9:29 a.m.
I'd like to introduce a new tool for an IPA adminstrators tool kit we're
working on, currently in a beta state and shipping in Fedora 29+.
ipa-healthcheck is proactive tool for identifying current, potential and
future issues within an IPA installation.
It executes a series of checks in the areas of certificates, AD trust,
replication and the filesystem (and a few others). These checks can
return a success, warning or error. Any check executed will return a
value, the idea being if something with the check blows up and causes it
to not execute you'd otherwise not know and would have a false sense of
security.
A systemd timer is configured which will execute this on a nightly
basis, dumping the output in JSON format in /var/log/ipa/healthcheck/.
It can also be executed from the command-line as root and requires an
admin Kerberos ticket. From the command-line it is probably most useful
to use the --failures-only option in order to suppress the SUCCESS
messages: no news is good news in this case.
It currently only works with IPA 4.7.2+. Will we backport to 4.6? I
don't know yet.
I'd appreciate any feedback on whether it:
- is helpful
- works
- doesn't report false positives
- is usable: a lot of the output is what I think would be useful but we
won't know until applied in the real world
- does what you need. We can add more checks so if you have ideas please
let us know
Note that there are a few things we run that just produce output that
needs to be analyzed separately. DNA range checking is an example. It is
perfectly fine to not have a DNA range assigned on all masters but you'd
want to know if you had none defined on all masters.
thanks
rob
12:06 p.m.
Sounds great! Where do we find this tool? In an upcoming release or as a stand-alone
package?
John
On 14 Jun 2019, at 16:29, Rob Crittenden via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
I'd like to introduce a new tool for an IPA adminstrators tool kit we're
working on, currently in a beta state and shipping in Fedora 29+.
ipa-healthcheck is proactive tool for identifying current, potential and
future issues within an IPA installation.
It executes a series of checks in the areas of certificates, AD trust,
replication and the filesystem (and a few others). These checks can
return a success, warning or error. Any check executed will return a
value, the idea being if something with the check blows up and causes it
to not execute you'd otherwise not know and would have a false sense of
security.
A systemd timer is configured which will execute this on a nightly
basis, dumping the output in JSON format in /var/log/ipa/healthcheck/.
It can also be executed from the command-line as root and requires an
admin Kerberos ticket. From the command-line it is probably most useful
to use the --failures-only option in order to suppress the SUCCESS
messages: no news is good news in this case.
It currently only works with IPA 4.7.2+. Will we backport to 4.6? I
don't know yet.
I'd appreciate any feedback on whether it:
- is helpful
- works
- doesn't report false positives
- is usable: a lot of the output is what I think would be useful but we
won't know until applied in the real world
- does what you need. We can add more checks so if you have ideas please
let us know
Note that there are a few things we run that just produce output that
needs to be analyzed separately. DNA range checking is an example. It is
perfectly fine to not have a DNA range assigned on all masters but you'd
want to know if you had none defined on all masters.
thanks
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
12:20 p.m.
John Keates via FreeIPA-users wrote:
Sounds great! Where do we find this tool? In an upcoming release or
as a stand-alone package?
It's a standalone package, freeipa-healthcheck.
rob
John
> On 14 Jun 2019, at 16:29, Rob Crittenden via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
> I'd like to introduce a new tool for an IPA adminstrators tool kit we're
> working on, currently in a beta state and shipping in Fedora 29+.
>
> ipa-healthcheck is proactive tool for identifying current, potential and
> future issues within an IPA installation.
>
> It executes a series of checks in the areas of certificates, AD trust,
> replication and the filesystem (and a few others). These checks can
> return a success, warning or error. Any check executed will return a
> value, the idea being if something with the check blows up and causes it
> to not execute you'd otherwise not know and would have a false sense of
> security.
>
> A systemd timer is configured which will execute this on a nightly
> basis, dumping the output in JSON format in /var/log/ipa/healthcheck/.
>
> It can also be executed from the command-line as root and requires an
> admin Kerberos ticket. From the command-line it is probably most useful
> to use the --failures-only option in order to suppress the SUCCESS
> messages: no news is good news in this case.
