Hi, Rob Thanks for your response
The link https://bugzilla.redhat.com/show_bug.cgi?id=719945 I not have access.. I tried to install xmlrpc-c-1.16.24-1210.1840.el6.src.rpm in the server PPA(Client IPA), but still shows the same error. A moment ago I added another client server with same version xmlrpc and installed correctly. Thanks Regards. [root@bk1 ~]# ipa-client-install --debug /usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir'on_master': False, 'ntp_server': None, 'nisdomain': None, 'no_nisdomain': False, 'principal': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True,nf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': missing options might be asked for interactively later Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' [IPA Discovery] Starting IPA discovery with domain=None, servers=None, hostname=bk1.cyberfuel.com Start searching for LDAP SRV record in "cyberfuel.com" (domain of the hostname) and its sub-domains Search DNS for SRV record of _ldap._tcp.cyberfuel.com. DNS record found: DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0, port:389,weight:50,server:freeipa.cyberfuel.com.} [Kerberos realm search] Search DNS for TXT record of _kerberos.cyberfuel.com. DNS record found: DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data:CYBERFU EL.COM} Search DNS for SRV record of _kerberos._udp.cyberfuel.com. DNS record found: DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={priorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} [LDAP server check] Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 Search LDAP server for IPA base DN Check if naming context 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com' is a valid IPA context Search for (objectClass=krbRealmContainer) in dc=cyberfuel,dc=com (sub) Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com Discovery result: Success; server=freeipa.cyberfuel.com, domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com will use discovered domain: cyberfuel.com Start searching for LDAP SRV record in "cyberfuel.com" (Validating DNS Discovery) and its sub-domains Search DNS for SRV record of _ldap._tcp.cyberfuel.com. DNS record found: DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0, port:389,weight:50,server:freeipa.cyberfuel.com.} DNS validated, enabling discovery will use discovered server: freeipa.cyberfuel.com Discovery was successful! will use discovered realm: CYBERFUEL.COM will use discovered basedn: dc=cyberfuel,dc=com Hostname: bk1.cyberfuel.com Hostname source: Machine's FQDN Realm: CYBERFUEL.COM Realm source: Discovered from LDAP DNS records in freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source: Discovered LDAP SRV records from cyberfuel.com (domain of the hostname) IPA Server: freeipa.cyberfuel.com IPA Server source: Discovered from LDAP DNS records in freeipa.cyberfuel.com BaseDN: dc=cyberfuel,dc=com BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 Continue to configure the system with these values? [no]: yes args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM stdout= stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory User authorized to enroll computers: admin will use principal provided as option: admin Synchronizing time with KDC... Search DNS for SRV record of _ntp._udp.cyberfuel.com. No DNS record found args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout= stderr= args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout= stderr= args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout= stderr= Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Writing Kerberos configuration to /tmp/tmp5msIum: #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = CYBERFUEL.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 [realms] CYBERFUEL.COM = { kdc = freeipa.cyberfuel.com:88 master_kdc = freeipa.cyberfuel.com:88 admin_server = freeipa.cyberfuel.com:749 default_domain = cyberfuel.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .cyberfuel.com = CYBERFUEL.COM cyberfuel.com = CYBERFUEL.COM Password for ad...@cyberfuel.com: args=kinit ad...@cyberfuel.com stdout=Password for ad...@cyberfuel.com: stderr= trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com Successfully retrieved CA cert Subject: CN=Certificate Authority,O=CYBERFUEL.COM Issuer: CN=Certificate Authority,O=CYBERFUEL.COM Valid From: Wed Sep 30 17:46:50 2015 UTC Valid Until: Sun Sep 30 17:46:50 2035 UTC args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b dc=cyberfuel,dc=com -d stdout= stderr=XML-RPC CALL: <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n <methodName>join</methodName>\r\n <params>\r\n <param><value><array><data>\r\n <value><string>bk1.cyberfuel.com</string></value>\r\n </data></array></value></param>\r\n <param><value><struct>\r\n <member><name>nsosversion</name>\r\n <value><string>2.6.32-573.12.1.el6.x86_64</string></value></member>\r\n <member><name>nshardwareplatform</name>\r\n <value><string>x86_64</string></value></member>\r\n </struct></value></param>\r\n </params>\r\n </methodCall>\r\n * About to connect() to freeipa.cyberfuel.com port 443 (#0) * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM * start date: Sep 30 17:52:11 2015 GMT * expire date: Sep 30 17:52:11 2017 GMT * common name: freeipa.cyberfuel.com * issuer: CN=Certificate Authority,O=CYBERFUEL.COM > POST /ipa/xml HTTP/1.1 Host: freeipa.cyberfuel.com Accept: */* Content-Type: text/xml User-Agent: ipa-join/3.0.0 Referer: https://freeipa.cyberfuel.com/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 Content-Length: 478 < HTTP/1.1 401 Authorization Required < Date: Fri, 29 Apr 2016 20:42:25 GMT < Server: Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified: Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000" < Accept-Ranges: bytes < Content-Length: 1370 < Connection: close < Content-Type: text/html; charset=UTF-8 < * Closing connection #0 * Issue another request to this URL: 'https://freeipa.cyberfuel.com:443/ipa/xml' * About to connect() to freeipa.cyberfuel.com port 443 (#0) * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM * start date: Sep 30 17:52:11 2015 GMT * expire date: Sep 30 17:52:11 2017 GMT * common name: freeipa.cyberfuel.com * issuer: CN=Certificate Authority,O=CYBERFUEL.COM * Server auth using GSS-Negotiate with user '' > POST /ipa/xml HTTP/1.1 Authorization: Negotiate YIIFFAYJKoZIhvcSAQICAQBuggUDMIIE/6ADAgEFoQMCAQ6iBwMFAAAAAACjggFiYYIBXjCCAVqg AwIBBaEPGw1DWUJFUkZVRUwuQ09NoigwJqADAgEDoR8wHRsESFRUUBsVZnJlZWlwYS5MIZbbMHqa QcuYz6zysTVwY+I/uvLznfkDrkClgtyvEIsnBopXcWBenFEbqcmRIBa7bkXiIxc1tYEzNh1rME/4 