Wow
Thank you so much
You point to main problem. My pam files had read only attribute and i
changed with chattr and it fixed.
Really appreciate you
On Tue, 11 Jun 2019, 14:02 Florence Blanc-Renaud via FreeIPA-users, <
freeipa-users(a)lists.fedorahosted.org> wrote:
On 6/11/19 7:13 AM, Elham Sadat Azarian via FreeIPA-users wrote:
> Hi. its the ipaclient-install.log
>
> 2019-06-11T04:45:38Z DEBUG Logging to /var/log/ipaclient-install.log
> 2019-06-11T04:45:38Z DEBUG ipa-client-install was invoked with arguments
[] and options: {'no_dns_sshfp': False, 'force': False,
'verbose': False,
'ip_addresses': None, 'configure_firefox': False, 'realm_name':
'SHS.DC',
'force_ntpd': False, 'on_master': True, 'no_nisdomain': False,
'ssh_trust_dns': False, 'principal': None, 'keytab': None,
'no_ntp': False,
'domain_name': 'shs.dc', 'request_cert': False,
'fixed_primary': False,
'no_ac': False, 'no_sudo': False, 'ca_cert_files': None,
'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers':
None,
'enable_dns_updates': False, 'no_sshd': False, 'no_sssd': False,
'no_krb5_offline_passwords': False, 'servers':
['ipa-irvlt01.shs.dc'],
'no_ssh': False, 'force_join': False, 'firefox_dir': None,
'unattended':
True, 'quiet': False, 'nisdomain': None, 'prompt_password':
False,
'host_name': 'ipa-irvlt01.shs.dc', 'permit': False,
'automount_location':
None, 'preserve_sssd': False, 'mkhomedir': False, 'log_file':
None,
'uninstall': False}
> 2019-06-11T04:45:38Z DEBUG IPA version 4.6.4-10.el7.centos.3
> 2019-06-11T04:45:38Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2019-06-11T04:45:38Z DEBUG Starting external process
> 2019-06-11T04:45:38Z DEBUG args=/usr/sbin/selinuxenabled
> 2019-06-11T04:45:38Z DEBUG Process finished, return code=1
> 2019-06-11T04:45:38Z DEBUG stdout=
> 2019-06-11T04:45:38Z DEBUG stderr=
> 2019-06-11T04:45:38Z WARNING Using existing certificate
'/etc/ipa/ca.crt'.
> 2019-06-11T04:45:38Z DEBUG [IPA Discovery]
> 2019-06-11T04:45:38Z DEBUG Starting IPA discovery with domain=shs.dc,
servers=['ipa-irvlt01.shs.dc'], hostname=ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z DEBUG Server and domain forced
> 2019-06-11T04:45:38Z DEBUG [Kerberos realm search]
> 2019-06-11T04:45:38Z DEBUG Kerberos realm forced
> 2019-06-11T04:45:38Z DEBUG [LDAP server check]
> 2019-06-11T04:45:38Z DEBUG Verifying that ipa-irvlt01.shs.dc (realm
SHS.DC) is an IPA server
> 2019-06-11T04:45:38Z DEBUG Init LDAP connection to:
ldap://ipa-irvlt01.shs.dc:389
> 2019-06-11T04:45:38Z DEBUG Search LDAP server for IPA base DN
> 2019-06-11T04:45:38Z DEBUG Check if naming context 'dc=shs,dc=dc' is for
IPA
> 2019-06-11T04:45:38Z DEBUG Naming context 'dc=shs,dc=dc' is a valid IPA
context
> 2019-06-11T04:45:38Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=shs,dc=dc (sub)
> 2019-06-11T04:45:38Z DEBUG Found: cn=SHS.DC,cn=kerberos,dc=shs,dc=dc
> 2019-06-11T04:45:38Z DEBUG Discovery result: Success;
server=ipa-irvlt01.shs.dc, domain=shs.dc, kdc=ipa-irvlt01.shs.dc,
basedn=dc=shs,dc=dc
> 2019-06-11T04:45:38Z DEBUG Validated servers: ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z DEBUG will use discovered domain: shs.dc
> 2019-06-11T04:45:38Z DEBUG Using servers from command line, disabling
DNS discovery
> 2019-06-11T04:45:38Z DEBUG will use provided server: ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z DEBUG will use discovered realm: SHS.DC
> 2019-06-11T04:45:38Z DEBUG will use discovered basedn: dc=shs,dc=dc
> 2019-06-11T04:45:38Z INFO Client hostname: ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z DEBUG Hostname source: Provided as option
> 2019-06-11T04:45:38Z INFO Realm: SHS.DC
> 2019-06-11T04:45:38Z DEBUG Realm source: Discovered from LDAP DNS
records in ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z INFO DNS Domain: shs.dc
> 2019-06-11T04:45:38Z DEBUG DNS Domain source: Forced
> 2019-06-11T04:45:38Z INFO IPA Server: ipa-irvlt01.shs.dc
> 2019-06-11T04:45:38Z DEBUG IPA Server source: Provided as option
> 2019-06-11T04:45:38Z INFO BaseDN: dc=shs,dc=dc
> 2019-06-11T04:45:38Z DEBUG BaseDN source: From IPA server
ldap://ipa-irvlt01.shs.dc:389
> 2019-06-11T04:45:38Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2019-06-11T04:45:38Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
> 2019-06-11T04:45:38Z INFO Skipping synchronizing time with NTP server.