>
> It currently only works with IPA 4.7.2+. Will we backport to 4.6? I
> don't know yet.
>
> I'd appreciate any feedback on whether it:
>
> - is helpful
> - works
> - doesn't report false positives
> - is usable: a lot of the output is what I think would be useful but we
> won't know until applied in the real world
> - does what you need. We can add more checks so if you have ideas please
> let us know
>
> Note that there are a few things we run that just produce output that
> needs to be analyzed separately. DNA range checking is an example. It is
> perfectly fine to not have a DNA range assigned on all masters but you'd
> want to know if you had none defined on all masters.
>
> thanks
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
12:47 p.m.
Hello Rob,
for me it is not working. I installed the
freeipa-healthcheck-0.2-3.fc31.noarch on a Fedora release 31 (Rawhide)
and have on the VM the following packages installed:
freeipa-server-4.7.90.pre1-6.fc31.x86_6 and
krb5-server-1.17-30.fc31.x86_64 krb5-workstation-1.17-30.fc31.x86_64
But after getting a TGT somethings is wrong:
ipa-healthcheck --failures-only --debug
...
raw: server_find('', sizelimit=0, version='2.231', no_members=False)
server_find(None, sizelimit=0, all=False, raw=False, version='2.231',
no_members=False, pkey_only=False)
raw: topologysuffix_find(None, all=True, raw=True, version='2.231')
topologysuffix_find(None, all=True, raw=True, version='2.231',
pkey_only=False)
raw: server_role_find(None, server_server='ipaserver.linux.fritz.box',
status='enabled', include_master=True, version='2.231')
server_role_find(None, server_server='ipaserver.linux.fritz.box',
status='enabled', include_master=True, all=False, raw=False,
version='2.231')
raw: topologysegment_find('ca', None, sizelimit=0, version='2.231')
topologysegment_find('ca', None, sizelimit=0, all=False, raw=False,
version='2.231', pkey_only=False)
Calling check <ipahealthcheck.ipa.trust.IPATrustAgentCheck object at
0x7f44008562b0>
Not a trust agent, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustDomainsCheck object at
0x7f44008264a8>
Not a trust agent, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustCatalogCheck object at
0x7f4400831780>
Not a trust agent, skipping
Calling check <ipahealthcheck.ipa.trust.IPAsidgenpluginCheck object at
0x7f44008260f0>
Not a trust agent, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustAgentMemberCheck object
at 0x7f4400846e80>
Not a trust agent, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustControllerPrincipalCheck
object at 0x7f44007d96d8>
Not a trust controller, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustControllerServiceCheck
object at 0x7f4400846390>
Not a trust controller, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustControllerConfCheck
object at 0x7f44007e6eb8>
Not a trust controller, skipping
Calling check <ipahealthcheck.ipa.trust.IPATrustControllerGroupSIDCheck
object at 0x7f44007fb630>
Not a trust controller, skipping
Calling check <ipahealthcheck.meta.core.MetaCheck object at 0x7f4400806a58>
Calling check
<ipahealthcheck.system.filesystemspace.FileSystemSpaceCheck object at
0x7f4400806b00>
[{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
"severity": 2, "uuid":
"496bf36b-b455-45aa-b4fe-fb0ba7463f7a", "when":
"20190614174442Z", "duration": "0.010664", "kw":
{"msg": "Failed to
obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
may provide more information, Minor (2529639122): Pre-authentication
failed: Invalid argument"}}][root@ipaserver ~]#
With another account the same error. Did i make something wrong?
Regards from Germany
Dirk
Am 14.06.19 um 19:20 schrieb Rob Crittenden via FreeIPA-users:
John Keates via FreeIPA-users wrote:
> Sounds great! Where do we find this tool? In an upcoming release or as a stand-alone
package?
