Hi Rob Thanks for your response.
The PPA is hosting Control Panel of the company Odin(https://www.plesk.com/?_ga=1.159107642.1001081217.1436214087) Several packages were installed by this software. Because they use their own repositories. Regards Jose Alvarez -----Original Message----- From: Rob Crittenden [mailto:[email protected]] Sent: lunes 2 de mayo de 2016 01:15 p.m. To: Jose Alvarez R. <[email protected]> Cc: [email protected] Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 Jose Alvarez R. wrote: > *Hi, Rob* > > ** > > *I did what you indicated to me, but still gives the same problem.* > > ** > > *Can you help me ?* The problem is client side, not server side, so you need to install the updated bits on the client. I don't know what the reference to PPA is. If that doesn't fix things then it's hard to say. There are only a couple of moving parts and you just ruled out the server since another client can enroll ok. The non-working log shows the server sending WWW-Authenticate: Negotiate and the client just gives up. In the working version the client correctly responds with an Authorization header and things proceed so I think the problem is in either libcurl or xmlrpc-c. rob > > ** > > *Thanks, Regards* > > ** > > *Jose Alvarez* > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jose Alvarez R. > Sent: viernes 29 de abril de 2016 02:53 p.m. > To: 'Rob Crittenden' <[email protected]> > Cc: [email protected] > Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 > > Hi, Rob > > Thanks for your response > > The link https://bugzilla.redhat.com/show_bug.cgi?id=719945I not have > > access.. > > I tried to install xmlrpc-c-1.16.24-1210.1840.el6.src.rpm in the server > > PPA(Client IPA), but still shows the same error. > > A moment ago I added another client server with same version xmlrpc and > > installed correctly. > > Thanks Regards. > > [root@bk1 ~]# ipa-client-install --debug > > /usr/sbin/ipa-client-install was invoked with options: {'domain': None, > > 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, > > 'primary': False, 'mkhomedir'on_master': False, 'ntp_server': None, > > 'nisdomain': None, 'no_nisdomain': False, 'principal': None, 'hostname': > > None, 'no_ac': False, 'unattended': None, 'sssd': True,nf_sudo': True, > > 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'server': None, > > 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': > > missing options might be asked for interactively later > > Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' > > Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' > > [IPA Discovery] > > Starting IPA discovery with domain=None, servers=None, > > hostname=bk1.cyberfuel.com > > Start searching for LDAP SRV record in "cyberfuel.com" (domain of the > > hostname) and its sub-domains > > Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > DNS record found: > > DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0, > > port:389,weight:50,server:freeipa.cyberfuel.com.} > > [Kerberos realm search] > > Search DNS for TXT record of _kerberos.cyberfuel.com. > > DNS record found: > > DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data:CYBERFU > > EL.COM} > > Search DNS for SRV record of _kerberos._udp.cyberfuel.com. > > DNS record found: > > DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={priorit > > y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} > > [LDAP server check] > > Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA server > > Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 > > Search LDAP server for IPA base DN > > Check if naming context 'dc=cyberfuel,dc=com' is for IPA > > Naming context 'dc=cyberfuel,dc=com' is a valid IPA context > > Search for (objectClass=krbRealmContainer) in dc=cyberfuel,dc=com (sub) > > Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com > > Discovery result: Success; server=freeipa.cyberfuel.com, > > domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, basedn=dc=cyberfuel,dc=com > > Validated servers: freeipa.cyberfuel.com > > will use discovered domain: cyberfuel.com > > Start searching for LDAP SRV record in "cyberfuel.com" (Validating DNS > > Discovery) and its sub-domains > > Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > DNS record found: > > DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={priority:0, > > port:389,weight:50,server:freeipa.cyberfuel.com.} > > DNS validated, enabling discovery > > will use discovered server: freeipa.cyberfuel.com > > Discovery was successful! > > will use discovered realm: CYBERFUEL.COM > > will use discovered basedn: dc=cyberfuel,dc=com > > Hostname: bk1.cyberfuel.com > > Hostname source: Machine's FQDN > > Realm: CYBERFUEL.COM > > Realm source: Discovered from LDAP DNS records in freeipa.cyberfuel.com > > DNS Domain: cyberfuel.com > > DNS Domain source: Discovered LDAP SRV records from cyberfuel.com (domain of > > the hostname) > > IPA Server: freeipa.cyberfuel.com > > IPA Server source: Discovered from LDAP DNS records in freeipa.cyberfuel.com > > BaseDN: dc=cyberfuel,dc=com > > BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 > > Continue to configure the system with these values? [no]: yes > > args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM > > stdout= > > stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory > > User authorized to enroll computers: admin > > will use principal provided as option: admin > > Synchronizing time with KDC... > > Search DNS for SRV record of _ntp._udp.cyberfuel.com. > > No DNS record found > > args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com > > stdout= > > stderr= > > args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com > > stdout= > > stderr= > > args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com > > stdout= > > stderr= > > Unable to sync time with IPA NTP server, assuming the time is in sync. > > Please check that 123 UDP port is opened. > > Writing Kerberos configuration to /tmp/tmp5msIum: > > #File modified by ipa-client-install > > includedir /var/lib/sss/pubconf/krb5.include.d/ > > [libdefaults] > > default_realm = CYBERFUEL.COM > > dns_lookup_realm = false > > dns_lookup_kdc = false > > rdns = false > > ticket_lifetime = 24h > > forwardable = yes > > udp_preference_limit = 0 > > [realms] > > CYBERFUEL.COM = { > > kdc = freeipa.cyberfuel.com:88 > > master_kdc = freeipa.cyberfuel.com:88 > > admin_server = freeipa.cyberfuel.com:749 > > default_domain = cyberfuel.com > > pkinit_anchors = FILE:/etc/ipa/ca.crt > > } > > [domain_realm] > > .cyberfuel.com = CYBERFUEL.COM > > cyberfuel.com = CYBERFUEL.COM > > Password for [email protected] <mailto:[email protected]>: > > args=kinit [email protected] <mailto:[email protected]> > > stdout=Password for [email protected] <mailto:[email protected]>: > > stderr= > > trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com > > Successfully retrieved CA cert > > Subject: CN=Certificate Authority,O=CYBERFUEL.COM > > Issuer: CN=Certificate Authority,O=CYBERFUEL.COM > > Valid From: Wed Sep 30 17:46:50 2015 UTC > > Valid Until: Sun Sep 30 17:46:50 2035 UTC > > args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b dc=cyberfuel,dc=com -d > > stdout= > > stderr=XML-RPC CALL: > > <?xml version="1.0" encoding="UTF-8"?>\r\n > > <methodCall>\r\n > > <methodName>join</methodName>\r\n > > <params>\r\n > > <param><value><array><data>\r\n > > <value><string>bk1.cyberfuel.com</string></value>\r\n > > </data></array></value></param>\r\n > > <param><value><struct>\r\n > > <member><name>nsosversion</name>\r\n > > <value><string>2.6.32-573.12.1.el6.x86_64</string></value></member>\r\n > > <member><name>nshardwareplatform</name>\r\n > > <value><string>x86_64</string></value></member>\r\n > > </struct></value></param>\r\n > > </params>\r\n > > </methodCall>\r\n > > * About to connect() to freeipa.cyberfuel.com port 443 (#0) > > * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com > > (192.168.20.90) port 443 (#0) > > * Initializing NSS with certpath: sql:/etc/pki/nssdb > > * CAfile: /etc/ipa/ca.crt > > CApath: none > > * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA > > * Server certificate: > > * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM > > * start date: Sep 30 17:52:11 2015 GMT > > * expire date: Sep 30 17:52:11 2017 GMT > > * common name: freeipa.cyberfuel.com > > * issuer: CN=Certificate Authority,O=CYBERFUEL.COM > > > POST /ipa/xml HTTP/1.1 > > Host: freeipa.cyberfuel.com > > Accept: */* > > Content-Type: text/xml > > User-Agent: ipa-join/3.0.0 > > Referer: https://freeipa.cyberfuel.com/ipa/xml > > X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 > > Content-Length: 478 > > < HTTP/1.1 401 Authorization Required > > < Date: Fri, 29 Apr 2016 20:42:25 GMT > > < Server: Apache/2.2.15 (CentOS) > > < WWW-Authenticate: Negotiate > > < Last-Modified: Tue, 12 Apr 2016 23:07:44 GMT > > < ETag: "a0528-55a-53051ba8f7000" > > < Accept-Ranges: bytes > > < Content-Length: 1370 > > < Connection: close > > < Content-Type: text/html; charset=UTF-8 > > < > > * Closing connection #0 > > * Issue another request to this URL: > > 'https://freeipa.cyberfuel.com:443/ipa/xml' > > * About to connect() to freeipa.cyberfuel.com port 443 (#0) > > * Trying 192.168.20.90... * Connected to freeipa.cyberfuel.com > > (192.168.20.90) port 443 (#0) > > * CAfile: /etc/ipa/ca.crt > > CApath: none > > * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA > > * Server certificate: > > * subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM > > * start date: Sep 30 17:52:11 2015 GMT > > * expire date: Sep 30 17:52:11 2017 GMT > > * common name: freeipa.cyberfuel.com > > * issuer: CN=Certificate Authority,O=CYBERFUEL.COM > > * Server auth using GSS-Negotiate with user '' > > > POST /ipa/xml HTTP/1.1 > > Authorization: Negotiate > > YIIFFAYJKoZIhvcSAQICAQBuggUDMIIE/6ADAgEFoQMCAQ6iBwMFAAAAAACjggFiYYIBXjCCAVqg > > AwIBBaEPGw1DWUJFUkZVRUwuQ09NoigwJqADAgEDoR8wHRsESFRUUBsVZnJlZWlwYS5MIZbbMHqa > > QcuYz6zysTVwY+I/uvLznfkDrkClgtyvEIsnBopXcWBenFEbqcmRIBa7bkXiIxc1tYEzNh1rME/4 > > ZUh0PjUjX+QQO9NDpYrAIxFLoP6b6J87wFt2Wi+Rx2LPGlcPrIwKPNwyaOqw/QQ8r11FLI5RVzpH > > eUL3uokQgZF6+GBoFo61lHY/W36Cb3JgxdG8Ge3TWWYgjEQKWlY48N6YNSPF2a2iKpgSuy/1Qe5E > > HTfpyiJWnZJnlEIHllpIIDgjCCA36gAwIBEqKCA3UEggNx1WXEz0IRl4aJlkL5Eq0bxky36jm7zI > > q3oiCcgWzqH9ma866TuD4ew++XcXmKZxszk6zf+c8tYhdRezxK74jF9XkpnRxTiBxOao7oPabJau > > yM0k637IWWzTb1m+cC46PRaysFc7x3z5CGBWNyu0DpGyw240za4cepY1J+Q+mm7bq51zCDyMU1CY > > 7+of3Z4Z7s6P5/x/pn8DJBegXVIYq2Wb3sQbMUJCSbCG37Xb8j2nzhAaup1l4xTINQxSSLZRIS7M > > H2YCE+z66P0607z7xBh7bwed97hHC2o3T0hDNnJOP7SRBUXquXCW9RbLUdOmYfcLcH8ygUWemm3A > > MqL+mDYN3jpe25O/7Z/wFxYiUIw/6CtHGjJ1nrDy47Y1sbsjU1XT/sJ8JqxRFwCm9ALpQP+rYZ0k > > v8/9OAaclw4vobu4Zmb3rVFBOzKpgRaUSvg4vSuRi/SPCzcH2PwBBSHpZuXWazWvZpnpTXYBl3nw > > lelW8gE1PWWeAhxbCDP/u5D6vAJ7q1287bL+UdpnCki0Ye0c1+LCsqzhscPDtWOMHAqzs5pwyyfC > > Qpg13GX93fHWJPRkrJbGTkGAknZkQFPtjks1C3JCRqhiz62KVLo6g5uRljHr8NNzvTBr2iRl9aK6 > > cDAEMaW5X26ko0XtO7urcbw/w6smuJLyYjroJH5Pe41bPMaUCls3RTvhxrlMzXSXgywPr3zDFpIg > > CirdIfqowkF5Utq6Uub2d9wdhXXYuH3PCj3KBzsAAHFv2iI+Xg3a7+7LlWUFnTLVEzEhsKVO3lO7 > > jFb8kKwop5o7yTyXsQmW4g0rdCam07GuRObob6yQ= > > Host: freeipa.cyberfuel.com > > Accept: */* > > Content-Type: text/xml > > User-Agent: ipa-join/3.0.0 > > Referer: https://freeipa.cyberfuel.com/ipa/xml > > X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 > > Content-Length: 478 > > < HTTP/1.1 200 Success > > < Date: Fri, 29 Apr 2016 20:42:25 GMT > > < Server: Apache/2.2.15 (CentOS) > > * Added cookie ipa_session="4aeb2b4e2cfacb0691a94b71e2d0a0c9" for domain > > freeipa.cyberfuel.com, path /ipa, expire 1461963745 > > < Set-Cookie: ipa_session=4aeb2b4e2cfacb0691a94b71e2d0a0c9; > > Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:25 > > GMT; Secure; HttpOnly > > < Connection: close > > < Transfer-Encoding: chunked > > < Content-Type: text/xml; charset=utf-8 > > < > > * Expire cleared > > * Closing connection #0 > > XML-RPC RESPONSE: > > <?xml version='1.0' encoding='UTF-8'?>\n > > <methodResponse>\n > > <params>\n > > <param>\n > > <value><array><data>\n > > <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel, > > dc=com</string></value>\n > > <value><struct>\n > > <member>\n > > <name>dn</name>\n > > <value><string>fqdn=bk1.cyberfuel.com,cn=computers,cn=accounts,dc=cyberfuel, > > dc=com</string></value>\n > > </member>\n > > <member>\n > > <name>ipacertificatesubjectbase</name>\n > > <value><array><data>\n > > <value><string>O=CYBERFUEL.COM</string></value>\n > > </data></array></value>\n > > </member>\n > > <member>\n > > <name>has_keytab</name>\n > > <value><boolean>0</boolean></value>\n > > </member>\n > > <member>\n > > <name>objectclass</name>\n > > <value><array><data>\n > > <value><string>ipaobject</string></value>\n > > <value><string>nshost</string></value>\n > > <value><string>ipahost</string></value>\n > > <value><string>pkiuser</string></value>\n > > <value><string>ipaservice</string></value>\n > > <value><string>krbprincipalaux</string></value>\n > > <value><string>krbprincipal</string></value>\n > > <value><string>ieee802device</string></value>\n > > <value><string>ipasshhost</string></value>\n > > <value><string>top</string></value>\n > > <value><string>ipaSshGroupOfPubKeys</string></value>\n > > </data></array></value>\n > > </member>\n > > <member>\n > > <name>fqdn</name>\n > > <value><array><data>\n > > <value><string>bk1.cyberfuel.com</string></value>\n > > </data></array></value>\n > > </member>\n > > <member>\n > > <name>has_password</name>\n > > <value><boolean>0</boolean></value>\n > > </member>\n > > <member>\n > > <name>ipauniqueid</name>\n > > <value><array><data>\n > > <value><string>e1a08eb8-0e4a-11e6-8c5b-005056b027f1</string></value>\n > > </data></array></value>\n > > </member>\n > > <member>\n > > <name>krbprincipalname</name>\n > > <value><array><data>\n > > <value><string>host/[email protected]</string></value>\n > <mailto:host/[email protected]%3c/string%3e%3c/value%3e\n> > > </data></array></value>\n > > </member>\n > > <member>\n > > <name>managedby_host</name>\n > > <value><array><data>\n > > <value><string>bk1.cyberfuel.com</string></value>\n > > </data></array></value>\n > > </member>\n > > </struct></value>\n > > </data></array></value>\n > > </param>\n > > </params>\n > > </methodResponse>\n > > Keytab successfully retrieved and stored in: /etc/krb5.keytab > > Certificate subject base is: O=CYBERFUEL.COM > > Enrolled in IPA realm CYBERFUEL.COM > > args=kdestroy > > stdout= > > stderr= > > Attempting to get host TGT... > > args=/usr/bin/kinit -k -t /etc/krb5.keytab > > host/[email protected] > <mailto:host/[email protected]> > > stdout= > > stderr= > > Attempt 1/5 succeeded. > > Backing up system configuration file '/etc/ipa/default.conf' > > -> Not backing up - '/etc/ipa/default.conf' doesn't exist > > Created /etc/ipa/default.conf > > importing all plugin modules in > > '/usr/lib/python2.6/site-packages/ipalib/plugins'... > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' > > args=klist -V > > stdout=Kerberos 5 version 1.10.3 > > stderr= > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' > > importing plugin module > > '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' > > Backing up system configuration file '/etc/sssd/sssd.conf' > > -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist > > New SSSD config will be created > > Backing up system configuration file '/etc/nsswitch.conf' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > Configured sudoers in /etc/nsswitch.conf > > Configured /etc/sssd/sssd.conf > > args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i > > /etc/ipa/ca.crt > > stdout= > > stderr= > > Backing up system configuration file '/etc/krb5.conf' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > Writing Kerberos configuration to /etc/krb5.conf: > > #File modified by ipa-client-install > > includedir /var/lib/sss/pubconf/krb5.include.d/ > > [libdefaults] > > default_realm = CYBERFUEL.COM > > dns_lookup_realm = true > > dns_lookup_kdc = true > > rdns = false > > ticket_lifetime = 24h > > forwardable = yes > > udp_preference_limit = 0 > > [realms] > > CYBERFUEL.COM = { > > pkinit_anchors = FILE:/etc/ipa/ca.crt > > } > > [domain_realm] > > .cyberfuel.com = CYBERFUEL.COM > > cyberfuel.com = CYBERFUEL.COM > > Configured /etc/krb5.conf for IPA realm CYBERFUEL.COM > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout= > > stderr=keyctl_search: Required key not available > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout= > > stderr=keyctl_search: Required key not available > > failed to find session_cookie in persistent storage for principal > > 'host/[email protected]' > > trying https://freeipa.cyberfuel.com/ipa/xml > > Created connection context.xmlclient > > raw: env(None, server=True) > > env(None, server=True, all=True) > > Forwarding 'env' to server u'https://freeipa.cyberfuel.com/ipa/xml' > > NSSConnection init freeipa.cyberfuel.com > > Connecting: 192.168.20.90:0 > > auth_certificate_callback: check_sig=True is_server=False > > Data: > > Version: 3 (0x2) > > Serial Number: 10 (0xa) > > Signature Algorithm: > > Algorithm: PKCS #1 SHA-256 With RSA Encryption > > Issuer: CN=Certificate Authority,O=CYBERFUEL.COM > > Validity: > > Not Before: Wed Sep 30 17:52:11 2015 UTC > > Not After: Sat Sep 30 17:52:11 2017 UTC > > Subject: CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM > > Subject Public Key Info: > > Public Key Algorithm: > > Algorithm: PKCS #1 RSA Encryption > > RSA Public Key: > > Modulus: > > ad:e7:d2:7f:c3:e1:91:0a:03:6d:5c:ba:54:14:3e:00: > > 0e:f9:e7:61:85:3c:4f:1b:8f:a8:fb:e4:b4:92:a3:7c: > > 7d:bb:06:b4:b8:43:8a:20:86:17:71:a2:a3:6a:a1:51: > > e5:89:44:0f:a1:43:67:3b:46:76:b0:81:9e:10:43:56: > > 86:9f:27:46:e1:5e:b3:d6:8c:17:73:e3:17:7d:e7:eb: > > a4:78:9c:7a:e8:6f:00:f8:36:d9:71:88:e1:90:bf:98: > > fa:40:0f:88:f4:2e:d8:a2:b3:a5:0c:5a:81:8b:2e:cf: > > 22:f9:cb:6d:bf:85:7c:c9:7f:17:de:5d:d4:1a:2b:09: > > 5b:1b:99:11:22:3f:1e:49:5f:26:1a:25:2f:a4:50:2a: > > 8b:f2:3c:12:db:45:3f:f4:06:64:a2:30:5f:f4:a1:c9: > > 2c:8c:60:b5:c6:aa:25:2e:1e:31:c2:ad:2c:63:b0:a4: > > bb:2c:fc:f8:b6:f9:13:eb:09:bc:b0:c1:4c:06:06:09: > > 2f:f9:08:ba:7d:a4:0a:57:d1:8e:86:87:cb:f9:3a:58: > > 60:f9:34:e1:5b:34:d1:2f:8e:54:87:2a:74:9c:e2:d6: > > 83:4f:78:6b:59:1e:95:ec:67:6e:86:25:ad:f0:d3:6c: > > 96:9c:db:c3:e5:3f:e5:bc:f4:ff:55:55:18:a8:3e:5d > > Exponent: > > 65537 (0x10001) > > Signed Extensions: (5 total) > > Name: Certificate Authority Key Identifier > > Critical: False > > Key ID: > > 31:4f:83:e1:70:d7:ea:96:e5:1b:b1:c2:2c:d8:8a:a8: > > d1:87:fa:ff > > Serial Number: None > > General Names: [0 total] > > Name: Authority Information Access > > Critical: False > > Authority Information Access: [1 total] > > Info [1]: > > Method: PKIX Online Certificate Status Protocol > > Location: URI: http://freeipa.cyberfuel.com:80/ca/ocsp > > Name: Certificate Key Usage > > Critical: True > > Usages: > > Digital Signature > > Non-Repudiation > > Key Encipherment > > Data Encipherment > > Name: Extended Key Usage > > Critical: False > > Usages: > > TLS Web Server Authentication Certificate > > TLS Web Client Authentication Certificate > > Name: Certificate Subject Key ID > > Critical: False > > Data: > > 73:ed:ac:87:d3:0e:04:84:66:5c:1a:e1:10:8d:f8:e1: > > 89:b9:1e:70 > > Signature: > > Signature Algorithm: > > Algorithm: PKCS #1 SHA-256 With RSA Encryption > > Signature: > > 40:da:c2:6b:20:08:7c:4a:05:1a:e2:cc:49:7f:25:6c: > > 48:3a:73:3c:b6:ab:35:6c:1a:d9:78:15:60:48:0b:0e: > > c1:3c:bf:76:90:35:bf:67:b5:9d:88:1c:98:ce:3b:8a: > > f6:86:c7:f9:1e:7b:3c:cd:98:00:99:23:a4:06:4f:ed: > > 0f:ee:44:65:9d:db:b6:9d:cc:cf:cb:83:f8:7c:23:93: > > 2a:0b:40:bb:5b:31:c5:9e:ed:74:eb:c0:c9:cc:30:1e: > > 78:19:69:64:60:24:58:f5:a7:6f:3b:bb:f6:7c:72:5c: > > 1c:50:33:0f:df:49:b7:0a:cb:ac:3f:7b:4f:e7:42:e9: > > 3b:19:e0:15:a3:fe:e3:43:aa:23:69:d0:28:7a:64:b7: > > 19:e3:8a:a9:bc:48:3a:de:f7:c0:67:8b:02:e9:af:74: > > 49:33:5e:2f:21:0b:4c:f3:3d:63:ea:1e:2e:4d:e9:ed: > > af:ef:61:35:ad:86:2b:93:ab:b6:7d:45:ed:b1:9b:12: > > 57:fc:55:ef:42:46:01:63:b1:b9:84:e9:f4:46:fb:39: > > fa:1e:55:2e:20:32:c1:45:ad:ac:54:c9:e6:4e:ca:f1: > > fb:da:9a:b5:bc:8b:6c:43:86:4e:df:06:97:46:3e:9b: > > a2:a1:ff:41:6e:80:df:a7:bd:5d:96:2c:ba:e0:d2:56 > > Fingerprint (MD5): > > 09:ad:08:87:8b:64:04:0f:d2:6c:25:ac:b1:1e:e1:48 > > Fingerprint (SHA1): > > c9:a0:1f:6d:8e:f6:d9:9b:53:6e:6b:92:ea:7c:ae:79: > > ca:4d:09:98 > > approved_usage = SSL Server intended_usage = SSL Server > > cert valid True for "CN=freeipa.cyberfuel.com,O=CYBERFUEL.COM" > > handshake complete, peer = 192.168.20.90:443 > > Protocol: TLS1.2 > > Cipher: TLS_RSA_WITH_AES_256_CBC_SHA > > received Set-Cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd; > > Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30 > > GMT; Secure; HttpOnly' > > storing cookie 'ipa_session=356b209ee6e852ebb3124bbc6ca112cd; > > Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:30 > > GMT; Secure; HttpOnly' for prin > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout= > > stderr=keyctl_search: Required key not available > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout= > > stderr=keyctl_search: Required key not available > > args=keyctl padd user > > ipa_session_cookie:host/[email protected] @s > > stdout=640092261 > > stderr= > > Hostname (bk1.cyberfuel.com) not found in DNS > > Writing nsupdate commands to /etc/ipa/.dns_update.txt: > > zone cyberfuel.com. > > update delete