ZUh0PjUjX+QQO9NDpYrAIxFLoP6b6J87wFt2Wi+Rx2LPGlcPrIwKPNwyaOqw/QQ8r11FLI5RVzpH eUL3uokQgZF6+GBoFo61lHY/W36Cb3JgxdG8Ge3TWWYgjEQKWlY48N6YNSPF2a2iKpgSuy/1Qe5E HTfpyiJWnZJnlEIHllpIIDgjCCA36gAwIBEqKCA3UEggNx1WXEz0IRl4aJlkL5Eq0bxky36jm7zI q3oiCcgWzqH9ma866TuD4ew++XcXmKZxszk6zf+c8tYhdRezxK74jF9XkpnRxTiBxOao7oPabJau yM0k637IWWzTb1m+cC46PRaysFc7x3z5CGBWNyu0DpGyw240za4cepY1J+Q+mm7bq51zCDyMU1CY 7+of3Z4Z7s6P5/x/pn8DJBegXVIYq2Wb3sQbMUJCSbCG37Xb8j2nzhAaup1l4xTINQxSSLZRIS7M H2YCE+z66P0607z7xBh7bwed97hHC2o3T0hDNnJOP7SRBUXquXCW9RbLUdOmYfcLcH8ygUWemm3A MqL+mDYN3jpe25O/7Z/wFxYiUIw/6CtHGjJ1nrDy47Y1sbsjU1XT/sJ8JqxRFwCm9ALpQP+rYZ0k v8/9OAaclw4vobu4Zmb3rVFBOzKpgRaUSvg4vSuRi/SPCzcH2PwBBSHpZuXWazWvZpnpTXYBl3nw lelW8gE1PWWeAhxbCDP/u5D6vAJ7q1287bL+UdpnCki0Ye0c1+LCsqzhscPDtWOMHAqzs5pwyyfC Qpg13GX93fHWJPRkrJbGTkGAknZkQFPtjks1C3JCRqhiz62KVLo6g5uRljHr8NNzvTBr2iRl9aK6 cDAEMaW5X26ko0XtO7urcbw/w6smuJLyYjroJH5Pe41bPMaUCls3RTvhxrlMzXSXgywPr3zDFpIg CirdIfqowkF5Utq6Uub2d9wdhXXYuH3PCj3KBzsAAHFv2iI+Xg3a7+7LlWUFnTLVEzEhsKVO3lO7 jFb8kKwop5o7yTyXsQmW4g0rdCam07GuRObob6yQ= Host: freeipa.cyberfuel.com Accept: */* Content-Type: text/xml User-Agent: ipa-join/3.0.0 Referer: https://freeipa.cyberfuel.com/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 Content-Length: 478 < HTTP/1.1 200 Success < Date: Fri, 29 Apr 2016 20:42:25 GMT < Server: Apache/2.2.15 (CentOS) * Added cookie ipa_session="4aeb2b4e2cfacb0691a94b71e2d0a0c9" for domain freeipa.cyberfuel.com, path /ipa, expire 1461963745 < Set-Cookie: ipa_session=4aeb2b4e2cfacb0691a94b71e2d0a0c9; Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:25 GMT; Secure; HttpOnly < Connection: close < Transfer-Encoding: chunked < Content-Type: text/xml; charset=utf-8 < * Expire cleared * Closing connection #0 XML-RPC RESPONSE: <?xml version='1.0' encoding='UTF-8'?>\n <methodResponse>\n <params>\n <param>\n <value><array><data>\n <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel, dc=com</string></value>\n <value><struct>\n <member>\n <name>dn</name>\n <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel, dc=com</string></value>\n </member>\n <member>\n <name>ipacertificatesubjectbase</name>\n <value><array><data>\n <value><string>O=CYBERFUEL.COM</string></value>\n </data></array></value>\n </member>\n <member>\n <name>has_keytab</name>\n <value><boolean>0</boolean></value>\n </member>\n <member>\n <name>objectclass</name>\n <value><array><data>\n <value><string>ipaobject</string></value>\n <value><string>nshost</string></value>\n <value><string>ipahost</string></value>\n <value><string>pkiuser</string></value>\n <value><string>ipaservice</string></value>\n <value><string>krbprincipalaux</string></value>\n <value><string>krbprincipal</string></value>\n <value><string>ieee802device</string></value>\n <value><string>ipasshhost</string></value>\n <value><string>top</string></value>\n <value><string>ipaSshGroupOfPubKeys</string></value>\n </data></array></value>\n </member>\n <member>\n <name>fqdn</name>\n <value><array><data>\n <value><string>bk1.cyberfuel.com</string></value>\n </data></array></value>\n </member>\n <member>\n <name>has_password</name>\n <value><boolean>0</boolean></value>\n </member>\n <member>\n <name>ipauniqueid</name>\n <value><array><data>\n <value><string>e1a08eb8-0e4a-11e6-8c5b-005056b027f1</string></value>\n </data></array></value>\n </member>\n <member>\n <name>krbprincipalname</name>\n <value><array><data>\n <value><string>host/bk1.cyberfuel....@cyberfuel.com</string></value>\n </data></array></value>\n </member>\n <member>\n <name>managedby_host</name>\n <value><array><data>\n <value><string>bk1.cyberfuel.com</string></value>\n </data></array></value>\n </member>\n </struct></value>\n </data></array></value>\n </param>\n </params>\n </methodResponse>\n Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=CYBERFUEL.COM Enrolled in IPA realm CYBERFUEL.COM args=kdestroy stdout= stderr= Attempting to get host TGT... args=/usr/bin/kinit -k -t /etc/krb5.keytab host/bk1.cyberfuel....@cyberfuel.com stdout= stderr= Attempt 1/5 succeeded. Backing up system configuration file '/etc/ipa/default.conf' -> Not backing up - '/etc/ipa/default.conf' doesn't exist Created /etc/ipa/default.conf importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' args=klist -V stdout=Kerberos 5 version 1.10.3 stderr= importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' Backing up system configuration file '/etc/sssd/sssd.conf' -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist New SSSD config will be created Backing up system configuration file '/etc/nsswitch.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt stdout= stderr= Backing up system configuration file '/etc/krb5.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Writing Kerberos configuration to /etc/krb5.conf: #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = CYBERFUEL.COM dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 [realms] CYBERFUEL.COM = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .cyberfuel.com = CYBERFUEL.COM cyberfuel.com = CYBERFUEL.COM Configured /etc/krb5.conf for IPA realm CYBERFUEL.COM args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout= stderr=keyctl_search: Required key not available args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout= stderr=keyctl_search: Required key not available failed to find session_cookie in persistent storage for principal 'host/bk1.cyberfuel....@cyberfuel.com' trying https://freeipa.cyberfuel.com/ipa/xml Created connection context.xmlclient raw: env(None, server=True) env(None, server=True, all=True) Forwarding 'env' to server u'https://freeipa.cyberfuel.com/ipa/xml' NSSConnection init freeipa.cyberfuel.com Connecting: 192.168.20.90:0 auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=CYBERFUEL.COM Validity: Not Before: Wed Sep 30 17:52:11 2015 UTC Not After: Sat Sep 30 17:52:11 2017 UTC Subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:e7:d2:7f:c3:e1:91:0a:03:6d:5c:ba:54:14:3e:00: 0e:f9:e7:61:85:3c:4f:1b:8f:a8:fb:e4:b4:92:a3:7c: 7d:bb:06:b4:b8:43:8a:20:86:17:71:a2:a3:6a:a1:51: e5:89:44:0f:a1:43:67:3b:46:76:b0:81:9e:10:43:56: 86:9f:27:46:e1:5e:b3:d6:8c:17:73:e3:17:7d:e7:eb: a4:78:9c:7a:e8:6f:00:f8:36:d9:71:88:e1:90:bf:98: fa:40:0f:88:f4:2e:d8:a2:b3:a5:0c:5a:81:8b:2e:cf: 22:f9:cb:6d:bf:85:7c:c9:7f:17:de:5d:d4:1a:2b:09: 5b:1b:99:11:22:3f:1e:49:5f:26:1a:25:2f:a4:50:2a: 8b:f2:3c:12:db:45:3f:f4:06:64:a2:30:5f:f4:a1:c9: 2c:8c:60:b5:c6:aa:25:2e:1e:31:c2:ad:2c:63:b0:a4: bb:2c:fc:f8:b6:f9:13:eb:09:bc:b0:c1:4c:06:06:09: 2f:f9:08:ba:7d:a4:0a:57:d1:8e:86:87:cb:f9:3a:58: 