> 2019-06-11T04:45:38Z DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
> 2019-06-11T04:45:38Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf'
doesn't exist
> 2019-06-11T04:45:38Z INFO New SSSD config will be created
> 2019-06-11T04:45:38Z DEBUG Backing up system configuration file
'/etc/nsswitch.conf'
> 2019-06-11T04:45:38Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2019-06-11T04:45:38Z INFO Configured sudoers in /etc/nsswitch.conf
> 2019-06-11T04:45:38Z INFO Configured /etc/sssd/sssd.conf
> 2019-06-11T04:45:38Z DEBUG Initializing principal
host/ipa-irvlt01.shs.dc(a)SHS.DC using keytab /etc/krb5.keytab
> 2019-06-11T04:45:38Z DEBUG using ccache /etc/ipa/.dns_ccache
> 2019-06-11T04:45:38Z DEBUG Attempt 1/5: success
> 2019-06-11T04:45:39Z DEBUG Starting external process
> 2019-06-11T04:45:39Z DEBUG args=/usr/bin/certutil -d dbm:/tmp/tmp1H6ZBB
-N -f /tmp/tmp1H6ZBB/pwdfile.txt -f /tmp/tmp1H6ZBB/pwdfile.txt
> 2019-06-11T04:45:39Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:39Z DEBUG stdout=
> 2019-06-11T04:45:39Z DEBUG stderr=
> 2019-06-11T04:45:39Z DEBUG Starting external process
> 2019-06-11T04:45:39Z DEBUG args=/usr/bin/certutil -d dbm:/tmp/tmp1H6ZBB
-A -n CA certificate 1 -t C,, -a -f /tmp/tmp1H6ZBB/pwdfile.txt
> 2019-06-11T04:45:39Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:39Z DEBUG stdout=
> 2019-06-11T04:45:39Z DEBUG stderr=
> 2019-06-11T04:45:39Z DEBUG failed to find session_cookie in persistent
storage for principal 'host/ipa-irvlt01.shs.dc(a)SHS.DC'
> 2019-06-11T04:45:39Z INFO trying
https://ipa-irvlt01.shs.dc/ipa/json
> 2019-06-11T04:45:39Z DEBUG New HTTP connection (ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:39Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=zphJ%2fK0SiVFciLi5miiMyVf9e%2bVC903nL7WJinO9KOq2EvJEiRAObdEzdFRHCRUUU%2fjE2qEuNUiCYugrYyxDt9lA1s%2fTuzRyab8O%2bH3Y6qtHhbHqT6YgFzITDgd6KO5nBYn%2bMldFekKQGnJxUy%2bRo%2faiswX9U3HEHZuAsmfQuaZjeYUNc7oFSskwCufHmm1GpW7Sew8fassrz9S1q6V1rPaa8J8JvSvpKXZeu%2fD0vOU%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:39Z DEBUG storing cookie
'ipa_session=MagBearerToken=zphJ%2fK0SiVFciLi5miiMyVf9e%2bVC903nL7WJinO9KOq2EvJEiRAObdEzdFRHCRUUU%2fjE2qEuNUiCYugrYyxDt9lA1s%2fTuzRyab8O%2bH3Y6qtHhbHqT6YgFzITDgd6KO5nBYn%2bMldFekKQGnJxUy%2bRo%2faiswX9U3HEHZuAsmfQuaZjeYUNc7oFSskwCufHmm1GpW7Sew8fassrz9S1q6V1rPaa8J8JvSvpKXZeu%2fD0vOU%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:39Z DEBUG Created connection
context.rpcclient_140569694939728
> 2019-06-11T04:45:39Z INFO [try 1]: Forwarding 'schema' to json server '
https://ipa-irvlt01.shs.dc/ipa/json'
> 2019-06-11T04:45:39Z DEBUG HTTP connection keep-alive
(ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:39Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:39Z DEBUG storing cookie
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:39Z DEBUG Destroyed connection
context.rpcclient_140569694939728
> 2019-06-11T04:45:39Z DEBUG importing all plugin modules in
ipaclient.remote_plugins.schema$5131ac65...