bk1.cyberfuel.com. IN A > > send > > update add bk1.cyberfuel.com. 1200 IN A 192.168.20.13 > > send > > args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt > > stdout= > > stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. > > Minor code may provide more information, Minor = Server > > DNS/[email protected] > <mailto:DNS/[email protected]> no > > nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' > > returned non-zero exit status 1 > > Failed to update DNS records. > > args=/sbin/service messagebus start > > stdout=Starting system message bus: [ OK ] > > stderr= > > args=/sbin/service messagebus status > > stdout=messagebus (pid 41820) is running... > > stderr= > > args=/sbin/service certmonger restart > > stdout=Stopping certmonger: [FAILED] > > Starting certmonger: [ OK ] > > stderr= > > args=/sbin/service certmonger status > > stdout=certmonger (pid 41859) is running... > > stderr= > > args=/sbin/service certmonger restart > > stdout=Stopping certmonger: [ OK ] > > Starting certmonger: [ OK ] > > stderr= > > args=/sbin/service certmonger status > > stdout=certmonger (pid 41927) is running... > > stderr= > > args=/sbin/chkconfig certmonger on > > stdout= > > stderr= > > args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - > > bk1.cyberfuel.com -N CN=bk1.cyberfuel.com,O=CYBERFUEL.COM -K > > host/[email protected] > <mailto:host/[email protected]> > > stdout=New signing request "20160429204235" added. > > stderr= > > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > > Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub > > raw: host_mod(u'bk1.cyberfuel.com', ipasshpubkey=[u'ssh-rsa > > AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA > > xmV14vUYyyohaIWBBi87sXwqcNsWBUWAcg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId > > slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL > > ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1a1HEED7xczbIHF/YHF7u08WBbFe0Y40QA5gfa7 > > /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm > > M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BccDZfAAAAFShUVZUinN/bv > > 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb > > 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3CFIBt > > mZY3RF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv > > wfpc='], updatedns=False) > > host_mod(u'bk1.cyberfuel.com', random=False, ipasshpubkey=(u'ssh-rsa > > AAAAB3NzaC1yc2EAAAABIwAAAQEA071MP58tqZXKpba7ndVtIqtgZmGNxm/PJz/eqf7w9SNewATA > > xmV14vUYyyohaIWBBi87sXwlVqxX+L95cg2ezfKfKYqc3YPqaNq2poRL3+vhpNnHDBdfh2NzqdId > > slZEMt2H+v/0g3G52ycOoRCfhwbGasV+ZCxLGyCPnYTAb7gvpms+/JNf1FWjQpTHt+dZ8CtCcfvL > > ctY5pjdxT4kQTtK8kyyGwlXH/Oh4qisMsS57/1aAN359BmDxbIHF/YHF7u08WBbFe0Y40QA5gfa7 > > /hhu+JoblQBH55iKzR8l8RfZXt1Vcam2pr2nj/w0oYxyB+JkO0CuR/mWu93aLRkxFxtwEoUUiWMm > > M3mXs1gsTFKClFnTbOzwg8QyFlCj+An4GrzrsbAA/rfLvb+VmwOS/BcXJiFI6Ub3ShUVZUinN/bv > > 4/xv1ejRLk62VxtHxw1z+w/JLc0WbTtIj4cB4nE03et3id5ZT6yDz5XKduyhAeCYPGXepmWXqSxb > > 2N/Ia5OZbEfwNcEivzWdeRzxnk+W8OErBuOkRcCYmT1aIFGmIAAACANrKXEgH6qjJZdpFM3mdAXb > > 7imVRF1adYeI7i8daJxkwxPv55idHkphc4aDX4lUPzvcw+r5jtE+rm4huv03qlTKy+/0HlTyIRJv > > wfpc='), rights=False, updatedns=False, all=False, raw=False, > > no_members=False) > > Forwarding 'host_mod' to server u'https://freeipa.cyberfuel.com/ipa/xml' > > NSSConnection init freeipa.cyberfuel.com > > Connecting: 192.168.20.90:0 > > handshake complete, peer = 192.168.20.90:443 > > Protocol: TLS1.2 > > Cipher: TLS_RSA_WITH_AES_256_CBC_SHA > > received Set-Cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0; > > Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35 > > GMT; Secure; HttpOnly' > > storing cookie 'ipa_session=efae42241c1d4ecc0c222d477f64e3a0; > > Domain=freeipa.cyberfuel.com; Path=/ipa; Expires=Fri, 29 Apr 2016 21:02:35 > > GMT; Secure; HttpOnly' for prin > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout=640092261 > > stderr= > > args=keyctl search @s user > > ipa_session_cookie:host/[email protected] > > stdout=640092261 > > stderr= > > args=keyctl pupdate 640092261 > > stdout= > > stderr= > > Writing nsupdate commands to /etc/ipa/.dns_update.txt: > > zone cyberfuel.com. > > update delete bk1.cyberfuel.com. IN SSHFP > > send > > update add bk1.cyberfuel.com. 1200 IN SSHFP 1 1 > > B40F0F3FF14223B021F206C3E3276AC48F6EEAF0 > > update add bk1.cyberfuel.com. 1200 IN SSHFP 2 1 > > 30D2331BC69452EFE65445B5C990773EA41A2FE8 > > send > > args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt > > stdout= > > stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. > > Minor code may provide more information, Minor = Server > > DNS/[email protected] > <mailto:DNS/[email protected]> no > > nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' > > returned non-zero exit status 1 > > Could not update DNS SSHFP records. > > args=/sbin/service nscd status > > stdout= > > stderr=nscd: unrecognized service > > Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' > > Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' > > args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd > > stdout= > > stderr= > > SSSD enabled > > Configuring cyberfuel.com as NIS domain > > args=/bin/nisdomainname > > stdout=(none) > > stderr= > > Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' > > args=/usr/sbin/authconfig --update --nisdomain cyberfuel.com > > stdout= > > stderr= > > args=/bin/nisdomainname cyberfuel.com > > stdout= > > stderr= > > args=/sbin/service sssd restart > > stdout=Stopping sssd: [FAILED] > > Starting sssd: [ OK ] > > stderr=cat: /var/run/sssd.pid: No such file or directory > > args=/sbin/service sssd status > > stdout=sssd (pid 42071) is running... > > stderr= > > args=/sbin/chkconfig sssd on > > stdout= > > stderr= > > Backing up system configuration file '/etc/openldap/ldap.conf' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > Configured /etc/openldap/ldap.conf > > args=getent passwd admin > > stdout=admin:*:1045400000:1045400000:Administrator:/home/admin:/bin/bash > > stderr= > > Backing up system configuration file '/etc/ntp/step-tickers' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > args=/usr/sbin/selinuxenabled > > stdout= > > stderr= > > args=/sbin/chkconfig ntpd > > stdout= > > stderr= > > Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' > > Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' > > Backing up system configuration file '/etc/ntp.conf' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > args=/usr/sbin/selinuxenabled > > stdout= > > stderr= > > Backing up system configuration file '/etc/sysconfig/ntpd' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > args=/usr/sbin/selinuxenabled > > stdout= > > stderr= > > args=/sbin/chkconfig ntpd on > > stdout= > > stderr= > > args=/sbin/service ntpd restart > > stdout=Shutting down ntpd: [ OK ] > > Starting ntpd: [ OK ] > > stderr= > > args=/sbin/service ntpd status > > stdout=ntpd (pid 42133) is running... > > stderr= > > NTP enabled > > Backing up system configuration file '/etc/ssh/ssh_config' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > Configured /etc/ssh/ssh_config > > Backing up system configuration file '/etc/ssh/sshd_config' > > Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' > > args=sshd -t -f /dev/null -o AuthorizedKeysCommand= > > stdout= > > stderr= > > Configured /etc/ssh/sshd_config > > args=/sbin/service sshd status > > stdout=openssh-daemon (pid 46497) is running... > > stderr= > > args=/sbin/service sshd restart > > stdout=Stopping sshd: [ OK ] > > Starting sshd: [ OK ] > > stderr= > > args=/sbin/service sshd status > > stdout=openssh-daemon (pid 42190) is running... > > stderr= > > Client configuration complete. > > -----Original Message----- > > From: Rob Crittenden [mailto:[email protected]] > > Sent: viernes 29 de abril de 2016 12:19 p.m. > > To: Jose Alvarez R. <[email protected] > <mailto:[email protected]>>; [email protected] > <mailto:[email protected]> > > Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 > > Jose Alvarez R. wrote: > > > Hi, Rob > > > > > > Thanks!! > > > > > > > > > The version the xmlrpc-c of my server IPA: > > > xmlrpc-c-1.16.24-1210.1840.el6.x86_64 > > > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64 > > > > > > > > > The version the xmlrpc-c of my client IPA > > > xmlrpc-c-client-1.16.24-1210.1840.el6.x86_64 > > > xmlrpc-c-1.16.24-1210.1840.el6.x86_64 > > > libiqxmlrpc-0.12.4-0.parallels.i686 > > > xmlrpc-c-c++-1.16.24-1210.1840.el6.x86_64 > > You need xmlrpc-c-1.16.24-1200.1840.2.el6 on the client which fixed > > https://bugzilla.redhat.com/show_bug.cgi?id=719945 > > The libcurl version on the client looks ok. > > This is only a client-side issue so no changes on the servers should be > > necessary IIRC. This appears to be EL 6.1 which at this point is quite old. > > rob > > > > > > The versions are the same, but the libcurl is different > > > > > > It's the version curl IPA server > > > [root@freeipa log]# rpm -qa | grep curl > > > python-pycurl-7.19.0-8.el6.x86_64 > > > curl-7.19.7-46.el6.x86_64 > > > libcurl-7.19.7-46.el6.x86_64 > > > [root@freeipa log]# > > > > > > > > > It's the version curl PPA server(IPA Client) [root@ppa named]# rpm -qa > > > | grep curl > > > curl-7.31.0-1.el6.x86_64 > > > python-pycurl-7.19.0-8.el6.x86_64 > > > libcurl-7.31.0-1.el6.x86_64 > > > libcurl-7.31.0-1.el6.i686 > > > > > > Sorry, my english is not very well > > > > > > > > > Regards. > > > > > > > > > > > > -----Original Message----- > >> From: Rob Crittenden [mailto:[email protected]] > > > Sent: viernes 29 de abril de 2016 11:14 a.m. > >> To: Jose Alvarez R. <[email protected] <mailto:[email protected]>>; > [email protected] <mailto:[email protected]> > > > Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 > > > > > > Jose Alvarez R. wrote: > > >> Hi Rob, Thanks for your response > > >> > > >> Yes, It's with admin. > > > > > > I assume this is a problem with your version of xmlrpc-c. We use > > > standard calls xmlrpc-c calls to setup authentication and IIRC that > > > links against libcurl which provides the Kerberos/GSSAPI support. On > > > EL6 you need xmlrpc-c > > >> = 1.16.24-1200.1840.2 > > > > > > I'm confused about the versions. You mention PPA but include what look > > > like RPM versions that seem to point to RHEL 6. > > > > > > rob > > > > > >> > > >> I execute the command "ipa-client-install --debug" > > >> --------------------------------------------------------------------- > > >> - > > >> --- > > >> > > >> > > >> [root@ppa named]# ipa-client-install --debug > > >> /usr/sbin/ipa-client-install was invoked with options: {'domain': > > >> None, > > >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, > > >> 'primary': False, 'mkhomedir > > >> ': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, > > >> 