It's a standalone package, freeipa-healthcheck.
rob
> John
>
>> On 14 Jun 2019, at 16:29, Rob Crittenden via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>>
>> I'd like to introduce a new tool for an IPA adminstrators tool kit we're
>> working on, currently in a beta state and shipping in Fedora 29+.
>>
>> ipa-healthcheck is proactive tool for identifying current, potential and
>> future issues within an IPA installation.
>>
>> It executes a series of checks in the areas of certificates, AD trust,
>> replication and the filesystem (and a few others). These checks can
>> return a success, warning or error. Any check executed will return a
>> value, the idea being if something with the check blows up and causes it
>> to not execute you'd otherwise not know and would have a false sense of
>> security.
>>
>> A systemd timer is configured which will execute this on a nightly
>> basis, dumping the output in JSON format in /var/log/ipa/healthcheck/.
>>
>> It can also be executed from the command-line as root and requires an
>> admin Kerberos ticket. From the command-line it is probably most useful
>> to use the --failures-only option in order to suppress the SUCCESS
>> messages: no news is good news in this case.
>>
>> It currently only works with IPA 4.7.2+. Will we backport to 4.6? I
>> don't know yet.
>>
>> I'd appreciate any feedback on whether it:
>>
>> - is helpful
>> - works
>> - doesn't report false positives
>> - is usable: a lot of the output is what I think would be useful but we
>> won't know until applied in the real world
>> - does what you need. We can add more checks so if you have ideas please
>> let us know
>>
>> Note that there are a few things we run that just produce output that
>> needs to be analyzed separately. DNA range checking is an example. It is
>> perfectly fine to not have a DNA range assigned on all masters but you'd
>> want to know if you had none defined on all masters.
>>
>> thanks
>>
>> rob
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
1:30 p.m.
Dirk Streubel via FreeIPA-users wrote:
Hello Rob,
for me it is not working. I installed the
freeipa-healthcheck-0.2-3.fc31.noarch on a Fedora release 31 (Rawhide)
and have on the VM the following packages installed:
freeipa-server-4.7.90.pre1-6.fc31.x86_6 and
krb5-server-1.17-30.fc31.x86_64 krb5-workstation-1.17-30.fc31.x86_64
But after getting a TGT somethings is wrong:
ipa-healthcheck --failures-only --debug
The debug context for that particular check is missing from the snippet.
Can you run this and provide the output:
# ipa-healthcheck --source ipahealthcheck.pa.host --debug
This does the equivalent of: kinit -kt /etc/krb5.keytab
thanks
rob
2:32 p.m.
Hello Rob,
here it comes :
[root@ipaserver ~]# kinit admin
Passwort für admin(a)LINUX.FRITZ.BOX:
[root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.pa.host --debug
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
importing all plugin modules in ipaserver.plugins...
importing plugin module ipaserver.plugins.aci
importing plugin module ipaserver.plugins.automember
importing plugin module ipaserver.plugins.automount
importing plugin module ipaserver.plugins.baseldap
ipaserver.plugins.baseldap is not a valid plugin module
importing plugin module ipaserver.plugins.baseuser
importing plugin module ipaserver.plugins.batch
importing plugin module ipaserver.plugins.ca
importing plugin module ipaserver.plugins.caacl
importing plugin module ipaserver.plugins.cert
importing plugin module ipaserver.plugins.certmap
importing plugin module ipaserver.plugins.certprofile
importing plugin module ipaserver.plugins.config
importing plugin module ipaserver.plugins.delegation
importing plugin module ipaserver.plugins.dns
importing plugin module ipaserver.plugins.dnsserver
importing plugin module ipaserver.plugins.dogtag
importing plugin module ipaserver.plugins.domainlevel
importing plugin module ipaserver.plugins.group
importing plugin module ipaserver.plugins.hbac
ipaserver.plugins.hbac is not a valid plugin module
