Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2014-11-21T16:24:53Z DEBUG /sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp
- ': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, 'tru
- st_sshfp': False, 'dns_updates': False, 'mkhomedir': False, 'conf_ssh': True, 'force_join': False, 'server': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': Fals
- e}
- 2014-11-21T16:24:53Z DEBUG missing options might be asked for interactively later
- 2014-11-21T16:24:53Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
- 2014-11-21T16:24:53Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
- 2014-11-21T16:24:53Z DEBUG Starting external process
- 2014-11-21T16:24:53Z DEBUG args=/bin/systemctl is-enabled chronyd.service
- 2014-11-21T16:24:53Z DEBUG Process finished, return code=0
- 2014-11-21T16:24:53Z DEBUG stdout=enabled
- 2014-11-21T16:24:53Z DEBUG stderr=
- 2014-11-21T16:24:53Z WARNING Using existing certificate '/etc/ipa/ca.crt'.
- 2014-11-21T16:24:53Z DEBUG [IPA Discovery]
- 2014-11-21T16:24:53Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=s120181f20g.udistritaloas.edu.co
- 2014-11-21T16:24:53Z DEBUG Start searching for LDAP SRV record in "udistritaloas.edu.co" (domain of the hostname) and its sub-domains
- 2014-11-21T16:24:53Z DEBUG Search DNS for SRV record of _ldap._tcp.udistritaloas.edu.co
- 2014-11-21T16:24:53Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:24:53Z DEBUG Search DNS for SRV record of _ldap._tcp.edu.co
- 2014-11-21T16:24:53Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:24:53Z DEBUG Search DNS for SRV record of _ldap._tcp.co
- 2014-11-21T16:24:53Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:24:53Z DEBUG Start searching for LDAP SRV record in "udistritaloas.edu.co" (search domain from /etc/resolv.conf) and its sub-domains
- 2014-11-21T16:24:53Z DEBUG Already searched udistritaloas.edu.co; skipping
- 2014-11-21T16:24:53Z DEBUG Start searching for LDAP SRV record in "udistrital.edu.co" (search domain from /etc/resolv.conf) and its sub-domains
- 2014-11-21T16:24:53Z DEBUG Search DNS for SRV record of _ldap._tcp.udistrital.edu.co
- 2014-11-21T16:24:53Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:24:53Z DEBUG Already searched edu.co; skipping
- 2014-11-21T16:24:53Z DEBUG No LDAP server found
- 2014-11-21T16:24:53Z DEBUG No LDAP server found
- 2014-11-21T16:24:53Z INFO DNS discovery failed to determine your DNS domain
- 2014-11-21T16:25:10Z DEBUG will use interactively provided domain: udistritaloas.edu.co
- 2014-11-21T16:25:10Z DEBUG [IPA Discovery]
- 2014-11-21T16:25:10Z DEBUG Starting IPA discovery with domain=udistritaloas.edu.co, servers=None, hostname=s120181f20g.udistritaloas.edu.co
- 2014-11-21T16:25:10Z DEBUG Search for LDAP SRV record in udistritaloas.edu.co
- 2014-11-21T16:25:10Z DEBUG Search DNS for SRV record of _ldap._tcp.udistritaloas.edu.co
- 2014-11-21T16:25:10Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:25:10Z DEBUG No LDAP server found
- 2014-11-21T16:25:10Z DEBUG IPA Server not found
- 2014-11-21T16:25:10Z DEBUG DNS discovery failed to find the IPA Server
- 2014-11-21T16:25:22Z DEBUG will use interactively provided server: freeipa.udistritaloas.edu.co
- 2014-11-21T16:25:22Z DEBUG [IPA Discovery]
- 2014-11-21T16:25:22Z DEBUG Starting IPA discovery with domain=udistritaloas.edu.co, servers=['freeipa.udistritaloas.edu.co'], hostname=s120181f20g.udistritaloas.edu.co
- 2014-11-21T16:25:22Z DEBUG Server and domain forced
- 2014-11-21T16:25:22Z DEBUG [Kerberos realm search]
- 2014-11-21T16:25:22Z DEBUG Search DNS for TXT record of _kerberos.udistritaloas.edu.co
- 2014-11-21T16:25:22Z DEBUG DNS record not found: NoAnswer
- 2014-11-21T16:25:22Z DEBUG [LDAP server check]
- 2014-11-21T16:25:22Z DEBUG Verifying that freeipa.udistritaloas.edu.co (realm None) is an IPA server
- 2014-11-21T16:25:22Z DEBUG Init LDAP connection to: freeipa.udistritaloas.edu.co
- 2014-11-21T16:25:22Z DEBUG Error checking LDAP: Connect error:TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
- 2014-11-21T16:25:22Z WARNING Skip freeipa.udistritaloas.edu.co: cannot verify if this is an IPA server
- 2014-11-21T16:25:22Z DEBUG Discovery result: UNKNOWN_ERROR; server=None, domain=udistritaloas.edu.co, kdc=None, basedn=None
- 2014-11-21T16:25:22Z DEBUG Validated servers:
- 2014-11-21T16:25:22Z ERROR Failed to verify that freeipa.udistritaloas.edu.co is an IPA Server.
- 2014-11-21T16:25:22Z ERROR This may mean that the remote server is not up or is not reachable due to network or firewall settings.
- 2014-11-21T16:25:22Z INFO Please make sure the following ports are opened in the firewall settings:
- TCP: 80, 88, 389
- UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
- Also note that following ports are necessary for ipa-client working properly after enrollment:
- TCP: 464
- UDP: 464, 123 (if NTP enabled)
- 2014-11-21T16:25:22Z DEBUG (freeipa.udistritaloas.edu.co: Provided interactively)
- 2014-11-21T16:25:22Z ERROR Installation failed. Rolling back changes.
- 2014-11-21T16:25:22Z ERROR IPA client is not configured on this system.
Add Comment
Please, Sign In to add comment