Further investigation. On a clean install of CentOS 7.2 with IPA Client 4.4, /etc/krb5.conf.d/ is missing, and therefore initial setup will fail unless manual creation of /etc/krb5.conf.d/ Maybe the install script for the client can be updated to check for and create?
Thanks, Alan > On Jan 3, 2017, at 1:44 PM, Alan Latteri <a...@instinctualsoftware.com> wrote: > > Thanks Rob. > > /etc/krb5.conf.d/ was in fact missing from the client, which is still on > CentOS 7.2 for reasons out of our control. > Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the > /etc/krb5.conf.d/ directory, but are running fine. So maybe the 4.4 client > requires that dir but is not making it on upgrade and the cause of the > failure? > > Alan > >> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcrit...@redhat.com> wrote: >> >> Alan Latteri wrote: >>> Log is attached. >> >> Look and see if /etc/krb5.conf.d/ and >> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check >> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt >> filesystem perms are an issue but who knows. >> >> You can also brute force things using strace -f to find out exactly what >> can't be read. >> >> rob >> > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project