[Freeipa-users] Problem adding a RHEL 8.1 client

Thu, 09 Jan 2020 07:08:45 -0800 

Hello,

I'm trying to add a RHEL 8.1 client with the following spec:
OS: RHEL 8.1 (Ootpa)
IPA: ipa-client-4.8.0-10
SSSD: sssd-2.2.0-19.el8.x86_64

My IDM server has:
OS: RHEL 7.7 (Maipo)
IPA: ipa-server-4.6.5-11.el7_7.3
SSSD: sssd-1.16.4-21.el7_7.1

When I try to add the client using "ipa-client-install" I get the error:
This program will set up IPA client.
Version 4.8.0

Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: client01.svc.domain.org
Realm: IPA.DOMAIN.ORG
DNS Domain: ipa.domain.org
IPA Server: icidmpdc1.ipa.domain.org
BaseDN: dc=ipa,dc=domain,dc=org

Continue to configure the system with these values? [no]: yes
Synchronizing time
Configuration of chrony was changed by installer.
Attempting to sync time with chronyc.
Time synchronization was successful.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=IPA.DOMAIN.ORG
    Issuer:      CN=Certificate Authority,O=IPA.DOMAIN.ORG
    Valid From:  2016-03-04 15:13:38
    Valid Until: 2036-03-04 15:13:38

Joining realm failed: Unable to initialize STARTTLS session
Failed to bind to server!
Retrying with pre-4.0 keytab retrieval method...
Unable to initialize STARTTLS session
Failed to bind to server!
Failed to get keytab
child exited with 9

Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
Restoring client configuration files
nslcd daemon is not installed, skip configuration
Client uninstall complete.
The ipa-client-install command failed. See /var/log/ipaclient-install.log for 
more information

The entire debug log is attached. It fails doing the "join". It doesn't 
happened when I add a client with RHEL 7.X, also I think it was also working 
with RHEL 8.0.
Can anyone please, let me know why it is not working?

Thanks & Regards.

Attachment: ipa-client-install.log
Description: ipa-client-install.log

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to