Hello everyone,

 

I’m trying to add a CentOS 7 64bit host to our FreeIPA domain.

 

Client FreeIPA is 4.5.4-10

Server FreeIPA is 4.4.0

 

Client FreeIPA rpms:

ipa-common-4.5.4-10.el7.centos.3.noarch

python-ipaddress-1.0.16-2.el7.noarch

python2-ipalib-4.5.4-10.el7.centos.3.noarch

ipa-client-4.5.4-10.el7.centos.3.x86_64

ipa-client-common-4.5.4-10.el7.centos.3.noarch

libipa_hbac-1.16.0-19.el7_5.5.x86_64

python-iniparse-0.4-9.el7.noarch

sssd-ipa-1.16.0-19.el7_5.5.x86_64

python2-ipaclient-4.5.4-10.el7.centos.3.noarch

python-libipa_hbac-1.16.0-19.el7_5.5.x86_64

 

The basic steps to reproduce are:

1.       Populate /etc/krb5.conf for IPA.GENERIC.ZONE realm

 

2.       kinit admin   # for IPA.GENERIC.ZONE

 

3.       ipa-client-install --mkhomedir --no-ntp --ssh-trust-dns --enable-dns-updates

 

Here’s where the errors start:

 

Enrolled in IPA realm IPA.GENERIC.ZONE

Created /etc/ipa/default.conf

New SSSD config will be created

Configured sudoers in /etc/nsswitch.conf

Configured /etc/sssd/sssd.conf

Configured /etc/krb5.conf for IPA realm IPA.GENERIC.ZONE

trying https://sl1mmgplidm0001.ipa.generic.zone/ipa/json

Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

[root@sl1aosplsecweb2 ~]# less /var/log/ipaclient-install.log

  File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3628, in main

    install(self)

  File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2348, in install

    _install(options)

  File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2694, in _install

    api.finalize()

  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 714, in finalize

    self.__do_if_not_done('load_plugins')

  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 421, in __do_if_not_done

    getattr(self, name)()

  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 592, in load_plugins

    for package in self.packages:

  File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 948, in packages

    ipaclient.remote_plugins.get_package(self),

  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package

    plugins = schema.get_package(server_info, client)

  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 537, in get_package

    schema = Schema(client)

  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 385, in __init__

    fingerprint, ttl = self._fetch(client, ignore_cache=read_failed)

  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 397, in _fetch

    client.connect(verbose=False)

  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect

    conn = self.create_connection(*args, **kw)

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1034, in create_connection

    command([], {})

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1246, in _call

    return self.__request(name, args)

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1213, in __request

    verbose=self.__verbose >= 3,

  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request

    return self.single_request(host, handler, request_body, verbose)

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 677, in single_request

    self.get_auth_info()

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 629, in get_auth_info

    self._handle_exception(e, service=service)

  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 588, in _handle_exception

    raise errors.KerberosError(message=unicode(e))

 

2018-07-11T21:39:19Z DEBUG The ipa-client-install command failed, exception: KerberosError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS

2018-07-11T21:39:19Z ERROR Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638972): KDC returned error string: PROCESS_TGS

2018-07-11T21:39:19Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

 

If it would help I can attach the entire ipaclient-install.log file

 

 

Thank you for your help

--Jim