'on_master': False, 'ntp_server': None, 'nisdomain': None, > > 'no_nisdomain': > > >> False, 'principal': None > > >> , 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, > > >> 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False, > > >> 'conf_sudo': True, 'conf_ssh': Tr > > >> ue, 'force_join': False, 'ca_cert_file': None, 'server': None, > > >> 'prompt_password': False, 'permit': False, 'debug': True, > > 'preserve_sssd': > > >> False, 'uninstall': False} > > >> missing options might be asked for interactively later Loading Index > > >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index' > > >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' > > >> [IPA Discovery] > > >> Starting IPA discovery with domain=None, servers=None, > > >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in > > >> "cyberfuel.com" (domain of the > > >> hostname) and its sub-domains > > >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio > > >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} > > >> [Kerberos realm search] > > >> Search DNS for TXT record of _kerberos.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data: > > >> C > > >> YBERFU > > >> EL.COM} > > >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={ > > >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} > > >> [LDAP server check] > > >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA > > >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 > > >> Search LDAP server for IPA base DN Check if naming context > > >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com' > > >> is a valid IPA context Search for (objectClass=krbRealmContainer) in > > >> dc=cyberfuel,dc=com (sub) > > >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com > > >> Discovery result: Success; server=freeipa.cyberfuel.com, > > >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, > > >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com > > >> will use discovered domain: cyberfuel.com Start searching for LDAP > > >> SRV record in "cyberfuel.com" (Validating DNS > > >> Discovery) and its sub-domains > > >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio > > >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} > > >> DNS validated, enabling discovery > > >> will use discovered server: freeipa.cyberfuel.com Discovery was > > >> successful! > > >> will use discovered realm: CYBERFUEL.COM will use discovered basedn: > > >> dc=cyberfuel,dc=com > > >> Hostname: ppa.cyberfuel.com > > >> Hostname source: Machine's FQDN > > >> Realm: CYBERFUEL.COM > > >> Realm source: Discovered from LDAP DNS records in > > >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source: > > >> Discovered LDAP SRV records from cyberfuel.com (domain of the > > >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source: > > >> Discovered from LDAP DNS records in freeipa.cyberfuel.com > > >> BaseDN: dc=cyberfuel,dc=com > > >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 > > >> > > >> Continue to configure the system with these values? [no]: no > > >> Installation failed. Rolling back changes. > > >> IPA client is not configured on this system. > > >> [root@ppa named]# > > >> [root@ppa named]# ipa-client-install --debug > > >> /usr/sbin/ipa-client-install was invoked with options: {'domain': > > >> None, > > >> 'force': False, 'realm_name': None, 'krb5_offline_passwords': True, > > >> 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': > > >> True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, > > > 'nisdomain': > > >> None, 'no_nisdomain': False, 'principal': None, 'hostname': None, > > 'no_ac': > > >> False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, > > >> 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, > 'conf_ssh': > > >> True, 'force_join': False, 'ca_cert_file': None, 'server': None, > > >> 'prompt_password': False, 'permit': False, 'debug': True, > > 'preserve_sssd': > > >> False, 'uninstall': False} > > >> missing options might be asked for interactively later Loading Index > > >> file from '/var/lib/ipa-client/sysrestore/sysrestore.index' > > >> Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' > > >> [IPA Discovery] > > >> Starting IPA discovery with domain=None, servers=None, > > >> hostname=ppa.cyberfuel.com Start searching for LDAP SRV record in > > >> "cyberfuel.com" (domain of the > > >> hostname) and its sub-domains > > >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio > > >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} > > >> [Kerberos realm search] > > >> Search DNS for TXT record of _kerberos.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_kerberos.cyberfuel.com.,type:16,class:1,rdata={data: > > >> C > > >> YBERFU > > >> EL.COM} > > >> Search DNS for SRV record of _kerberos._udp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_kerberos._udp.cyberfuel.com.,type:33,class:1,rdata={ > > >> p riorit y:0,port:88,weight:50,server:freeipa.cyberfuel.com.