SECTION:
customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal.
customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal.
;; ADDITIONAL SECTION:
auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45
auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145
auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55
Found zone name: customer.company.internal
The master is: auth01-ka.customer.company.internal
start_gssrequest
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38425
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;2494113905.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ANSWER SECTION:
2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122703 1444126303 3 NOERROR 185 oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIB AgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARu1RNhqTv7dVJe 6bluz4C+no8Ws4i4fIP3TOoueOZk6Y6MZTLpvzvuTc+wuxCCcmIqq2RL iDe08YAQo87sawFnMjuq42ToYQvUfDdiJ11oEAM/cAsKNZDgo4Hu/GXw h/s3G9ztwP1YScb0VBPZHhA= 0
Sending update to 192.168.229.145#53
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 8187
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; TSIG PSEUDOSECTION:
2494113905.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122703 300 28 BAQF//////8AAAAACg400qZnkhX79ryPIGcedg== 8187 NOERROR 0
2015-10-06T09:11:43Z INFO DNS server record set to: mgmt02-ka.customer.company.internal -> 192.168.229.143
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service dbus status
2015-10-06T09:11:43Z DEBUG Process finished, return code=1
2015-10-06T09:11:43Z DEBUG stdout=
2015-10-06T09:11:43Z DEBUG stderr=dbus: unrecognized service
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service dbus start
2015-10-06T09:11:43Z DEBUG Process finished, return code=1
2015-10-06T09:11:43Z DEBUG stdout=
2015-10-06T09:11:43Z DEBUG stderr=dbus: unrecognized service
2015-10-06T09:11:43Z ERROR dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger restart
2015-10-06T09:11:43Z DEBUG Process finished, return code=0
2015-10-06T09:11:43Z DEBUG stdout=certmonger stop/waiting
certmonger start/running
2015-10-06T09:11:43Z DEBUG stderr=
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger status
2015-10-06T09:11:43Z DEBUG Process finished, return code=0
2015-10-06T09:11:43Z DEBUG stdout=certmonger start/running
2015-10-06T09:11:43Z DEBUG stderr=
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger restart
2015-10-06T09:11:43Z DEBUG Process finished, return code=0
2015-10-06T09:11:43Z DEBUG stdout=certmonger stop/waiting
certmonger start/running
2015-10-06T09:11:43Z DEBUG stderr=
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=/usr/sbin/service certmonger status
2015-10-06T09:11:43Z DEBUG Process finished, return code=0
2015-10-06T09:11:43Z DEBUG stdout=certmonger start/running
2015-10-06T09:11:43Z DEBUG stderr=
2015-10-06T09:11:43Z DEBUG Starting external process
2015-10-06T09:11:43Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - mgmt02-ka.customer.company.internal -N CN=mgmt02-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL -K host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:43Z DEBUG Process finished, return code=1
2015-10-06T09:11:43Z DEBUG stdout=Error connecting to DBus.
Please verify that the message bus (D-Bus) service is running.
2015-10-06T09:11:43Z DEBUG stderr=
2015-10-06T09:11:43Z ERROR certmonger request for host certificate failed
2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
2015-10-06T09:11:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
2015-10-06T09:11:43Z DEBUG Forwarding 'host_mod' to server 'https://auth01-ka.customer.company.internal/ipa/xml'
2015-10-06T09:11:43Z DEBUG NSSConnection init auth01-ka.customer.company.internal
2015-10-06T09:11:43Z DEBUG Connecting: 192.168.229.145:0
2015-10-06T09:11:43Z DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 19 (0x13)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=CUSTOMER.COMPANY.INTERNAL