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.remote_plugins.schema$5131ac65.plugins
> 2019-06-11T04:45:39Z DEBUG importing all plugin modules in
ipaclient.plugins...
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.automember
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.automount
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.ca
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.cert
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.certmap
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.certprofile
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.csrgen
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.dns
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.hbacrule
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.hbactest
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.host
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.idrange
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.internal
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.location
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.migration
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.misc
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.otptoken
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.otptoken_yubikey
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.passwd
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.permission
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.rpcclient
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.server
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.service
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.sudorule
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.topology
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.trust
> 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.user
> 2019-06-11T04:45:39Z DEBUG importing plugin module
ipaclient.plugins.vault
> 2019-06-11T04:45:41Z DEBUG found session_cookie in persistent storage
for principal 'host/ipa-irvlt01.shs.dc(a)SHS.DC', cookie:
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d'
> 2019-06-11T04:45:41Z DEBUG setting session_cookie into context
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
> 2019-06-11T04:45:41Z INFO trying
https://ipa-irvlt01.shs.dc/ipa/session/json
> 2019-06-11T04:45:41Z DEBUG New HTTP connection (ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:41Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:41Z DEBUG storing cookie
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:41Z DEBUG Created connection
context.rpcclient_140569419915472
> 2019-06-11T04:45:41Z DEBUG Try RPC connection
> 2019-06-11T04:45:41Z INFO [try 1]: Forwarding 'ping' to json server '
https://ipa-irvlt01.shs.dc/ipa/session/json'
> 2019-06-11T04:45:41Z DEBUG HTTP connection keep-alive
(ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:41Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:41Z DEBUG storing cookie
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:41Z INFO [try 1]: Forwarding 'ca_is_enabled' to json
server 'https://ipa-irvlt01.shs.dc/ipa/session/json'
> 2019-06-11T04:45:41Z DEBUG HTTP connection keep-alive
(ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:42Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:42Z DEBUG storing cookie
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:42Z DEBUG Starting external process
> 2019-06-11T04:45:42Z DEBUG args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
-N -f /etc/ipa/nssdb/pwdfile.txt -f /etc/ipa/nssdb/pwdfile.txt
> 2019-06-11T04:45:42Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:42Z DEBUG stdout=
> 2019-06-11T04:45:42Z DEBUG stderr=
> 2019-06-11T04:45:42Z DEBUG retrieving schema for SchemaCache
url=ldap://ipa-irvlt01.shs.dc:389 conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x7fd8de1109e0>
> 2019-06-11T04:45:42Z DEBUG Adding CA certificates to the IPA NSS
database.
> 2019-06-11T04:45:42Z DEBUG Starting external process
> 2019-06-11T04:45:42Z DEBUG args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
-A -n SHS.DC IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt
> 2019-06-11T04:45:42Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:42Z DEBUG stdout=
> 2019-06-11T04:45:42Z DEBUG stderr=
> 2019-06-11T04:45:42Z DEBUG Starting external process
> 2019-06-11T04:45:42Z DEBUG args=/usr/bin/update-ca-trust
> 2019-06-11T04:45:43Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:43Z DEBUG stdout=
> 2019-06-11T04:45:43Z DEBUG stderr=
> 2019-06-11T04:45:43Z INFO Systemwide CA database updated.