importing plugin module ipaserver.plugins.hbacrule
importing plugin module ipaserver.plugins.hbacsvc
importing plugin module ipaserver.plugins.hbacsvcgroup
importing plugin module ipaserver.plugins.hbactest
importing plugin module ipaserver.plugins.host
importing plugin module ipaserver.plugins.hostgroup
importing plugin module ipaserver.plugins.idrange
importing plugin module ipaserver.plugins.idviews
importing plugin module ipaserver.plugins.internal
importing plugin module ipaserver.plugins.join
importing plugin module ipaserver.plugins.krbtpolicy
importing plugin module ipaserver.plugins.ldap2
importing plugin module ipaserver.plugins.location
importing plugin module ipaserver.plugins.migration
importing plugin module ipaserver.plugins.misc
importing plugin module ipaserver.plugins.netgroup
importing plugin module ipaserver.plugins.otp
ipaserver.plugins.otp is not a valid plugin module
importing plugin module ipaserver.plugins.otpconfig
importing plugin module ipaserver.plugins.otptoken
importing plugin module ipaserver.plugins.passwd
importing plugin module ipaserver.plugins.permission
importing plugin module ipaserver.plugins.ping
importing plugin module ipaserver.plugins.pkinit
importing plugin module ipaserver.plugins.privilege
importing plugin module ipaserver.plugins.pwpolicy
importing plugin module ipaserver.plugins.rabase
ipaserver.plugins.rabase is not a valid plugin module
importing plugin module ipaserver.plugins.radiusproxy
importing plugin module ipaserver.plugins.realmdomains
importing plugin module ipaserver.plugins.role
importing plugin module ipaserver.plugins.schema
importing plugin module ipaserver.plugins.selfservice
importing plugin module ipaserver.plugins.selinuxusermap
importing plugin module ipaserver.plugins.server
importing plugin module ipaserver.plugins.serverrole
importing plugin module ipaserver.plugins.serverroles
importing plugin module ipaserver.plugins.service
importing plugin module ipaserver.plugins.servicedelegation
importing plugin module ipaserver.plugins.session
importing plugin module ipaserver.plugins.stageuser
importing plugin module ipaserver.plugins.sudo
ipaserver.plugins.sudo is not a valid plugin module
importing plugin module ipaserver.plugins.sudocmd
importing plugin module ipaserver.plugins.sudocmdgroup
importing plugin module ipaserver.plugins.sudorule
importing plugin module ipaserver.plugins.topology
importing plugin module ipaserver.plugins.trust
importing plugin module ipaserver.plugins.user
importing plugin module ipaserver.plugins.vault
importing plugin module ipaserver.plugins.virtual
ipaserver.plugins.virtual is not a valid plugin module
importing plugin module ipaserver.plugins.whoami
importing plugin module ipaserver.plugins.xmlserver
Created connection context.ldap2_139625196762000
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Source 'ipahealthcheck.pa.host' not found
Did i make a mistake?
Regards
Dirk
Am 14.06.19 um 20:30 schrieb Rob Crittenden via FreeIPA-users:
> Dirk Streubel via FreeIPA-users wrote:
>> Hello Rob,
>>
>> for me it is not working. I installed the
>> freeipa-healthcheck-0.2-3.fc31.noarch on a Fedora release 31 (Rawhide)
>> and have on the VM the following packages installed:
>>
>> freeipa-server-4.7.90.pre1-6.fc31.x86_6 and
>> krb5-server-1.17-30.fc31.x86_64 krb5-workstation-1.17-30.fc31.x86_64
>>
>> But after getting a TGT somethings is wrong:
>>
>> ipa-healthcheck --failures-only --debug
> The debug context for that particular check is missing from the snippet.
> Can you run this and provide the output:
>
> # ipa-healthcheck --source ipahealthcheck.pa.host --debug
>
> This does the equivalent of: kinit -kt /etc/krb5.keytab
>
> thanks
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
2:41 p.m.
Dirk Streubel wrote:
Hello Rob,
here it comes :
[root@ipaserver ~]# kinit admin
Passwort für admin(a)LINUX.FRITZ.BOX:
[root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.pa.host --debug
Source 'ipahealthcheck.pa.host' not found
Did i make a mistake?
