Chris Moody via FreeIPA-users
writes:
> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm
> IPA.XYZ.COM
> 2018-01-15T21:55:24Z DEBUG Starting external process
> 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user
> ipa_session_cookie:host/sfca-do-1.xyz@ipa.xyz.com
> 2018-01-
On ti, 16 tammi 2018, Robbie Harwood via FreeIPA-users wrote:
Chris Moody via FreeIPA-users
writes:
2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm
IPA.XYZ.COM
2018-01-15T21:55:24Z DEBUG Starting external process
2018-01-15T21:55:24Z DEBUG args=keyctl search @s user
ipa_sessi
Robbie Harwood via FreeIPA-users wrote:
> Chris Moody via FreeIPA-users
> writes:
>
>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm
>> IPA.XYZ.COM
>> 2018-01-15T21:55:24Z DEBUG Starting external process
>> 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user
>> ipa_session_c
My reply with the log output is pending moderator approval.
-Chris
On 1/16/18 1:11 PM, Rob Crittenden wrote:
> Robbie Harwood via FreeIPA-users wrote:
>> Chris Moody via FreeIPA-users
>> writes:
>>
>>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm
>>> IPA.XYZ.COM
>>> 2018-01
Chris Moody writes:
> Thanks for taking a look gents. Ask and ye shall receive. :)
>
> -Chris
>
> ===[ CLI output ]==
> root@sfca-do-1:~# ipa-client-install -p admin --mkhomedir
> --hostname=`hostname`
> Discovery was successful!
> Client hostname: sfca-do-1.xyz.com
> Realm: IPA.xyz.COM
Yes - I am redacting just the 2nd level domain name portion from any logs.
-Chris
On 1/17/18 8:27 AM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> Thanks for taking a look gents. Ask and ye shall receive. :)
>>
>> -Chris
>>
>> ===[ CLI output ]==
>> root@sfca-do-1:~# ipa-client-in
Chris Moody writes:
> On 1/17/18 8:27 AM, Robbie Harwood wrote:
>> Chris Moody writes:
>>
>>> Thanks for taking a look gents. Ask and ye shall receive. :)
>>>
>>> -Chris
>>>
>>> ===[ CLI output ]==
>>> root@sfca-do-1:~# ipa-client-install -p admin --mkhomedir
>>> --hostname=`hostname`
Affirmative, it is all caps in the logs.
I can re-send the log with the redactions case sensitive if that's
helpful. My apologies for causing confusion via my obfuscation.
-Chris
On 1/17/18 12:36 PM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> On 1/17/18 8:27 AM, Robbie Harwood wrote:
>>
Chris Moody wrote:
> Thanks for taking a look gents. Ask and ye shall receive. :)
>
What version of IPA is this and what platform?
Before an install can you ensure that there is nothing in
/etc/krb5.conf.d/ (except may be crypto-policies)?
Same with /var/lib/sss/pubconf/krb5.include.d/
Might
Server:
=
[root@sfca-do-4 ~]# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215
[root@sfca-do-4 ~]# cat /etc/fedora-release
Fedora release 25 (Twenty Five)
Client Node:
=
root@sfca-do-1:~# ipa-client-install --version
4.3.1
root@sfca-do-1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB
Just attempted the '--server' option you mention, as well as the
'--domain' value that the parameter requires, and it actually SUCCEEDED
in joining!
I received "Client configuration complete." via the ipa-client-install
command and was just able to successfully login to this node with a user
in IP
That being said, just tried again on an ubuntu 14.04 node with these
same CLI params, and it failed, but the logs are complaining about
"SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user", which never was reported in the ubuntu 16
system's logs.
Seems
12 matches
Mail list logo