Half the time ipa-client-install will fail at getting the TGT. Google showed posts like, Bug 845691 – ipa-client-install Failed to obtain host TGT. I reduced _kerberos-master._tcp' '_kerberos-master._udp' '_kerberos._tcp' '_kerberos._udp' to one server entry only. But it didn't help to reduce the failure rate. Thanks for your help.
cleintipa-client-3.0.0-47.el6_7.2.x86_64 serveripa-server-3.0.0-47.el6_7.1.x86_64 ipa-client-install --hostname=client1.example.com --server=ipa-server.example.com --domain=example.com -N --mkhomedir --unattended -p [email protected] -w 'password1' --ca-cert-file=/etc/ipa/ca.crt -d......Enrolled in IPA realm EXAMPLE.COMargs=kdestroystdout=stderr=args=/usr/bin/kinit -k -t /etc/krb5.keytab host/[email protected]=stderr=kinit: Generic preauthentication failure while getting initial credentials args=/usr/bin/kinit -k -t /etc/krb5.keytab host/[email protected]=stderr=kinit: Generic preauthentication failure while getting initial credentials args=/usr/bin/kinit -k -t /etc/krb5.keytab host/[email protected]=stderr=kinit: Generic preauthentication failure while getting initial credentials args=/usr/bin/kinit -k -t /etc/krb5.keytab host/[email protected]=stderr=kinit: Generic preauthentication failure while getting initial credentials args=/usr/bin/kinit -k -t /etc/krb5.keytab host/[email protected]=stderr=kinit: Generic preauthentication failure while getting initial credentials Failed to obtain host TGT.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