> 2019-06-11T04:45:43Z INFO Adding SSH public key from
/etc/ssh/ssh_host_rsa_key.pub
> 2019-06-11T04:45:43Z INFO Adding SSH public key from
/etc/ssh/ssh_host_ecdsa_key.pub
> 2019-06-11T04:45:43Z INFO Adding SSH public key from
/etc/ssh/ssh_host_ed25519_key.pub
> 2019-06-11T04:45:43Z INFO [try 1]: Forwarding 'host_mod' to json server
'
https://ipa-irvlt01.shs.dc/ipa/session/json'
> 2019-06-11T04:45:43Z DEBUG HTTP connection keep-alive
(ipa-irvlt01.shs.dc)
> 2019-06-11T04:45:43Z DEBUG received Set-Cookie (<type
'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']'
> 2019-06-11T04:45:43Z DEBUG storing cookie
'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;'
for principal host/ipa-irvlt01.shs.dc(a)SHS.DC
> 2019-06-11T04:45:43Z DEBUG Writing nsupdate commands to
/etc/ipa/.dns_update.txt:
> 2019-06-11T04:45:43Z DEBUG debug
> update delete ipa-irvlt01.shs.dc. IN SSHFP
> show
> send
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 1 1
8C086D5EB8E07C7FB7C8199337465653FD44157B
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 1 2
16B52DB2A82429E7C3F539D47E50ECFB26C37396F19BEF17498544A2F1A3C596
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 3 1
4078E00364D16D98110636AFE3987AC8215EE043
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 3 2
AA040F6C5CF2E406A9B509EC808FC9F7EDCEEFE3C84EB0A88936CF9931C04FBE
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 4 1
CA942C807A76EE65C0286277675B8040C23C5056
> update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 4 2
4ED827CF7FDC50CC0A7356A513A1DDAEF85445F087CA5553C98D2FB6519BED88
> show
> send
>
> 2019-06-11T04:45:43Z DEBUG Starting external process
> 2019-06-11T04:45:43Z DEBUG args=/usr/bin/nsupdate -g
/etc/ipa/.dns_update.txt
> 2019-06-11T04:45:44Z DEBUG Process finished, return code=1
> 2019-06-11T04:45:44Z DEBUG stdout=Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> ipa-irvlt01.shs.dc. 0 ANY SSHFP
>
>
> 2019-06-11T04:45:44Z DEBUG stderr=Reply from SOA query:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55150
> ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
1
> ;; QUESTION SECTION:
> ;ipa-irvlt01.shs.dc. IN SOA
>
> ;; AUTHORITY SECTION:
> shs.dc. 3600 IN SOA dc-irvwp01.shs.dc.
hostmaster.shs.dc. 30567 900 600 86400 3600
>
> ;; ADDITIONAL SECTION:
> dc-irvwp01.shs.dc. 3600 IN A 10.1.64.11
>
> Found zone name: shs.dc
> The master is: dc-irvwp01.shs.dc
> start_gssrequest
> tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor
code may provide more information, Minor = Server
DNS/dc-irvwp01.shs.dc(a)SHS.DC not found in Kerberos database.
>
> 2019-06-11T04:45:44Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate
-g /etc/ipa/.dns_update.txt' returned non-zero exit status 1
> 2019-06-11T04:45:44Z WARNING Could not update DNS SSHFP records.
> 2019-06-11T04:45:44Z DEBUG Starting external process
> 2019-06-11T04:45:44Z DEBUG args=/bin/systemctl list-unit-files --full
> 2019-06-11T04:45:44Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:44Z DEBUG stdout=UNIT FILE
STATE
> proc-sys-fs-binfmt_misc.automount static
> dev-hugepages.mount static
> dev-mqueue.mount static
> proc-fs-nfsd.mount static
> proc-sys-fs-binfmt_misc.mount static
> sys-fs-fuse-connections.mount static
> sys-kernel-config.mount static
> sys-kernel-debug.mount static
> tmp.mount disabled
> var-lib-nfs-rpc_pipefs.mount static
> brandbot.path enabled
> systemd-ask-password-console.path static
> systemd-ask-password-plymouth.path static
> systemd-ask-password-wall.path static
> session-1.scope static
> arp-ethers.service disabled
> auditd.service enabled
> auth-rpcgss-module.service static
> autofs.service disabled
> autovt@.service enabled
> blk-availability.service disabled
> brandbot.service static
> certmonger.service enabled
> chrony-dnssrv@.service static
> chrony-wait.service disabled
> chronyd.service disabled
> console-getty.service disabled
> console-shell.service disabled
> container-getty@.service static
> cpupower.service disabled
> crond.service enabled
> dbus-org.fedoraproject.FirewallD1.service enabled
> dbus-org.freedesktop.hostname1.service static
> dbus-org.freedesktop.import1.service static
