hi everyone
I'm trying a client, when I do:
$ ipa-client-install --no-ntp --force-join
Discovery was successful!
...
Also note that following ports are necessary for ipa-client
working properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Failed to obtain host TGT: Major (851968): Unspecified GSS
failure. Minor code may provide more information, Minor
(2529638936): Preauthentication failed
Installation failed. Rolling back changes.
-- end
At server's end(one single server in domain):
..
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560685](info): closing down fd 11
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: NEEDED_PREAUTH:
host/dzien.priv.xx.xx.priv.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
for
krbtgt/PRIVATE.xx.xx.PRIVATE.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x,
Additional pre-authentication required
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): closing down fd 11
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): preauth (encrypted_timestamp) verify
failure: Preauthentication failed
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: PREAUTH_FAILED:
host/dzien.priv.xx.xx.priv.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
for
krbtgt/PRIVATE.xx.xx.PRIVATE.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x,
Preauthentication failed
Jan 06 15:00:42 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): closing down fd 11
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560681](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: NEEDED_PREAUTH:
admin(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x for
krbtgt/PRIVATE.xx.xx.PRIVATE.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x,
Additional pre-authentication required
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560681](info): closing down fd 11
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: ISSUE: authtime 1515250943, etypes
{rep=18 tkt=18 ses=18}, admin(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
for
krbtgt/PRIVATE.xx.xx.PRIVATE.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): closing down fd 11
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): TGS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: ISSUE: authtime 1515250943, etypes
{rep=18 tkt=18 ses=18}, admin(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
for
ldap/swir.priv.xx.xx.priv.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): closing down fd 11
Jan 06 15:02:23 swir.priv.xx.xx.priv.xx.xx.x
krb5kdc[1560686](info): TGS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 10.5.6.17: ISSUE: authtime 1515250943, etypes
{rep=18 tkt=18 ses=18}, admin(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
for
HTTP/swir.priv.xx.xx.priv.xx.xx.x(a)PRIVATE.xx.xx.PRIVATE.xx.xx.x
-- end
But after many tries(randomly) suddenly it would succeed.
Client said to use --force-join.
VERSION: 4.5.0, API_VERSION: 2.228
What can a problem?
regards, L.