60:f9:34:e1:5b:34:d1:2f:8e:54:87:2a:74:9c:e2:d6: 83:4f:78:6b:59:1e:95:ec:67:6e:86:25:ad:f0:d3:6c: 96:9c:db:c3:e5:3f:e5:bc:f4:ff:55:55:18:a8:3e:5d Exponent: 65537 (0x10001) Signed Extensions: (5 total) Name: Certificate Authority Key Identifier Critical: False Key ID: 31:4f:83:e1:70:d7:ea:96:e5:1b:b1:c2:2c:d8:8a:a8: d1:87:fa:ff Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://freeipa.cyberfuel.com:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: Certificate Subject Key ID Critical: False Data: 73:ed:ac:87:d3:0e:04:84:66:5c:1a:e1:10:8d:f8:e1: 89:b9:1e:70 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 40:da:c2:6b:20:08:7c:4a:05:1a:e2:cc:49:7f:25:6c: 48:3a:73:3c:b6:ab:35:6c:1a:d9:78:15:60:48:0b:0e: c1:3c:bf:76:90:35:bf:67:b5:9d:88:1c:98:ce:3b:8a: f6:86:c7:f9:1e:7b:3c:cd:98:00:99:23:a4:06:4f:ed: 0f:ee:44:65:9d:db:b6:9d:cc:cf:cb:83:f8:7c:23:93: 2a:0b:40:bb:5b:31:c5:9e:ed:74:eb:c0:c9:cc:30:1e: 78:19:69:64:60:24:58:f5:a7:6f:3b:bb:f6:7c:72:5c: 1c:50:33:0f:df:49:b7:0a:cb:ac:3f:7b:4f:e7:42:e9: 3b:19:e0:15:a3:fe:e3:43:aa:23:69:d0:28:7a:64:b7: 19:e3:8a:a9:bc:48:3a:de:f7:c0:67:8b:02:e9:af:74: 49:33:5e:2f:21:0b:4c:f3:3d:63:ea:1e:2e:4d:e9:ed: af:ef:61:35:ad:86:2b:93:ab:b6:7d:45:ed:b1:9b:12: 57:fc:55:ef:42:46:01:63:b1:b9:84:e9:f4:46:fb:39: fa:1e:55:2e:20:32:c1:45:ad:ac:54:c9:e6:4e:ca:f1: fb:da:9a:b5:bc:8b:6c:43:86:4e:df:06:97:46:3e:9b: a2:a1:ff:41:6e:80:df:a7:bd:5d:96:2c:ba:e0:d2:56 Fingerprint (MD5): 09:ad:08:87:8b:64:04:0f:d2:6c:25:ac:b1:1e:e1:48 Fingerprint (SHA1): c9:a0:1f:6d:8e:f6:d9:9b:53:6e:6b:92:ea:7c:ae:79: ca:4d:09:98 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM" handshake complete, peer = 192.168.20.90:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA received Set-Cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd; Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30 GMT; Secure; HttpOnly' storing cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd; Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30 GMT; Secure; HttpOnly' for prin args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout= stderr=keyctl_search: Required key not available args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout= stderr=keyctl_search: Required key not available args=keyctl padd user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com @s stdout=640092261 stderr= Hostname (bk1.cyberfuel.com) not found in DNS Writing nsupdate commands to /etc/ipa/.dns_update.txt: zone cyberfuel.com. update delete bk1.cyberfuel.com. IN A send update add bk1.cyberfuel.com. 1200 IN A 192.168.20.13 send args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt stdout= stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/ns1.cyberfuel....@cyberfuel.com no nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1 Failed to update DNS records. args=/sbin/service messagebus start stdout=Starting system message bus: [ OK ] stderr= args=/sbin/service messagebus status stdout=messagebus (pid 41820) is running... stderr= args=/sbin/service certmonger restart stdout=Stopping certmonger: [FAILED] Starting certmonger: [ OK ] stderr= args=/sbin/service certmonger status stdout=certmonger (pid 41859) is running... stderr= args=/sbin/service certmonger restart stdout=Stopping certmonger: [ OK ] Starting certmonger: [ OK ] stderr= args=/sbin/service certmonger status stdout=certmonger (pid 41927) is running... stderr= args=/sbin/chkconfig certmonger on stdout= stderr= args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - bk1.cyberfuel.com -N CN=bk1.cyberfuel.com,O=CYBERFUEL.COM -K host/bk1.cyberfuel....@cyberfuel.co stdout=New signing request "20160429204235" added. stderr= Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub raw: host_mod(u'bk1.cyberfuel.com', ipasshpubkey=[u'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA xmV14vUYyyohaIWBBi87sXwqcNsWBUWAcg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1a1HEED7xczbIHF/YHF7u08WBbFe0Y40QA5gfa7 /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BccDZfAAAAFShUVZUinN/bv 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3CFIBt mZY3RF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv wfpc='], updatedns=False) host_mod(u'bk1.cyberfuel.com', random=False, ipasshpubkey=(u'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA xmV14vUYyyohaIWBBi87sXwlVqxX+L95cg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1aAN359BmDxbIHF/YHF7u08WBbFe0Y40QA5gfa7 /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BcXJiFI6Ub3ShUVZUinN/bv 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3mdAXb 7imVRF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv wfpc='), rights=False, updatedns=False, all=False, raw=False, no_members=False) Forwarding 'host_mod' to server u'https://freeipa.cyberfuel.com/ipa/xml' NSSConnection init freeipa.cyberfuel.com Connecting: 192.168.20.90:0 handshake complete, peer = 192.168.20.90:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA received Set-Cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0; Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35 GMT; Secure; HttpOnly' storing cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0; Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35 GMT; Secure; HttpOnly' for prin args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout=640092261 stderr= args=keyctl search @s user ipa_session_cookie:host/bk1.cyberfuel....@cyberfuel.com stdout=640092261 stderr= args=keyctl pupdate 640092261 stdout= stderr= Writing nsupdate commands to /etc/ipa/.dns_update.txt: zone cyberfuel.com. update delete bk1.cyberfuel.com. IN SSHFP send update add bk1.cyberfuel.com. 1200 IN SSHFP 1 1 B40F0F3FF14223B021F206C3E3276AC48F6EEAF0 update add bk1.cyberfuel.com. 1200 IN SSHFP 2 1 30D2331BC69452EFE65445B5C990773EA41A2FE8 send args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt stdout= stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/ns1.cyberfuel....@cyberfuel.com no nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1 Could not update DNS SSHFP records. args=/sbin/service nscd status stdout= stderr=nscd: unrecognized service Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd stdout= stderr= SSSD enabled Configuring cyberfuel.com as NIS domain args=/bin/nisdomainname stdout=(none) stderr= Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' args=/usr/sbin/authconfig --update --nisdomain cyberfuel.com stdout= stderr= args=/bin/nisdomainname cyberfuel.com stdout= stderr= args=/sbin/service sssd restart stdout=Stopping sssd: [FAILED] Starting sssd: [ OK ] stderr=cat: /var/run/sssd.pid: No such file or directory args=/sbin/service sssd status stdout=sssd (pid 42071) is running... stderr= args=/sbin/chkconfig sssd on stdout= stderr= Backing up system configuration file '/etc/openldap/ldap.