No, I did, I must have fat-fingered the paste in a surprising way. It
should be:
ipa-healthcheck --source ipahealthcheck.ipa.host --debug
rob
2:52 p.m.
Hello Rob,
second try ;)
[root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.ipa.host --debug
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
importing all plugin modules in ipaserver.plugins...
importing plugin module ipaserver.plugins.aci
importing plugin module ipaserver.plugins.automember
importing plugin module ipaserver.plugins.automount
importing plugin module ipaserver.plugins.baseldap
ipaserver.plugins.baseldap is not a valid plugin module
importing plugin module ipaserver.plugins.baseuser
importing plugin module ipaserver.plugins.batch
importing plugin module ipaserver.plugins.ca
importing plugin module ipaserver.plugins.caacl
importing plugin module ipaserver.plugins.cert
importing plugin module ipaserver.plugins.certmap
importing plugin module ipaserver.plugins.certprofile
importing plugin module ipaserver.plugins.config
importing plugin module ipaserver.plugins.delegation
importing plugin module ipaserver.plugins.dns
importing plugin module ipaserver.plugins.dnsserver
importing plugin module ipaserver.plugins.dogtag
importing plugin module ipaserver.plugins.domainlevel
importing plugin module ipaserver.plugins.group
importing plugin module ipaserver.plugins.hbac
ipaserver.plugins.hbac is not a valid plugin module
importing plugin module ipaserver.plugins.hbacrule
importing plugin module ipaserver.plugins.hbacsvc
importing plugin module ipaserver.plugins.hbacsvcgroup
importing plugin module ipaserver.plugins.hbactest
importing plugin module ipaserver.plugins.host
importing plugin module ipaserver.plugins.hostgroup
importing plugin module ipaserver.plugins.idrange
importing plugin module ipaserver.plugins.idviews
importing plugin module ipaserver.plugins.internal
importing plugin module ipaserver.plugins.join
importing plugin module ipaserver.plugins.krbtpolicy
importing plugin module ipaserver.plugins.ldap2
importing plugin module ipaserver.plugins.location
importing plugin module ipaserver.plugins.migration
importing plugin module ipaserver.plugins.misc
importing plugin module ipaserver.plugins.netgroup
importing plugin module ipaserver.plugins.otp
ipaserver.plugins.otp is not a valid plugin module
importing plugin module ipaserver.plugins.otpconfig
importing plugin module ipaserver.plugins.otptoken
importing plugin module ipaserver.plugins.passwd
importing plugin module ipaserver.plugins.permission
importing plugin module ipaserver.plugins.ping
importing plugin module ipaserver.plugins.pkinit
importing plugin module ipaserver.plugins.privilege
importing plugin module ipaserver.plugins.pwpolicy
importing plugin module ipaserver.plugins.rabase
ipaserver.plugins.rabase is not a valid plugin module
importing plugin module ipaserver.plugins.radiusproxy
importing plugin module ipaserver.plugins.realmdomains
importing plugin module ipaserver.plugins.role
importing plugin module ipaserver.plugins.schema
importing plugin module ipaserver.plugins.selfservice
importing plugin module ipaserver.plugins.selinuxusermap
importing plugin module ipaserver.plugins.server
importing plugin module ipaserver.plugins.serverrole
importing plugin module ipaserver.plugins.serverroles
importing plugin module ipaserver.plugins.service
importing plugin module ipaserver.plugins.servicedelegation
importing plugin module ipaserver.plugins.session
importing plugin module ipaserver.plugins.stageuser
importing plugin module ipaserver.plugins.sudo
ipaserver.plugins.sudo is not a valid plugin module
importing plugin module ipaserver.plugins.sudocmd
importing plugin module ipaserver.plugins.sudocmdgroup
importing plugin module ipaserver.plugins.sudorule
importing plugin module ipaserver.plugins.topology
importing plugin module ipaserver.plugins.trust
importing plugin module ipaserver.plugins.user
importing plugin module ipaserver.plugins.vault
importing plugin module ipaserver.plugins.virtual
ipaserver.plugins.virtual is not a valid plugin module
importing plugin module ipaserver.plugins.whoami
importing plugin module ipaserver.plugins.xmlserver
Created connection context.ldap2_140379793781648
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Calling check <ipahealthcheck.ipa.host.IPAHostKeytab object at
0x7facb6a2ac50>
Initializing principal host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
using keytab /etc/krb5.keytab
using ccache /tmp/tmp_1g2c73d/ccache
[{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
"severity": 2, "uuid":
"964f55b3-a12f-4282-b776-912892f8001a", "when":
"20190614195109Z", "duration": "0.010907", "kw":
{"msg": "Failed to
obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
[root@ipaserver ~]#
Am 14.06.19 um 21:41 schrieb Rob Crittenden via FreeIPA-users:
Dirk Streubel wrote:
> Hello Rob,
>
> here it comes :
>
>
> [root@ipaserver ~]# kinit admin
> Passwort für admin(a)LINUX.FRITZ.BOX:
> [root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.pa.host --debug
> Source 'ipahealthcheck.pa.host' not found
>
> Did i make a mistake?