Validity:
Not Before: Fri Aug 14 09:14:59 2015 UTC
Not After : Mon Aug 14 09:14:59 2017 UTC
Subject: CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
92:d6:98:65:16:1f:00:69:ac:3b:1b:9b:eb:ec:f9:28:
0f:35:98:cf:c3:3d:0b:21:32:d2:ca:99:1e:33:b2:eb:
4d:21:05:f4:ad:01:7c:02:03:8d:6c:a4:8b:2b:08:0b:
73:33:5a:80:6f:8c:37:98:10:27:f3:01:dc:61:8c:50:
c3:59:46:73:99:cc:57:d4:7e:95:c6:ad:07:93:fe:10:
f7:6a:eb:da:1c:d3:f6:8b:1b:1e:a6:c7:3c:75:8b:a9:
a3:52:e4:e7:6d:9b:53:e5:22:8e:9c:6a:ed:b9:99:11:
ce:b3:45:fd:c4:66:0e:b9:ac:26:51:60:b8:12:d2:a9:
27:02:57:c7:9a:ae:73:d9:c3:a7:54:1a:ef:d8:d0:f3:
df:ff:45:96:cd:d9:a0:c2:18:fd:92:b8:ae:f3:34:f9:
c9:5d:27:6a:30:24:1a:79:65:8d:21:c2:14:77:60:be:
98:eb:0f:fb:ea:84:41:13:4a:80:88:68:44:8d:73:7d:
b0:74:5d:9a:71:b3:d7:e9:a3:35:28:bb:8d:ca:95:48:
66:bb:0c:29:e9:34:b0:94:b8:65:9e:9c:82:c2:a0:16:
28:9b:b1:07:53:92:72:f8:9b:05:2b:b6:26:11:ec:12:
28:d6:3a:a8:ee:1c:1f:c7:46:84:4b:0f:a7:4f:27:d7
Exponent: 65537 (0x10001)
Signed Extensions: (6)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
1b:da:6e:94:53:91:43:d1:d0:a7:cf:84:f7:91:f4:bf:
f9:4e:b3:b1
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: CRL Distribution Points
Critical: False
CRL Distribution Points: [1 total]
Point [1]:
General Names: [1 total]
http://ipa-ca.customer.company.internal/ipa/crl/MasterCRL.bin
Issuer: Directory Name: CN=Certificate Authority,O=ipaca
Reasons: ()
Name: Certificate Subject Key ID
Critical: False
Data:
80:f9:4a:ab:32:5b:44:df:e9:e4:b5:00:77:5a:19:2e:
9d:c4:0e:ee
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
b4:56:29:55:12:59:cd:94:6a:0d:cd:09:8f:d7:01:c4:
96:58:40:9d:d5:a8:a3:96:91:52:e9:c6:41:8b:72:96:
e3:ba:ff:52:2a:1d:9b:fd:0a:d4:52:27:34:a6:db:16:
83:e9:c9:40:ec:ac:02:c8:8b:00:08:2d:e7:0a:3f:a8:
c2:de:59:75:7f:f4:5b:26:33:c5:ed:c5:8c:a6:e9:99:
cd:27:a0:1b:a8:0a:f0:77:d2:ed:5d:78:fe:03:bd:1f:
b4:3c:b2:3a:07:91:31:e0:f7:45:c1:92:f0:b1:1e:1a:
6a:57:ff:aa:36:6a:96:d6:18:6c:a9:58:60:ed:cf:ee:
17:92:f5:f3:5a:c3:83:0f:88:c9:dd:bd:a3:72:04:ba:
de:71:2e:11:83:49:81:a1:90:d2:73:43:51:47:3f:7f:
27:44:49:e0:9a:1a:4e:b6:17:45:af:5a:db:17:ec:5b:
fd:da:20:a3:79:b1:37:c4:05:95:35:18:a5:92:4a:a6:
d0:bc:dd:5b:eb:cc:97:9e:0a:98:ff:ac:ec:ee:9d:a2:
11:dc:4c:d0:b5:33:d0:87:93:36:f7:b9:a2:6e:85:7b:
d8:4b:45:b8:6d:78:91:b7:cb:b2:ba:25:a5:8d:22:f9:
30:5d:c3:fc:36:bd:af:92:ba:4d:3e:74:b0:72:4e:da
Fingerprint (MD5):
bc:66:2f:dc:02:f0:df:1c:1e:e3:39:aa:26:da:fb:6c
Fingerprint (SHA1):
18:47:dc:26:91:a0:5d:2c:84:4c:49:ba:cb:df:d5:80:
c5:af:70:c7
2015-10-06T09:11:43Z DEBUG approved_usage = SSLServer intended_usage = SSLServer
2015-10-06T09:11:43Z DEBUG cert valid True for "CN=auth01-ka.customer.company.internal,O=CUSTOMER.COMPANY.INTERNAL"
2015-10-06T09:11:43Z DEBUG handshake complete, peer = 192.168.229.145:443
2015-10-06T09:11:44Z DEBUG received Set-Cookie 'ipa_session=4108c07c92bcd0ff2fb4868590e8aec0; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:44 GMT; Secure; HttpOnly'
2015-10-06T09:11:44Z DEBUG storing cookie 'ipa_session=4108c07c92bcd0ff2fb4868590e8aec0; Domain=auth01-ka.customer.company.internal; Path=/ipa; Expires=Tue, 06 Oct 2015 09:31:44 GMT; Secure; HttpOnly' for principal host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=353147855
2015-10-06T09:11:44Z DEBUG stderr=
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=keyctl search @s user ipa_session_cookie:host/mgmt02-ka.customer.company.internal@CUSTOMER.COMPANY.INTERNAL
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=353147855
2015-10-06T09:11:44Z DEBUG stderr=
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=keyctl pupdate 353147855
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=
2015-10-06T09:11:44Z DEBUG stderr=
2015-10-06T09:11:44Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt:
2015-10-06T09:11:44Z DEBUG debug
zone customer.company.internal.