> dbus-org.freedesktop.locale1.service static
> dbus-org.freedesktop.login1.service static
> dbus-org.freedesktop.machine1.service static
> dbus-org.freedesktop.timedate1.service static
> dbus.service static
> debug-shell.service disabled
> dirsrv@.service enabled
> dm-event.service static
> dracut-cmdline.service static
> dracut-initqueue.service static
> dracut-mount.service static
> dracut-pre-mount.service static
> dracut-pre-pivot.service static
> dracut-pre-trigger.service static
> dracut-pre-udev.service static
> dracut-shutdown.service static
> ebtables.service disabled
> emergency.service static
> firewalld.service enabled
> fstrim.service static
> getty@.service enabled
> gssproxy.service disabled
> halt-local.service static
> hsqldb.service disabled
> htcacheclean.service static
> httpd.service disabled
> initrd-cleanup.service static
> initrd-parse-etc.service static
> initrd-switch-root.service static
> initrd-udevadm-cleanup-db.service static
> ipa-custodia.service disabled
> ipa-dnskeysyncd.service disabled
> ipa-ods-exporter.service disabled
> ipa-otpd@.service static
> ipa.service disabled
> iprdump.service disabled
> iprinit.service disabled
> iprupdate.service disabled
> irqbalance.service enabled
> kadmin.service disabled
> kdump.service disabled
> kmod-static-nodes.service static
> kprop.service disabled
> krb5kdc.service disabled
> lvm2-lvmetad.service static
> lvm2-lvmpolld.service static
> lvm2-monitor.service enabled
> lvm2-pvscan@.service static
> messagebus.service static
> microcode.service enabled
> NetworkManager-dispatcher.service disabled
> NetworkManager-wait-online.service disabled
> NetworkManager.service disabled
> nfs-blkmap.service disabled
> nfs-config.service static
> nfs-idmap.service static
> nfs-idmapd.service static
> nfs-lock.service static
> nfs-mountd.service static
> nfs-rquotad.service disabled
> nfs-secure.service static
> nfs-server.service disabled
> nfs-utils.service static
> nfs.service disabled
> nfslock.service static
> ntpd.service disabled
> ntpdate.service disabled
> oddjobd.service enabled
> pki-tomcatd-nuxwdog@.service static
> pki-tomcatd@.service enabled
> plymouth-halt.service disabled
> plymouth-kexec.service disabled
> plymouth-poweroff.service disabled
> plymouth-quit-wait.service disabled
> plymouth-quit.service disabled
> plymouth-read-write.service disabled
> plymouth-reboot.service disabled
> plymouth-start.service disabled
> plymouth-switch-root.service static
> polkit.service static
> postfix.service enabled
> quotaon.service static
> rc-local.service static
> rdisc.service disabled
> rescue.service static
> rhel-autorelabel-mark.service enabled
> rhel-autorelabel.service enabled
> rhel-configure.service enabled
> rhel-dmesg.service enabled
> rhel-domainname.service disabled
> rhel-import-state.service enabled
> rhel-loadmodules.service enabled
> rhel-readonly.service enabled
> rpc-gssd.service static
> rpc-rquotad.service disabled
> rpc-statd-notify.service static
> rpc-statd.service static
> rpcbind.service enabled
> rpcgssd.service static
> rpcidmapd.service static
> rsyslog.service enabled
> selinux-policy-migrate-local-changes@.service static
> serial-getty@.service disabled
> sshd-keygen.service static
> sshd.service enabled
> sshd@.service static
> sssd-autofs.service indirect
> sssd-ifp.service static
> sssd-nss.service indirect
> sssd-pac.service indirect
> sssd-pam.service indirect
> sssd-secrets.service indirect
> sssd-ssh.service indirect
> sssd-sudo.service indirect
> sssd.service disabled
> systemd-ask-password-console.service static
> systemd-ask-password-plymouth.service static
> systemd-ask-password-wall.service static
> systemd-backlight@.service static
> systemd-binfmt.service static
> systemd-bootchart.service disabled
> systemd-firstboot.service static
> systemd-fsck-root.service static
> systemd-fsck@.service static
> systemd-halt.service static
> systemd-hibernate-resume@.service static
> systemd-hibernate.service static
> systemd-hostnamed.service static
> systemd-hwdb-update.service static
> systemd-hybrid-sleep.service static
> systemd-importd.service static