No, I did, I must have fat-fingered the paste in a surprising way. It
should be:
ipa-healthcheck --source ipahealthcheck.ipa.host --debug
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
3:33 p.m.
Dirk Streubel wrote:
Hello Rob,
second try ;)
[root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.ipa.host --debug
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
...
Calling check <ipahealthcheck.ipa.host.IPAHostKeytab object at
0x7facb6a2ac50>
Initializing principal host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
using keytab /etc/krb5.keytab
using ccache /tmp/tmp_1g2c73d/ccache
[{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
"severity": 2, "uuid":
"964f55b3-a12f-4282-b776-912892f8001a", "when":
"20190614195109Z", "duration": "0.010907", "kw":
{"msg": "Failed to
obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
[root@ipaserver ~]#
Ok I'd check /var/log/krb5kdc.log on the master to see what the failure is.
Also:
# klist -kt /etc/krb5.keytab
# kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
The kvno should match between the two.
You might also try manually: kinit -kt /etc/krb5.keytab
rob
4:27 p.m.
Hello Rob,
Am 14.06.19 um 22:33 schrieb Rob Crittenden:
Dirk Streubel wrote:
> Hello Rob,
>
> second try ;)
>
> [root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.ipa.host --debug
> Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
...
> Calling check <ipahealthcheck.ipa.host.IPAHostKeytab object at
> 0x7facb6a2ac50>
> Initializing principal host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> using keytab /etc/krb5.keytab
> using ccache /tmp/tmp_1g2c73d/ccache
> [{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
> "severity": 2, "uuid":
"964f55b3-a12f-4282-b776-912892f8001a", "when":
> "20190614195109Z", "duration": "0.010907",
"kw": {"msg": "Failed to
> obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
> [root@ipaserver ~]#
Ok I'd check /var/log/krb5kdc.log on the master to see what the failure is.
Also:
# klist -kt /etc/krb5.keytab
here is the output:
[root@ipaserver ~]# klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
# kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
[root@ipaserver ~]# kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX: KVNO = 2
The kvno should match between the two.
You might also try manually: kinit -kt /etc/krb5.keytab
root@ipaserver ~]# kinit -kt /etc/krb5.keytab
kinit: Pre-authentication failed: Invalid argument bei Anfängliche
Anmeldedaten werden geholt.
Dirk
7:05 p.m.
Dirk Streubel via FreeIPA-users wrote:
Hello Rob,
Am 14.06.19 um 22:33 schrieb Rob Crittenden:
> Dirk Streubel wrote:
>> Hello Rob,
>>
>> second try ;)
>>
>> [root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.ipa.host --debug
>> Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
> ...
>> Calling check <ipahealthcheck.ipa.host.IPAHostKeytab object at
>> 0x7facb6a2ac50>
>> Initializing principal host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
>> using keytab /etc/krb5.keytab
>> using ccache /tmp/tmp_1g2c73d/ccache
>> [{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
>> "severity": 2, "uuid":
"964f55b3-a12f-4282-b776-912892f8001a", "when":
>> "20190614195109Z", "duration": "0.010907",
"kw": {"msg": "Failed to
>> obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
>> [root@ipaserver ~]#
> Ok I'd check /var/log/krb5kdc.log on the master to see what the failure is.