update delete mgmt02-ka.customer.company.internal. IN SSHFP
show
send
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0965A0C94
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A67603E9D0
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA
update add mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E55639067C236134
show
send
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 0 ANY SSHFP
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30427
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;3390531495.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ADDITIONAL SECTION:
3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444122704 3 NOERROR 793 YIIDFQYGKwYBBQUCoIIDCTCCAwWgDTALBgkqhkiG9xIBAgKiggLyBIIC 7mCCAuoGCSqGSIb3EgECAgEAboIC2TCCAtWgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBTCCAQGgAwIBEqKB+QSB 9iRdcUnHuoPHOzQR26ipbDXtrbrrfxcwmc5BRpZVUVMN1rLbAjh8hLeX A8WFuaCTLarVq3r3mkg+nI4YNeIxG+wnFn1jW63KlN5T4WSl7LHaa6GK 2Gt1LqWanSCDLwVQIdmymI6jChvmLNerA4+bII1wS0YL/Ny6VFIOHNS+ 11lH2UJRD0RlM600CgK03EQoSdiG+urEpsNuuc5pwmU7wKRGMlEF17F5 X9qmrSLRNOQNowP+Fyw2Uw8dVlJfjeFEt1HdMTJO+pyuVjrH1QtgfdPW PMzd8ppQ1+rKT3eNpCDwWKrCVUHahjGDzJQ78uXwjh3pBUvArw== 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 21871
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 0 ANY SSHFP
;; TSIG PSEUDOSECTION:
3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQE//////8AAAAAA898JoKQ1Vli4n878bRW3g== 21871 NOERROR 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0 965A0C94
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A6 7603E9D0
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E5563906 7C236134
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54983
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;4267511099.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ADDITIONAL SECTION:
4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444122704 3 NOERROR 793 YIIDFQYGKwYBBQUCoIIDCTCCAwWgDTALBgkqhkiG9xIBAgKiggLyBIIC 7mCCAuoGCSqGSIb3EgECAgEAboIC2TCCAtWgAwIBBaEDAgEOogcDBQAg AAAAo4IBtWGCAbEwggGtoAMCAQWhGhsYU05CTkcuRVZFUllXQVJFLklO VEVSTkFMojowOKADAgEBoTEwLxsDRE5TGyhzbmJuZy1hdXRoMDEta2Eu c25ibmcuZXZlcnl3YXJlLmludGVybmFso4IBTDCCAUigAwIBEqEDAgEC ooIBOgSCATbXa8vSFJbWBf9J/4q6UZgsRtU0lKDUEL+W8uRX7ZbHWpBP JZ7x9sHPeQOX6Ta9zGrDcdaui5BKO2Enz/vD4EOrq45FtGWelXmNYufi iSebUbGV3MnSh1CjkYH8NGRO974kxPuPyI3sF9wPrh8S3b0ikOeUKXo5 QtRMtXUcxtNy96Pp1t3uWg+dq+IHD71lPqVThEw3bplLWBLTdfN20m9A UW7mV5ao8d6fCp11r/WdAIw3rad08pnMi8SdHzo9XayTgvk1M/ynrUwj y30IaRCabUx7HhYJIzSgVp+q9IvxtvWkd8stR9QBf2K0Rc55v+n7OB5r AgqFVNagsRyVdB5sUuHtxaNlXW2b6SSMKSZcREPHzKLLH7TrTGA17STs 7sI8qP0tsjKOYywquVpklMDNgUe43xeApIIBBTCCAQGgAwIBEqKB+QSB 9gDBwCapaUb4dEK6EZBwt1kH/esx936qkh9iX/vVVDP4kvMPO/CZUFSQ qnlQBeGDXiK5nug5DW1vPi2e4zvVbF8Uez/zlHy1VuA4nAp3WEuR6p9R 2z+7h227kS8DfwVyabSyzDtkZ700JPeYFEJcq1uOSjZIlbCs3yAf+GTp xBaUCRf17QkyKCN79aDqnk6ojraSTXWFEvPZd9pzvuvr7wzL5KoCmNsB XxeljlRBrqJiuxqr0lIqtw1wU2nuoErjEA0BkeqHsyScuSM9b7rD0yML PKWYIEP1qzWexJHuobtyjIgmukIsvm32RVPhOD5o2wgASwmweA== 0
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6502