> systemd-initctl.service static
> systemd-journal-catalog-update.service static
> systemd-journal-flush.service static
> systemd-journald.service static
> systemd-kexec.service static
> systemd-localed.service static
> systemd-logind.service static
> systemd-machine-id-commit.service static
> systemd-machined.service static
> systemd-modules-load.service static
> systemd-nspawn@.service disabled
> systemd-poweroff.service static
> systemd-quotacheck.service static
> systemd-random-seed.service static
> systemd-readahead-collect.service enabled
> systemd-readahead-done.service indirect
> systemd-readahead-drop.service enabled
> systemd-readahead-replay.service enabled
> systemd-reboot.service static
> systemd-remount-fs.service static
> systemd-rfkill@.service static
> systemd-shutdownd.service static
> systemd-suspend.service static
> systemd-sysctl.service static
> systemd-timedated.service static
> systemd-tmpfiles-clean.service static
> systemd-tmpfiles-setup-dev.service static
> systemd-tmpfiles-setup.service static
> systemd-udev-settle.service static
> systemd-udev-trigger.service static
> systemd-udevd.service static
> systemd-update-done.service static
> systemd-update-utmp-runlevel.service static
> systemd-update-utmp.service static
> systemd-user-sessions.service static
> systemd-vconsole-setup.service static
> teamd@.service static
> tomcat.service disabled
> tomcat@.service disabled
> tuned.service enabled
> usbguard.service enabled
> vgauthd.service enabled
> vmtoolsd.service enabled
> wpa_supplicant.service disabled
> -.slice static
> machine.slice static
> system.slice static
> user-0.slice static
> user.slice static
> dbus.socket static
> dm-event.socket enabled
> ipa-ods-exporter.socket disabled
> ipa-otpd.socket disabled
> lvm2-lvmetad.socket enabled
> lvm2-lvmpolld.socket enabled
> rpcbind.socket enabled
> sshd.socket disabled
> sssd-autofs.socket disabled
> sssd-nss.socket disabled
> sssd-pac.socket disabled
> sssd-pam-priv.socket disabled
> sssd-pam.socket disabled
> sssd-secrets.socket disabled
> sssd-ssh.socket disabled
> sssd-sudo.socket disabled
> syslog.socket static
> systemd-initctl.socket static
> systemd-journald.socket static
> systemd-shutdownd.socket static
> systemd-udevd-control.socket static
> systemd-udevd-kernel.socket static
> basic.target static
> bluetooth.target static
> cryptsetup-pre.target static
> cryptsetup.target static
> ctrl-alt-del.target disabled
> default.target enabled
> dirsrv.target enabled
> emergency.target static
> final.target static
> getty-pre.target static
> getty.target static
> graphical.target static
> halt.target disabled
> hibernate.target static
> hybrid-sleep.target static
> initrd-fs.target static
> initrd-root-fs.target static
> initrd-switch-root.target static
> initrd.target static
> iprutils.target disabled
> kexec.target disabled
> local-fs-pre.target static
> local-fs.target static
> machines.target disabled
> multi-user.target enabled
> network-online.target static
> network-pre.target static
> network.target static
> nfs-client.target enabled
> nss-lookup.target static
> nss-user-lookup.target static
> paths.target static
> pki-tomcatd-nuxwdog.target disabled
> pki-tomcatd.target disabled
> poweroff.target disabled
> printer.target static
> reboot.target disabled
> remote-cryptsetup.target disabled
> remote-fs-pre.target static
> remote-fs.target enabled
> rescue.target disabled
> rpc_pipefs.target static
> rpcbind.target static
> runlevel0.target disabled
> runlevel1.target disabled
> runlevel2.target enabled
> runlevel3.target enabled
> runlevel4.target enabled
> runlevel5.target static
> runlevel6.target disabled
> shutdown.target static
> sigpwr.target static
> sleep.target static
> slices.target static
> smartcard.target static
> sockets.target static
> sound.target static
> suspend.target static
> swap.target static
> sysinit.target static
> system-update.target static
> time-sync.target static
> timers.target static
> umount.target static
> chrony-dnssrv@.timer disabled
> fstrim.timer disabled
> systemd-readahead-done.timer indirect
> systemd-tmpfiles-clean.timer static
>
> 304 unit files listed.