>
> Also:
>
> # klist -kt /etc/krb5.keytab
here is the output:
[root@ipaserver ~]# klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> # kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
[root@ipaserver ~]# kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX: KVNO = 2
>
> The kvno should match between the two.
>
> You might also try manually: kinit -kt /etc/krb5.keytab
root@ipaserver ~]# kinit -kt /etc/krb5.keytab
kinit: Pre-authentication failed: Invalid argument bei Anfängliche
Anmeldedaten werden geholt.
What about the krb5 log? Can you check for SELinux AVCs just in case?
You can get more output on the client side with:
# KRB5_TRACE=/dev/stdout kinit -kt /etc/krb5.keytab
rob
12:38 p.m.
Rob Crittenden via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
Dirk Streubel via FreeIPA-users wrote:
> Hello Rob,
>
> Am 14.06.19 um 22:33 schrieb Rob Crittenden:
>> Dirk Streubel wrote:
>>> Hello Rob,
>>>
>>> second try ;)
>>>
>>> [root@ipaserver ~]# ipa-healthcheck --source ipahealthcheck.ipa.host --debug
>>> Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>> ...
>>> Calling check <ipahealthcheck.ipa.host.IPAHostKeytab object at
>>> 0x7facb6a2ac50>
>>> Initializing principal host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
>>> using keytab /etc/krb5.keytab
>>> using ccache /tmp/tmp_1g2c73d/ccache
>>> [{"source": "ipahealthcheck.ipa.host", "check":
"IPAHostKeytab",
>>> "severity": 2, "uuid":
"964f55b3-a12f-4282-b776-912892f8001a", "when":
>>> "20190614195109Z", "duration": "0.010907",
"kw": {"msg": "Failed to
>>> obtain host TGT: Major (851968): Unspecified GSS failure. Minor code
>>> [root@ipaserver ~]#
>> Ok I'd check /var/log/krb5kdc.log on the master to see what the failure is.
>>
>> Also:
>>
>> # klist -kt /etc/krb5.keytab
>
> here is the output:
>
> [root@ipaserver ~]# klist -kt /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> 2 30.05.2019 18:40:19 host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
>
>> # kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
>
> [root@ipaserver ~]# kvno host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX
> host/ipaserver.linux.fritz.box(a)LINUX.FRITZ.BOX: KVNO = 2
>
>>
>> The kvno should match between the two.
>>
>> You might also try manually: kinit -kt /etc/krb5.keytab
>
> root@ipaserver ~]# kinit -kt /etc/krb5.keytab
> kinit: Pre-authentication failed: Invalid argument bei Anfängliche
> Anmeldedaten werden geholt.
What about the krb5 log? Can you check for SELinux AVCs just in case?
You can get more output on the client side with:
# KRB5_TRACE=/dev/stdout kinit -kt /etc/krb5.keytab
(And while I'm really excited to see the German localization getting
used this soon after merging, it would be helpful to me if you could set
LC_ALL=C as well.)
Thanks,
--Robbie
2:07 a.m.
On 14-06-19 16:29, Rob Crittenden via FreeIPA-users wrote:
I'd like to introduce a new tool for an IPA adminstrators tool
kit we're
working on, currently in a beta state and shipping in Fedora 29+.
ipa-healthcheck is proactive tool for identifying current, potential and
future issues within an IPA installation.
[...]
I'd appreciate any feedback on whether it:
- is helpful
Yes! :-)
- works
I don't know yet. I'm on Centos with IPA 4.6
--
Kees
1775
days inactive
1778
days old
freeipa-users@lists.fedorahosted.org
12 comments
5 participants
participants (5)
-
Dirk Streubel -
John Keates -
Kees Bakker -
Rob Crittenden -
Robbie Harwood