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured /etc/openldap/ldap.conf args=getent passwd admin stdout=admin:*:1045400000:1045400000:Administrator:/home/admin:/bin/bash stderr= Backing up system configuration file '/etc/ntp/step-tickers' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' args=/usr/sbin/selinuxenabled stdout= stderr= args=/sbin/chkconfig ntpd stdout= stderr= Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Backing up system configuration file '/etc/ntp.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' args=/usr/sbin/selinuxenabled stdout= stderr= Backing up system configuration file '/etc/sysconfig/ntpd' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' args=/usr/sbin/selinuxenabled stdout= stderr= args=/sbin/chkconfig ntpd on stdout= stderr= args=/sbin/service ntpd restart stdout=Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] stderr= args=/sbin/service ntpd status stdout=ntpd (pid 42133) is running... stderr= NTP enabled Backing up system configuration file '/etc/ssh/ssh_config' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured /etc/ssh/ssh_config Backing up system configuration file '/etc/ssh/sshd_config' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' args=sshd -t -f /dev/null -o AuthorizedKeysCommand= stdout= stderr= Configured /etc/ssh/sshd_config args=/sbin/service sshd status stdout=openssh-daemon (pid 46497) is running... stderr= args=/sbin/service sshd restart stdout=Stopping sshd: [ OK ] Starting sshd: [ OK ] stderr= args=/sbin/service sshd status stdout=openssh-daemon (pid 42190) is running... stderr= Client configuration complete. -----Original Message----- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: viernes 29 de abril de 2016 12:19 p.m. To: Jose Alvarez R. <jalva...@cyberfuel.com>; freeipa-users@redhat.com Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 Jose Alvarez R. wrote: > Hi, Rob > > Thanks!! > > > The version the xmlrpc-c of my server IPA: > xmlrpc-c-1.16.24-1210.1840.el6.x86_64 > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64 > > > The version the xmlrpc-c of my client IPA > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64 > xmlrpc-c-1.16.24-1210.1840.el6.x86_64 > libiqxmlrpc-0.12.4-0.parallels.i686 > xmlrpc-c-c++-1.16.24-1210.1840.el6.x86_64 You need xmlrpc-c-1.16.24-1200.1840.2.el6 on the client which fixed https://bugzilla.redhat.com/show_bug.cgi?id=719945 The libcurl version on the client looks ok. This is only a client-side issue so no changes on the servers should be necessary IIRC. This appears to be EL 6.1 which at this point is quite old. rob > > The versions are the same, but the libcurl is different > > It's the version curl IPA server > [root@freeipa log]# rpm -qa | grep curl > python-pycurl-7.19.0-8.el6.x86_64 > curl-7.19.7-46.el6.x86_64 > libcurl-7.19.7-46.el6.x86_64 > [root@freeipa log]# > > > It's the version curl PPA server(IPA Client) [root@ppa named]# rpm -qa > | grep curl > curl-7.31.0-1.el6.x86_64 > python-pycurl-7.19.0-8.el6.x86_64 > libcurl-7.31.0-1.el6.x86_64 > libcurl-7.31.0-1.el6.i686 > > Sorry, my english is not very well > > > Regards. > > > > -----Original Message----- > From: Rob Crittenden [mailto:rcrit...@redhat.com] > Sent: viernes 29 de abril de 2016 11:14 a.m. > To: Jose Alvarez R. <jalva...@cyberfuel.com>; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 > > Jose Alvarez R. wrote: >> Hi Rob, Thanks for your response >> >> Yes, It's with admin. > > I assume this is a problem with your version of xmlrpc-c. We use > standard calls xmlrpc-c calls to setup authentication and IIRC that > links against libcurl which provides the Kerberos/GSSAPI support. On > EL6 you need xmlrpc-c >> = 1.16.24-1200.1840.2 > > I'm confused about the versions. You mention PPA but include what look > like RPM versions that seem to point to RHEL 6. > > rob > >> >> I execute the command "ipa-client-install --debug" >> --------------------------------------------------------------------- >> - >> --- >> >> >> [root@ppa named]# ipa-client-install --debug >> /usr/sbin/ipa-client-install was invoked with options: {'domain': >> None, >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, >> 'primary': False, 'mkhomedir >> ': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, >> 'on_master': False, 'ntp_server': None, 'nisdomain': None, 'no_nisdomain': >> False, 'principal': None >> , 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, >> 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False, >> 'conf_sudo': True, 'conf_ssh': Tr >> ue, 'force_join': False, 'ca_cert_file': None, 'server': None, >> 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': >> False, 'uninstall': False} >> missing options might be asked for interactively later Loading Index >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' >> [IPA Discovery] >> Starting IPA discovery with domain=None, servers=None, >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in >> "cyberfuel.com" (domain of the >> hostname) and its sub-domains >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} >> [Kerberos realm search] >> Search DNS for TXT record of _kerberos.cyberfuel.com. >> DNS record found: >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data: >> C >> YBERFU >> EL.COM} >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={ >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} >> [LDAP server check] >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 >> Search LDAP server for IPA base DN Check if naming context >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com' >> is a valid IPA context Search for (objectClass=krbRealmContainer) in >> dc=cyberfuel,dc=com (sub) >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com >> Discovery result: Success; server=freeipa.cyberfuel.com, >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com >> will use discovered domain: cyberfuel.com Start searching for LDAP >> SRV record in "cyberfuel.com" (Validating DNS >> Discovery) and its sub-domains >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} >> DNS validated, enabling discovery >> will use discovered server: freeipa.cyberfuel.com Discovery was >> successful! >> will use discovered realm: CYBERFUEL.COM will use discovered basedn: >> dc=cyberfuel,dc=com >> Hostname: ppa.cyberfuel.com >> Hostname source: Machine's FQDN >> Realm: CYBERFUEL.COM >> Realm source: Discovered from LDAP DNS records in >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source: >> Discovered LDAP SRV records from cyberfuel.com (domain of the >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source: >> Discovered from LDAP DNS records in freeipa.cyberfuel.com >> BaseDN: dc=cyberfuel,dc=com >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 >> >> Continue to configure the system with these values? [no]: no >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> [root@ppa named]# >> [root@ppa named]# ipa-client-install --debug >> /usr/sbin/ipa-client-install was invoked with options: {'domain': >> None, >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, >> 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': >> True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, > 'nisdomain': >> None, 'no_nisdomain': False, 'principal': None, 'hostname': None, 'no_ac': >> False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, >> 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': >> True, 'force_join': False, 'ca_cert_file': None, 'server': None, >> 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': >> False, 'uninstall': False} >> missing options might be asked for interactively later Loading Index >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' >> [IPA Discovery] >> Starting IPA discovery with domain=None, servers=None, >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in >> "cyberfuel.com" (domain of the >> hostname) and its sub-domains >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} >> [Kerberos realm search] >> Search DNS for TXT record of _kerberos.cyberfuel.com. >> DNS record found: >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data: >> C >> YBERFU >> EL.COM} >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={ >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} >> [LDAP server check] >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 >> Search LDAP server for IPA base DN Check if naming context >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com' >> is a valid IPA context Search for (objectClass=krbRealmContainer) in >> dc=cyberfuel,dc=com (sub) >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com >> Discovery result: Success; server=freeipa.cyberfuel.com, >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com >> will use discovered domain: cyberfuel.com Start searching for LDAP >> SRV record in "cyberfuel.com" (Validating DNS >> Discovery) and its sub-domains >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. >> DNS record found: >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} >> DNS validated, enabling discovery >> will use discovered server: freeipa.cyberfuel.com Discovery was >> successful! >> will use discovered realm: CYBERFUEL.COM will use discovered basedn: >> dc=cyberfuel,dc=com >> Hostname: ppa.cyberfuel.com >> Hostname source: Machine's FQDN >> Realm: CYBERFUEL.COM >> Realm source: Discovered from LDAP DNS records in >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source: >> Discovered LDAP SRV records from cyberfuel.com (domain of the >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source: >> Discovered from LDAP DNS records in freeipa.cyberfuel.com >> BaseDN: dc=cyberfuel,dc=com >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 >> >> Continue to configure the system with these values? [no]: yes >> args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM >> stdout= stderr=Failed to open keytab '/etc/krb5.keytab': No such file >> or directory >> >> User authorized to enroll computers: admin will use principal >> provided as option: admin Synchronizing time with KDC... >> Search DNS for SRV record of _ntp._udp.cyberfuel.com. >> No DNS record found >> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout= >> stderr= Writing Kerberos configuration to /tmp/tmpqWSatK: >> #File modified by ipa-client-install >> >> includedir /var/lib/sss/pubconf/krb5.include.d/ >> >> [libdefaults] >> default_realm = CYBERFUEL.COM >> dns_lookup_realm = false >> dns_lookup_kdc = false >> rdns = false >> ticket_lifetime = 24h >> forwardable = yes >> udp_preference_limit = 0 >> >> >> [realms] >> CYBERFUEL.COM = { >> kdc = freeipa.cyberfuel.com:88 >> master_kdc = freeipa.cyberfuel.com:88 >> admin_server = freeipa.cyberfuel.com:749 >> default_domain = cyberfuel.com >> pkinit_anchors = FILE:/etc/ipa/ca.crt >> >> } >> >> >> [domain_realm] >> .cyberfuel.com = CYBERFUEL.COM >> cyberfuel.com = CYBERFUEL.COM >> >> >> >> Password for ad...@cyberfuel.com: >> args=kinit ad...@cyberfuel.com >> stdout=Password for ad...@cyberfuel.com: >> >> stderr= >> trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com >> Existing CA cert and Retrieved CA cert are identical >> args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b >> dc=cyberfuel,dc=com -d stdout= stderr=XML-RPC CALL: >> >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n >> <methodName>join</methodName>\r\n <params>\r\n >> <param><value><array><data>\r\n >> <value><string>ppa.cyberfuel.com</string></value>\r\n >> </data></array></value></param>\r\n >> <param><value><struct>\r\n >> <member><name>nsosversion</name>\r\n >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\ >> n <member><name>nshardwareplatform</name>\r\n >> <value><string>x86_64</string></value></member>\r\n >> </struct></value></param>\r\n >> </params>\r\n >> </methodCall>\r\n >> >> * About to connect() to freeipa.cyberfuel.com port 443 (#0) >> * Trying 192.168.20.90... >> * Adding handle: conn: 0x10bb2f0 >> * Adding handle: send: 0 >> * Adding handle: recv: 0 >> * Curl_addHandleToPipeline: length: 1 >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0 >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) >> * successfully set certificate verify locations: >> * CAfile: /etc/ipa/ca.crt >> CApath: none >> * SSL connection using AES256-SHA >> * Server certificate: >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com >> * start date: 2015-09-30 17:52:11 GMT >> * expire date: 2017-09-30 17:52:11 GMT >> * common name: freeipa.cyberfuel.com (matched) >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority >> * SSL certificate verify ok. >>> POST /ipa/xml HTTP/1.1 >> Host: freeipa.cyberfuel.com >> Accept: */* >> Content-Type: text/xml >> User-Agent: ipa-join/3.0.0 >> Referer: https://freeipa.cyberfuel.com/ipa/xml >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 >> Content-Length: 477 >> >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401 >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server: >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified: >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000" >> < Accept-Ranges: bytes >> < Content-Length: 1370 >> < Connection: close >> < Content-Type: text/html; charset=UTF-8 < >> * Closing connection 0 >> HTTP response code is 401, not 200 >> >> Joining realm failed: XML-RPC CALL: >> >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n >> <methodName>join</methodName>\r\n <params>\r\n >> <param><value><array><data>\r\n >> <value><string>ppa.cyberfuel.com</string></value>\r\n >> </data></array></value></param>\r\n >> <param><value><struct>\r\n >> <member><name>nsosversion</name>\r\n >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\ >> n <member><name>nshardwareplatform</name>\r\n >> <value><string>x86_64</string></value></member>\r\n >> </struct></value></param>\r\n >> </params>\r\n >> </methodCall>\r\n >> >> * About to connect() to freeipa.cyberfuel.com port 443 (#0) >> * Trying 192.168.20.90... >> * Adding handle: conn: 0x10bb2f0 >> * Adding handle: send: 0 >> * Adding handle: recv: 0 >> * Curl_addHandleToPipeline: length: 1 >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0 >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) >> * successfully set certificate verify locations: >> * CAfile: /etc/ipa/ca.crt >> CApath: none >> * SSL connection using AES256-SHA >> * Server certificate: >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com >> * start date: 2015-09-30 17:52:11 GMT >> * expire date: 2017-09-30 17:52:11 GMT >> * common name: freeipa.cyberfuel.com (matched) >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority >> * SSL certificate verify ok. >>> POST /ipa/xml HTTP/1.1 >> Host: freeipa.cyberfuel.com >> Accept: */* >> Content-Type: text/xml >> User-Agent: ipa-join/3.0.0 >> Referer: https://freeipa.cyberfuel.com/ipa/xml >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 >> Content-Length: 477 >> >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401 >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server: >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified: >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000" >> < Accept-Ranges: bytes >> < Content-Length: 1370 >> < Connection: close >> < Content-Type: text/html; charset=UTF-8 < >> * Closing connection 0 >> HTTP response code is 401, not 200 >> >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> >> ------------------------------------------------- >> >> It's the version curl IPA server >> >> [root@freeipa log]# rpm -qa | grep curl >> python-pycurl-7.19.0-8.el6.x86_64 >> curl-7.19.7-46.el6.x86_64 >> libcurl-7.19.7-46.el6.x86_64 >> [root@freeipa log]# >> >> >> It's the version curl PPA server(IPA Client) >> >> [root@ppa named]# rpm -qa | grep curl >> curl-7.31.0-1.el6.x86_64 >> python-pycurl-7.19.0-8.el6.x86_64 >> libcurl-7.31.0-1.el6.x86_64 >> libcurl-7.31.0-1.el6.i686 >> >> >> The version curl is different, but the version curl PPA is the >> repository Odin Plesk. >> >> ----------------------------------------------------- >> >> >> [root@ppa tmp]# cat kerberos_trace.log >> >> [12118] 1461855578.809966: ccselect module realm chose cache >> FILE:/tmp/tmptSoqDX with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [12118] 1461855578.810171: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not >> found [12118] 1461855578.810252: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmptSoqDX [12118] 1461855578.810369: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmptSoqDX with >> result: -1765328243/Matching credential not found [12118] >> 1461855578.810451: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmptSoqDX with result: >> 0/Success >> [12118] 1461855578.810476: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [12118] 1461855578.810509: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [12118] >> 1461855578.810612: Generated subkey for TGS request: aes256-cts/7377 >> [12118] 1461855578.810679: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [12118] >> 1461855578.810913: Sending request (704 bytes) to CYBERFUEL.COM >> [12118] 1461855578.811239: Resolving hostname freeipa.cyberfuel.com >> [12118] 1461855578.811466: Initiating TCP connection to stream >> 192.168.0.90:88 >> [12118] 1461855578.811935: Sending TCP request to stream >> 192.168.0.90:88 [12118] 1461855578.816404: Received answer from >> stream >> 192.168.0.90:88 [12118] 1461855578.816714: Response was from master >> KDC [12118] 1461855578.816906: TGS reply is for ad...@cyberfuel.com >> -> ldap/freeipa.cyberfuel....@cyberfuel.com with session key >> aes256-cts/BEB2 [12118] 1461855578.816977: TGS request result: >> 0/Success [12118] 1461855578.817018: Received creds for desired >> service ldap/freeipa.cyberfuel....@cyberfuel.com >> [12118] 1461855578.817066: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmptSoqDX >> [12118] 1461855578.817107: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmptSoqDX >> [12118] 1461855578.817413: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 299651167, subkey aes256-cts/98D3, session key aes256-cts/BEB2 >> [12118] 1461855578.874786: ccselect module realm chose cache >> FILE:/tmp/tmptSoqDX with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [12118] 1461855578.874938: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not >> found [12118] 1461855578.875079: Read AP-REP, time 1461855578.817442, >> subkey aes256-cts/4B32, seqnum 706045221 [17304] 1461858424.873888: >> ccselect module realm chose cache FILE:/tmp/tmpH0QF6P with client >> principal ad...@cyberfuel.com for server principal >> ldap/freeipa.cyberfuel....@cyberfuel.com >> [17304] 1461858424.874126: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not >> found [17304] 1461858424.874220: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmpH0QF6P [17304] 1461858424.874413: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmpH0QF6P with >> result: -1765328243/Matching credential not found [17304] >> 1461858424.874531: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmpH0QF6P with result: >> 0/Success >> [17304] 1461858424.874603: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [17304] 1461858424.874631: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [17304] >> 1461858424.874747: Generated subkey for TGS request: aes256-cts/8C33 >> [17304] 1461858424.874788: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [17304] >> 1461858424.875121: Sending request (704 bytes) to CYBERFUEL.COM >> [17304] 1461858424.875525: Resolving hostname freeipa.cyberfuel.com >> [17304] 1461858424.875805: Initiating TCP connection to stream >> 192.168.20.90:88 >> [17304] 1461858424.877976: Sending TCP request to stream >> 192.168.20.90:88 [17304] 1461858424.882385: Received answer from >> stream 192.168.20.90:88 [17304] 1461858424.882531: Response was from >> master KDC [17304] 1461858424.882775: TGS reply is for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com with >> session key aes256-cts/20DA [17304] 1461858424.882850: TGS request >> result: 0/Success [17304] 1461858424.882883: Received creds for >> desired service ldap/freeipa.cyberfuel....