Re: [Freeipa-users] Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library

Tue, 03 Jan 2017 13:08:21 -0800 

Log is attached.

Attachment: ipaclient-install.log
Description: Binary data


> On Jan 3, 2017, at 12:16 AM, Martin Babinsky <[email protected]> wrote:
> 
> On 01/02/2017 11:22 PM, Alan Latteri wrote:
>> I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded 
>> freeipa to 4.4.  On some clients they failed to re-authenticate post 
>> upgrade.  I then did an
>> ipa-client-install —uninstall , and then tried re-joining to IPA server with
>> ipa-client-install --mkhomedir --force-ntpd --force-join.
>> 
>> Now I am getting the below error, and I have no idea how to recover.  
>> Firewall is disabled.
>> 
>> Thanks,
>> Alan
>> 
>> User authorized to enroll computers: admin
>> Password for [email protected]:
>> Please make sure the following ports are opened in the firewall settings:
>>     TCP: 80, 88, 389
>>     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
>> Also note that following ports are necessary for ipa-client working properly 
>> after enrollment:
>>     TCP: 464
>>     UDP: 464, 123 (if NTP enabled)
>> Kerberos authentication failed: kinit: Included profile directory could not 
>> be read while initializing Kerberos 5 library
>> 
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>> 
>> 
>> [root@troll ~]# systemctl status firewalld
>> ● firewalld.service - firewalld - dynamic firewall daemon
>>   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; 
>> vendor preset: enabled)
>>   Active: inactive (dead)
>> 
>> Installed Packages
>> ipa-client.x86_64                                                
>> 4.4.0-14.el7.centos                                         @updates
>> ipa-client-common.noarch                                         
>> 4.4.0-14.el7.centos                                         @updates
>> ipa-common.noarch                                                
>> 4.4.0-14.el7.centos                                         @updates
>> 
> 
> Hi Alan,
> 
> it would be nice if you could post the client install log 
> (/var/log/ipaclient-install.log). It is hard to tell what happens without 
> seeing it.
> 
> -- 
> Martin^3 Babinsky
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to