>
> 2019-06-11T04:45:44Z DEBUG stderr=
> 2019-06-11T04:45:44Z DEBUG Starting external process
> 2019-06-11T04:45:44Z DEBUG args=/bin/systemctl list-unit-files --full
> 2019-06-11T04:45:44Z DEBUG Process finished, return code=0
> 2019-06-11T04:45:44Z DEBUG stdout=UNIT FILE
STATE
> proc-sys-fs-binfmt_misc.automount static
> dev-hugepages.mount static
> dev-mqueue.mount static
> proc-fs-nfsd.mount static
> proc-sys-fs-binfmt_misc.mount static
> sys-fs-fuse-connections.mount static
> sys-kernel-config.mount static
> sys-kernel-debug.mount static
> tmp.mount disabled
> var-lib-nfs-rpc_pipefs.mount static
> brandbot.path enabled
> systemd-ask-password-console.path static
> systemd-ask-password-plymouth.path static
> systemd-ask-password-wall.path static
> session-1.scope static
> arp-ethers.service disabled
> auditd.service enabled
> auth-rpcgss-module.service static
> autofs.service disabled
> autovt@.service enabled
> blk-availability.service disabled
> brandbot.service static
> certmonger.service enabled
> chrony-dnssrv@.service static
> chrony-wait.service disabled
> chronyd.service disabled
> console-getty.service disabled
> console-shell.service disabled
> container-getty@.service static
> cpupower.service disabled
> crond.service enabled
> dbus-org.fedoraproject.FirewallD1.service enabled
> dbus-org.freedesktop.hostname1.service static
> dbus-org.freedesktop.import1.service static
> dbus-org.freedesktop.locale1.service static
> dbus-org.freedesktop.login1.service static
> dbus-org.freedesktop.machine1.service static
> dbus-org.freedesktop.timedate1.service static
> dbus.service static
> debug-shell.service disabled
> dirsrv@.service enabled
> dm-event.service static
> dracut-cmdline.service static
> dracut-initqueue.service static
> dracut-mount.service static
> dracut-pre-mount.service static
> dracut-pre-pivot.service static
> dracut-pre-trigger.service static
> dracut-pre-udev.service static
> dracut-shutdown.service static
> ebtables.service disabled
> emergency.service static
> firewalld.service enabled
> fstrim.service static
> getty@.service enabled
> gssproxy.service disabled
> halt-local.service static
> hsqldb.service disabled
> htcacheclean.service static
> httpd.service disabled
> initrd-cleanup.service static
> initrd-parse-etc.service static
> initrd-switch-root.service static
> initrd-udevadm-cleanup-db.service static
> ipa-custodia.service disabled
> ipa-dnskeysyncd.service disabled
> ipa-ods-exporter.service disabled
> ipa-otpd@.service static
> ipa.service disabled
> iprdump.service disabled
> iprinit.service disabled
> iprupdate.service disabled
> irqbalance.service enabled
> kadmin.service disabled
> kdump.service disabled
> kmod-static-nodes.service static
> kprop.service disabled
> krb5kdc.service disabled
> lvm2-lvmetad.service static
> lvm2-lvmpolld.service static
> lvm2-monitor.service enabled
> lvm2-pvscan@.service static
> messagebus.service static
> microcode.service enabled
> NetworkManager-dispatcher.service disabled
> NetworkManager-wait-online.service disabled
> NetworkManager.service disabled
> nfs-blkmap.service disabled
> nfs-config.service static
> nfs-idmap.service static
> nfs-idmapd.service static
> nfs-lock.service static
> nfs-mountd.service static
> nfs-rquotad.service disabled
> nfs-secure.service static
> nfs-server.service disabled
> nfs-utils.service static
> nfs.service disabled
> nfslock.service static
> ntpd.service disabled
> ntpdate.service disabled
> oddjobd.service enabled
> pki-tomcatd-nuxwdog@.service static
> pki-tomcatd@.service enabled
> plymouth-halt.service disabled
> plymouth-kexec.service disabled
> plymouth-poweroff.service disabled
> plymouth-quit-wait.service disabled
> plymouth-quit.service disabled
> plymouth-read-write.service disabled
> plymouth-reboot.service disabled
> plymouth-start.service disabled
> plymouth-switch-root.service static
> polkit.service static
> postfix.service enabled
> quotaon.service static
> rc-local.service static
> rdisc.service disabled
> rescue.service static
> rhel-autorelabel-mark.service enabled
> rhel-autorelabel.service enabled
> rhel-configure.service enabled
> rhel-dmesg.service enabled
> rhel-domainname.service disabled
> rhel-import-state.service enabled
> rhel-loadmodules.service enabled
> rhel-readonly.service enabled
> rpc-gssd.service static
> rpc-rquotad.service disabled
> rpc-statd-notify.service static
> rpc-statd.service static
> rpcbind.service enabled
> rpcgssd.service static
> rpcidmapd.service static
> rsyslog.service enabled
> selinux-policy-migrate-local-changes@.service static
> serial-getty@.service disabled
> sshd-keygen.service static
> sshd.service enabled
> sshd@.service static
> sssd-autofs.service indirect
> sssd-ifp.service static
> sssd-nss.service indirect