@cyberfuel.com >> [17304] 1461858424.882918: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmpH0QF6P >> [17304] 1461858424.882951: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmpH0QF6P >> [17304] 1461858424.883271: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 443746416, subkey aes256-cts/13DE, session key aes256-cts/20DA >> [17304] 1461858424.898190: ccselect module realm chose cache >> FILE:/tmp/tmpH0QF6P with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [17304] 1461858424.898401: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not >> found [17304] 1461858424.898615: Read AP-REP, time 1461858424.883334, >> subkey aes256-cts/A0F5, seqnum 906104721 [23457] 1461863053.621386: >> ccselect module realm chose cache >> FILE:/tmp/tmp576FE3 with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [23457] 1461863053.621602: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not >> found [23457] 1461863053.621719: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmp576FE3 [23457] 1461863053.621918: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmp576FE3 with >> result: -1765328243/Matching credential not found [23457] >> 1461863053.622097: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmp576FE3 with result: >> 0/Success >> [23457] 1461863053.622144: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [23457] 1461863053.622176: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [23457] >> 1461863053.622288: Generated subkey for TGS request: aes256-cts/897C >> [23457] 1461863053.622331: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23457] >> 1461863053.622662: Sending request (704 bytes) to CYBERFUEL.COM >> [23457] 1461863053.623133: Resolving hostname freeipa.cyberfuel.com >> [23457] 1461863053.623367: Initiating TCP connection to stream >> 192.168.20.90:88 >> [23457] 1461863053.623866: Sending TCP request to stream >> 192.168.20.90:88 [23457] 1461863053.627939: Received answer from >> stream 192.168.20.90:88 [23457] 1461863053.628229: Response was from >> master KDC [23457] 1461863053.628485: TGS reply is for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com with >> session key aes256-cts/9E88 [23457] 1461863053.628560: TGS request >> result: 0/Success [23457] 1461863053.628610: Received creds for >> desired service ldap/freeipa.cyberfuel....@cyberfuel.com >> [23457] 1461863053.628655: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmp576FE3 >> [23457] 1461863053.628689: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmp576FE3 >> [23457] 1461863053.629119: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 13046067, subkey aes256-cts/BAC3, session key aes256-cts/9E88 >> [23457] 1461863053.640471: ccselect module realm chose cache >> FILE:/tmp/tmp576FE3 with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [23457] 1461863053.640721: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not >> found [23457] 1461863053.640909: Read AP-REP, time 1461863053.629208, >> subkey aes256-cts/8866, seqnum 421358565 [23749] 1461863277.525338: >> ccselect module realm chose cache FILE:/tmp/tmprfuOsj with client >> principal ad...@cyberfuel.com for server principal >> ldap/freeipa.cyberfuel....@cyberfuel.com >> [23749] 1461863277.525435: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not >> found [23749] 1461863277.525469: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmprfuOsj [23749] 1461863277.525529: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmprfuOsj with >> result: -1765328243/Matching credential not found [23749] >> 1461863277.525572: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmprfuOsj with result: >> 0/Success >> [23749] 1461863277.525584: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [23749] 1461863277.525593: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [23749] >> 1461863277.525645: Generated subkey for TGS request: aes256-cts/C22D >> [23749] 1461863277.525662: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23749] >> 1461863277.525806: Sending request (704 bytes) to CYBERFUEL.COM >> [23749] 1461863277.526052: Resolving hostname freeipa.cyberfuel.com >> [23749] 1461863277.526161: Initiating TCP connection to stream >> 192.168.20.90:88 >> [23749] 1461863277.526440: Sending TCP request to stream >> 192.168.20.90:88 [23749] 1461863277.530652: Received answer from >> stream 192.168.20.90:88 [23749] 1461863277.530737: Response was from >> master KDC [23749] 1461863277.530881: TGS reply is for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com with >> session key aes256-cts/79C3 [23749] 1461863277.530931: TGS request >> result: 0/Success [23749] 1461863277.530948: Received creds for >> desired service ldap/freeipa.cyberfuel....@cyberfuel.com >> [23749] 1461863277.530962: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmprfuOsj >> [23749] 1461863277.530971: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmprfuOsj >> [23749] 1461863277.531133: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 1019693263, subkey aes256-cts/B3E0, session key >> aes256-cts/79C3 [23749] 1461863277.542808: ccselect module realm >> chose cache FILE:/tmp/tmprfuOsj with client principal >> ad...@cyberfuel.com for server principal >> ldap/freeipa.cyberfuel....@cyberfuel.com >> [23749] 1461863277.542889: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not >> found [23749] 1461863277.542988: Read AP-REP, time 1461863277.531150, >> subkey aes256-cts/5194, seqnum 376027188 [25544] 1461864401.258277: >> ccselect module realm chose cache FILE:/tmp/tmpbzX7EN with client >> principal ad...@cyberfuel.com for server principal >> ldap/freeipa.cyberfuel....