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 6, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; UPDATE SECTION:
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 1 424A87D2335ACA3A460E2454B72548BFBD22CF7A
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 3 2 94443E78DD002B170F7C6A4060478E4A1EA16C8A93398DBAA96ED0B0 965A0C94
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 1 38DD440682436C67CEFB0D65C8B359E2CF071ACE
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 2 2 8D34993BB14C3512A024FF33334301B62921E191F9937B6C31AB56A6 7603E9D0
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 1 5EDA759D75D497B6CDEC1434C0870B37E74641BA
mgmt02-ka.customer.company.internal. 1200 IN SSHFP 1 2 A688F258D1FEE18EAF2D67AA67F06A6C2CCF1A2DB18F8385E5563906 7C236134
;; TSIG PSEUDOSECTION:
4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQE//////8AAAAAG/0/YFlRii/SapinV1kHfg== 6502 NOERROR 0
2015-10-06T09:11:44Z DEBUG stderr=Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38403
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;customer.company.internal. IN SOA
;; ANSWER SECTION:
customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444051734 3600 900 1209600 3600
;; AUTHORITY SECTION:
customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal.
customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal.
;; ADDITIONAL SECTION:
auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45
auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145
auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55
Found zone name: customer.company.internal
The master is: auth01-ka.customer.company.internal
start_gssrequest
Found realm from ticket: CUSTOMER.COMPANY.INTERNAL
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30427
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;3390531495.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ANSWER SECTION:
3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444126304 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvc2mXmspCWZMs aGogdq7iEIKjrQ84LHXFnEXS3mJ8Eqrs8Gad6J2heOVDoMAD47RdaOVk ijGH/omhKf1suAmgTvlQ/KvHZ6zSOsqi0PdSCO76EVSofUruDLwCElzL MkfltXtikAjd4B4+j9PdGuda 0
Sending update to 192.168.229.145#53
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 21871
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; TSIG PSEUDOSECTION:
3390531495.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQF//////8AAAAAPahQUDX87F18ZUku1KappA== 21871 NOERROR 0
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4775
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;customer.company.internal. IN SOA
;; ANSWER SECTION:
customer.company.internal. 86400 IN SOA auth01-ka.customer.company.internal. unix.everyware.ch.customer.company.internal. 1444122706 3600 900 1209600 3600
;; AUTHORITY SECTION:
customer.company.internal. 86400 IN NS auth02-prod.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-ka.customer.company.internal.
customer.company.internal. 86400 IN NS auth01-prod.customer.company.internal.