> sssd-pac.service indirect
> sssd-pam.service indirect
> sssd-secrets.service indirect
> sssd-ssh.service indirect
> sssd-sudo.service indirect
> sssd.service disabled
> systemd-ask-password-console.service static
> systemd-ask-password-plymouth.service static
> systemd-ask-password-wall.service static
> systemd-backlight@.service static
> systemd-binfmt.service static
> systemd-bootchart.service disabled
> systemd-firstboot.service static
> systemd-fsck-root.service static
> systemd-fsck@.service static
> systemd-halt.service static
> systemd-hibernate-resume@.service static
> systemd-hibernate.service static
> systemd-hostnamed.service static
> systemd-hwdb-update.service static
> systemd-hybrid-sleep.service static
> systemd-importd.service static
> systemd-initctl.service static
> systemd-journal-catalog-update.service static
> systemd-journal-flush.service static
> systemd-journald.service static
> systemd-kexec.service static
> systemd-localed.service static
> systemd-logind.service static
> systemd-machine-id-commit.service static
> systemd-machined.service static
> systemd-modules-load.service static
> systemd-nspawn@.service disabled
> systemd-poweroff.service static
> systemd-quotacheck.service static
> systemd-random-seed.service static
> systemd-readahead-collect.service enabled
> systemd-readahead-done.service indirect
> systemd-readahead-drop.service enabled
> systemd-readahead-replay.service enabled
> systemd-reboot.service static
> systemd-remount-fs.service static
> systemd-rfkill@.service static
> systemd-shutdownd.service static
> systemd-suspend.service static
> systemd-sysctl.service static
> systemd-timedated.service static
> systemd-tmpfiles-clean.service static
> systemd-tmpfiles-setup-dev.service static
> systemd-tmpfiles-setup.service static
> systemd-udev-settle.service static
> systemd-udev-trigger.service static
> systemd-udevd.service static
> systemd-update-done.service static
> systemd-update-utmp-runlevel.service static
> systemd-update-utmp.service static
> systemd-user-sessions.service static
> systemd-vconsole-setup.service static
> teamd@.service static
> tomcat.service disabled
> tomcat@.service disabled
> tuned.service enabled
> usbguard.service enabled
> vgauthd.service enabled
> vmtoolsd.service enabled
> wpa_supplicant.service disabled
> -.slice static
> machine.slice static
> system.slice static
> user-0.slice static
> user.slice static
> dbus.socket static
> dm-event.socket enabled
> ipa-ods-exporter.socket disabled
> ipa-otpd.socket disabled
> lvm2-lvmetad.socket enabled
> lvm2-lvmpolld.socket enabled
> rpcbind.socket enabled
> sshd.socket disabled
> sssd-autofs.socket disabled
> sssd-nss.socket disabled
> sssd-pac.socket disabled
> sssd-pam-priv.socket disabled
> sssd-pam.socket disabled
> sssd-secrets.socket disabled
> sssd-ssh.socket disabled
> sssd-sudo.socket disabled
> syslog.socket static
> systemd-initctl.socket static
> systemd-journald.socket static
> systemd-shutdownd.socket static
> systemd-udevd-control.socket static
> systemd-udevd-kernel.socket static
> basic.target static
> bluetooth.target static
> cryptsetup-pre.target static
> cryptsetup.target static
> ctrl-alt-del.target disabled
> default.target enabled
> dirsrv.target enabled
> emergency.target static
> final.target static
> getty-pre.target static
> getty.target static
> graphical.target static
> halt.target disabled
> hibernate.target static
> hybrid-sleep.target static
> initrd-fs.target static
> initrd-root-fs.target static
> initrd-switch-root.target static
> initrd.target static
> iprutils.target disabled
> kexec.target disabled
> local-fs-pre.target static
> local-fs.target static
> machines.target disabled
> multi-user.target enabled
> network-online.target static
> network-pre.target static
> network.target static
> nfs-client.target enabled
> nss-lookup.target static
> nss-user-lookup.target static
> paths.target static
> pki-tomcatd-nuxwdog.target disabled
> pki-tomcatd.target disabled
> poweroff.target disabled
> printer.target static
> reboot.target disabled
> remote-cryptsetup.target disabled
> remote-fs-pre.target static
> remote-fs.target enabled
> rescue.target disabled
> rpc_pipefs.target static
> rpcbind.target static
> runlevel0.target disabled
> runlevel1.target disabled
> runlevel2.target enabled
> runlevel3.target enabled
> runlevel4.target enabled
> runlevel5.target static
> runlevel6.target disabled
> shutdown.target static
> sigpwr.target static
> sleep.target static
> slices.target static
> smartcard.target static
> sockets.target static
> sound.target static
> suspend.target static
> swap.target static
> sysinit.target static
> system-update.target static
> time-sync.target static
> timers.target static
> umount.target