@cyberfuel.com >> [25544] 1461864401.258584: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not >> found [25544] 1461864401.258678: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmpbzX7EN [25544] 1461864401.258873: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmpbzX7EN with >> result: -1765328243/Matching credential not found [25544] >> 1461864401.259040: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmpbzX7EN with result: >> 0/Success >> [25544] 1461864401.259076: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [25544] 1461864401.259102: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [25544] >> 1461864401.259244: Generated subkey for TGS request: aes256-cts/277A >> [25544] 1461864401.259291: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [25544] >> 1461864401.259676: Sending request (704 bytes) to CYBERFUEL.COM >> [25544] 1461864401.260108: Resolving hostname freeipa.cyberfuel.com >> [25544] 1461864401.260361: Initiating TCP connection to stream >> 192.168.20.90:88 >> [25544] 1461864401.260980: Sending TCP request to stream >> 192.168.20.90:88 [25544] 1461864401.264399: Received answer from >> stream 192.168.20.90:88 [25544] 1461864401.264593: Response was from >> master KDC [25544] 1461864401.264893: TGS reply is for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com with >> session key aes256-cts/9106 [25544] 1461864401.264966: TGS request >> result: 0/Success [25544] 1461864401.264996: Received creds for >> desired service ldap/freeipa.cyberfuel....@cyberfuel.com >> [25544] 1461864401.265029: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmpbzX7EN >> [25544] 1461864401.265058: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmpbzX7EN >> [25544] 1461864401.265581: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 921501424, subkey aes256-cts/99EA, session key aes256-cts/9106 >> [25544] 1461864401.275884: ccselect module realm chose cache >> FILE:/tmp/tmpbzX7EN with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [25544] 1461864401.276059: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not >> found [25544] 1461864401.276196: Read AP-REP, time 1461864401.265627, >> subkey aes256-cts/0E9F, seqnum 871496824 [18097] 1461937028.664354: >> ccselect module realm chose cache >> FILE:/tmp/tmpF9x_o8 with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [18097] 1461937028.664456: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not >> found [18097] 1461937028.664490: Getting credentials >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com using >> ccache FILE:/tmp/tmpF9x_o8 [18097] 1461937028.664549: Retrieving >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com from >> FILE:/tmp/tmpF9x_o8 with >> result: -1765328243/Matching credential not found [18097] >> 1461937028.664590: Retrieving ad...@cyberfuel.com -> >> krbtgt/cyberfuel....@cyberfuel.com from FILE:/tmp/tmpF9x_o8 with result: >> 0/Success >> [18097] 1461937028.664601: Found cached TGT for service realm: >> ad...@cyberfuel.com -> krbtgt/cyberfuel....@cyberfuel.com >> [18097] 1461937028.664611: Requesting tickets for >> ldap/freeipa.cyberfuel....@cyberfuel.com, referrals on [18097] >> 1461937028.664700: Generated subkey for TGS request: aes256-cts/6372 >> [18097] 1461937028.664727: etypes requested in TGS request: >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [18097] >> 1461937028.664865: Sending request (704 bytes) to CYBERFUEL.COM >> [18097] 1461937028.665035: Resolving hostname freeipa.cyberfuel.com >> [18097] 1461937028.665136: Initiating TCP connection to stream >> 192.168.20.90:88 >> [18097] 1461937028.665510: Sending TCP request to stream >> 192.168.20.90:88 [18097] 1461937028.668919: Received answer from >> stream 192.168.20.90:88 [18097] 1461937028.668984: Response was from >> master KDC [18097] 1461937028.669109: TGS reply is for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com with >> session key aes256-cts/9592 [18097] 1461937028.669136: TGS request >> result: 0/Success [18097] 1461937028.669156: Received creds for >> desired service ldap/freeipa.cyberfuel....@cyberfuel.com >> [18097] 1461937028.669167: Removing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com from FILE:/tmp/tmpF9x_o8 >> [18097] 1461937028.669176: Storing ad...@cyberfuel.com -> >> ldap/freeipa.cyberfuel....@cyberfuel.com in FILE:/tmp/tmpF9x_o8 >> [18097] 1461937028.669304: Creating authenticator for >> ad...@cyberfuel.com -> ldap/freeipa.cyberfuel....@cyberfuel.com, >> seqnum 940175329, subkey aes256-cts/53B9, session key aes256-cts/9592 >> [18097] 1461937028.676414: ccselect module realm chose cache >> FILE:/tmp/tmpF9x_o8 with client principal ad...@cyberfuel.com for >> server principal ldap/freeipa.cyberfuel....@cyberfuel.com >> [18097] 1461937028.676470: Retrieving ad...@cyberfuel.com -> >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not >> found [18097] 1461937028.676534: Read AP-REP, time 1461937028.669328, >> subkey aes256-cts/26C4, seqnum 864174069 >> >> ----------------------------------- >> >> >> Regards >> >> Jose Alvarez >> >> >> -----Original Message----- >> From: Rob Crittenden [mailto:rcrit...@redhat.com] >> Sent: viernes 29 de abril de 2016 09:34 a.m. >> To: Jose Alvarez R. <jalva...@cyberfuel.com>; >> freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 >> >> Jose Alvarez R. wrote: >>> Hi Users >>> >>> You can help me? >>> >>> I have the problem for join a client to my FREEIPA Server. The >>> version IPA Server is 3.0 and IP client is 3.0 >>> >>> When I join my client to IPA server show these errors: >>> >>> [root@ppa ~]# tail -f /var/log/ipaclient-install.log >>> >>> 2016-04-28T17:26:41Z DEBUG stderr= >>> >>> 2016-04-28T17:26:41Z DEBUG trying to retrieve CA cert via LDAP from >>> ldap://freeipa.cyberfuel.com >>> >>> 2016-04-28T17:26:41Z DEBUG Existing CA cert and Retrieved CA cert >>> are identical >>> >>> 2016-04-28T17:26:41Z DEBUG args=/usr/sbin/ipa-join -s >>> freeipa.cyberfuel.com -b dc=cyberfuel,dc=com >>> >>> 2016-04-28T17:26:41Z DEBUG stdout= >>> >>> 2016-04-28T17:26:41Z DEBUG stderr=HTTP response code is 401, not 200 >>> >>> 2016-04-28T17:26:41Z ERROR Joining realm failed: HTTP response code >>> is 401, not 200 >>> >>> 2016-04-28T17:26:41Z ERROR Installation failed. Rolling back changes. >>> >>> 2016-04-28T17:26:41Z ERROR IPA client is not configured on this system. >> >> I'd look in the 389-ds access and error logs on the IPA server to see >> if there are any more details. Look for the BIND from the client and >> see what happens. >> >> More context from the log file might be helpful. I believe if you run >> the client installer with --debug then additional flags are passed to >> ipa-join to include the XML-RPC conversation and that might be useful too. >> >> What account are you using to enroll with, admin? >> >> rob >> > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project