;; ADDITIONAL SECTION:
auth01-prod.customer.company.internal. 1200 IN A 192.168.229.45
auth01-ka.customer.company.internal. 1200 IN A 192.168.229.145
auth02-prod.customer.company.internal. 1200 IN A 192.168.229.55
Found zone name: customer.company.internal
The master is: auth01-ka.customer.company.internal
start_gssrequest
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54983
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;4267511099.sig-auth01-ka.customer.company.internal. ANY TKEY
;; ANSWER SECTION:
4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TKEY gss-tsig. 1444122704 1444126304 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvOgT0ksqsG0d1 F/1i7Vembh/F+48wq/o84UkM7lIM0ebE3b/K89g/3hd8yxdLLmEF5BQm o20gOK+prgFdhczITdUwvn0NFfDH5HC9gn2I0wLSckzKAdmCpWOZYk0u LEqoGiFkMT00wwBXZmRKuPa2 0
Sending update to 192.168.229.145#53
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6502
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;customer.company.internal. IN SOA
;; TSIG PSEUDOSECTION:
4267511099.sig-auth01-ka.customer.company.internal. 0 ANY TSIG gss-tsig. 1444122704 300 28 BAQF//////8AAAAAP6cfPnuAvI46WesWYCFLLQ== 6502 NOERROR 0
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service nscd status
2015-10-06T09:11:44Z DEBUG Process finished, return code=1
2015-10-06T09:11:44Z DEBUG stdout=
2015-10-06T09:11:44Z DEBUG stderr=nscd: unrecognized service
2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-10-06T09:11:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=/usr/sbin/pam-auth-update --force --package
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=
2015-10-06T09:11:44Z DEBUG stderr=debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
2015-10-06T09:11:44Z INFO SSSD enabled
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service sssd restart
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=sssd start/running, process 17669
2015-10-06T09:11:44Z DEBUG stderr=stop: Unknown instance:
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=/usr/sbin/service sssd status
2015-10-06T09:11:44Z DEBUG Process finished, return code=0
2015-10-06T09:11:44Z DEBUG stdout=sssd start/running, process 17669
2015-10-06T09:11:44Z DEBUG stderr=
2015-10-06T09:11:44Z DEBUG Backing up system configuration file '/etc/ldap/ldap.conf'
2015-10-06T09:11:44Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:44Z INFO Configured /etc/openldap/ldap.conf
2015-10-06T09:11:44Z DEBUG Starting external process
2015-10-06T09:11:44Z DEBUG args=getent passwd admin@customer.company.internal
2015-10-06T09:11:44Z DEBUG Process finished, return code=2
2015-10-06T09:11:44Z DEBUG stdout=
2015-10-06T09:11:44Z DEBUG stderr=
2015-10-06T09:11:45Z DEBUG Starting external process
2015-10-06T09:11:45Z DEBUG args=getent passwd admin@customer.company.internal
2015-10-06T09:11:45Z DEBUG Process finished, return code=0
2015-10-06T09:11:45Z DEBUG stdout=admin:*:1242600000:1242600000:Administrator:/home/admin:/bin/bash
2015-10-06T09:11:45Z DEBUG stderr=
2015-10-06T09:11:45Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-10-06T09:11:45Z DEBUG Backing up system configuration file '/etc/ntp.conf'
2015-10-06T09:11:45Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:45Z DEBUG Backing up system configuration file '/etc/default/ntp'
2015-10-06T09:11:45Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:45Z DEBUG Starting external process
2015-10-06T09:11:45Z DEBUG args=/usr/sbin/service ntp restart
2015-10-06T09:11:47Z DEBUG Process finished, return code=0
2015-10-06T09:11:47Z DEBUG stdout= * Stopping NTP server ntpd
...done.
* Starting NTP server ntpd
...done.
2015-10-06T09:11:47Z DEBUG stderr=
2015-10-06T09:11:47Z DEBUG Starting external process
2015-10-06T09:11:47Z DEBUG args=/usr/sbin/service ntp status
2015-10-06T09:11:47Z DEBUG Process finished, return code=0
2015-10-06T09:11:47Z DEBUG stdout= * NTP server is running
2015-10-06T09:11:47Z DEBUG stderr=
2015-10-06T09:11:47Z INFO NTP enabled
2015-10-06T09:11:47Z DEBUG Backing up system configuration file '/etc/ssh/ssh_config'
2015-10-06T09:11:47Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:47Z INFO Configured /etc/ssh/ssh_config
2015-10-06T09:11:47Z DEBUG Backing up system configuration file '/etc/ssh/sshd_config'
2015-10-06T09:11:47Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-10-06T09:11:47Z DEBUG Starting external process
2015-10-06T09:11:47Z DEBUG args=sshd -t -f /dev/null -o AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys -o AuthorizedKeysCommandUser=nobody
2015-10-06T09:11:47Z DEBUG Process finished, return code=0
2015-10-06T09:11:47Z DEBUG stdout=
2015-10-06T09:11:47Z DEBUG stderr=
2015-10-06T09:11:47Z INFO Configured /etc/ssh/sshd_config
2015-10-06T09:11:47Z DEBUG Starting external process
2015-10-06T09:11:47Z DEBUG args=/usr/sbin/service sshd status
2015-10-06T09:11:47Z DEBUG Process finished, return code=1
2015-10-06T09:11:47Z DEBUG stdout=
2015-10-06T09:11:47Z DEBUG stderr=sshd: unrecognized service
2015-10-06T09:11:47Z INFO Client configuration complete.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
