You guys are awesome!!!!
# ipa-client-install --enable-dns-updates --mkhomedir --no-ntp Discovery was successful! … Continue to configure the system with these values? [no]: yes … Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf …. Systemwide CA database updated. Added CA certificates to the default NSS database. … Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub …. SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring ipa.candeal.ca as NIS domain. Client configuration complete. Gady -----Original Message----- From: Lukas Slebodnik [mailto:lsleb...@redhat.com] Sent: April 20, 2016 4:16 PM To: Gady Notrica Cc: Rob Crittenden; Martin Basti; freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa-client-install errors On (20/04/16 20:10), Gady Notrica wrote: >[root@cd-s-prd-db1 krb5.include.d]# ls -l > >-rw-r--r--. 1 root root 224 Apr 9 07:24 domain_realm_ipa_candeal_ca > >-rw-r--r--. 1 root root 118 Apr 9 07:24 localauth_plugin > > > >[root@cd-s-prd-db1 krb5.include.d]# cat domain_realm_ipa_candeal_ca > ># Generated by NetworkManager > >search ipa.candeal.ca > >nameserver 172.20.10.40 > >nameserver 172.20.10.41 This should be content of /etc/resolv.conf and not domain_realm_ipa_candeal_ca > > > >[root@cd-s-prd-db1 krb5.include.d]# cat localauth_plugin > >[domain_realm] > >.AD.candeal.ca = AD.CANDEAL.CA > >AD.candeal.ca = AD.CANDEAL.CA > >[capaths] > This should be content of domain_realm_ipa_candeal_ca and not localauth_plugin Remove both files. It is safe. They will be created by sssd after start. LS
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project