} > > >> [LDAP server check] > > >> Verifying that freeipa.cyberfuel.com (realm CYBERFUEL.COM) is an IPA > > >> server Init LDAP connection with: ldap://freeipa.cyberfuel.com:389 > > >> Search LDAP server for IPA base DN Check if naming context > > >> 'dc=cyberfuel,dc=com' is for IPA Naming context 'dc=cyberfuel,dc=com' > > >> is a valid IPA context Search for (objectClass=krbRealmContainer) in > > >> dc=cyberfuel,dc=com (sub) > > >> Found: cn=CYBERFUEL.COM,cn=kerberos,dc=cyberfuel,dc=com > > >> Discovery result: Success; server=freeipa.cyberfuel.com, > > >> domain=cyberfuel.com, kdc=freeipa.cyberfuel.com, > > >> basedn=dc=cyberfuel,dc=com Validated servers: freeipa.cyberfuel.com > > >> will use discovered domain: cyberfuel.com Start searching for LDAP > > >> SRV record in "cyberfuel.com" (Validating DNS > > >> Discovery) and its sub-domains > > >> Search DNS for SRV record of _ldap._tcp.cyberfuel.com. > > >> DNS record found: > > >> DNSResult::name:_ldap._tcp.cyberfuel.com.,type:33,class:1,rdata={prio > > >> r ity:0, port:389,weight:50,server:freeipa.cyberfuel.com.} > > >> DNS validated, enabling discovery > > >> will use discovered server: freeipa.cyberfuel.com Discovery was > > >> successful! > > >> will use discovered realm: CYBERFUEL.COM will use discovered basedn: > > >> dc=cyberfuel,dc=com > > >> Hostname: ppa.cyberfuel.com > > >> Hostname source: Machine's FQDN > > >> Realm: CYBERFUEL.COM > > >> Realm source: Discovered from LDAP DNS records in > > >> freeipa.cyberfuel.com DNS Domain: cyberfuel.com DNS Domain source: > > >> Discovered LDAP SRV records from cyberfuel.com (domain of the > > >> hostname) IPA Server: freeipa.cyberfuel.com IPA Server source: > > >> Discovered from LDAP DNS records in freeipa.cyberfuel.com > > >> BaseDN: dc=cyberfuel,dc=com > > >> BaseDN source: From IPA server ldap://freeipa.cyberfuel.com:389 > > >> > > >> Continue to configure the system with these values? [no]: yes > > >> args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r CYBERFUEL.COM > > >> stdout= stderr=Failed to open keytab '/etc/krb5.keytab': No such file > > >> or directory > > >> > > >> User authorized to enroll computers: admin will use principal > > >> provided as option: admin Synchronizing time with KDC... > > >> Search DNS for SRV record of _ntp._udp.cyberfuel.com. > > >> No DNS record found > > >> args=/usr/sbin/ntpdate -U ntp -s -b -v freeipa.cyberfuel.com stdout= > > >> stderr= Writing Kerberos configuration to /tmp/tmpqWSatK: > > >> #File modified by ipa-client-install > > >> > > >> includedir /var/lib/sss/pubconf/krb5.include.d/ > > >> > > >> [libdefaults] > > >> default_realm = CYBERFUEL.COM > > >> dns_lookup_realm = false > > >> dns_lookup_kdc = false > > >> rdns = false > > >> ticket_lifetime = 24h > > >> forwardable = yes > > >> udp_preference_limit = 0 > > >> > > >> > > >> [realms] > > >> CYBERFUEL.COM = { > > >> kdc = freeipa.cyberfuel.com:88 > > >> master_kdc = freeipa.cyberfuel.com:88 > > >> admin_server = freeipa.cyberfuel.com:749 > > >> default_domain = cyberfuel.com > > >> pkinit_anchors = FILE:/etc/ipa/ca.crt > > >> > > >> } > > >> > > >> > > >> [domain_realm] > > >> .cyberfuel.com = CYBERFUEL.COM > > >> cyberfuel.com = CYBERFUEL.COM > > >> > > >> > > >> > >>> Password [email protected] <mailto:[email protected]>: > >>> [email protected] <mailto:[email protected]> > >>> stdout=Password [email protected] <mailto:[email protected]>: > > >> > > >> stderr= > > >> trying to retrieve CA cert via LDAP from ldap://freeipa.cyberfuel.com > > >> Existing CA cert and Retrieved CA cert are identical > > >> args=/usr/sbin/ipa-join -s freeipa.cyberfuel.com -b > > >> dc=cyberfuel,dc=com -d stdout= stderr=XML-RPC CALL: > > >> > > >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n > > >> <methodName>join</methodName>\r\n <params>\r\n > > >> <param><value><array><data>\r\n > > >> <value><string>ppa.cyberfuel.com</string></value>\r\n > > >> </data></array></value></param>\r\n > > >> <param><value><struct>\r\n > > >> <member><name>nsosversion</name>\r\n > > >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\ > > >> n <member><name>nshardwareplatform</name>\r\n > > >> <value><string>x86_64</string></value></member>\r\n > > >> </struct></value></param>\r\n > > >> </params>\r\n > > >> </methodCall>\r\n > > >> > > >> * About to connect() to freeipa.cyberfuel.com port 443 (#0) > > >> * Trying 192.168.20.90... > > >> * Adding handle: conn: 0x10bb2f0 > > >> * Adding handle: send: 0 > > >> * Adding handle: recv: 0 > > >> * Curl_addHandleToPipeline: length: 1 > > >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0 > > >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) > > >> * successfully set certificate verify locations: > > >> * CAfile: /etc/ipa/ca.crt > > >> CApath: none > > >> * SSL connection using AES256-SHA > > >> * Server certificate: > > >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com > > >> * start date: 2015-09-30 17:52:11 GMT > > >> * expire date: 2017-09-30 17:52:11 GMT > > >> * common name: freeipa.cyberfuel.com (matched) > > >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority > > >> * SSL certificate verify ok. > > >>> POST /ipa/xml HTTP/1.1 > > >> Host: freeipa.cyberfuel.com > > >> Accept: */* > > >> Content-Type: text/xml > > >> User-Agent: ipa-join/3.0.0 > >>> Referer:https://freeipa.cyberfuel.com/ipa/xml > > >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 > > >> Content-Length: 477 > > >> > > >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401 > > >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT > > >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server: > > >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified: > > >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000" > > >> < Accept-Ranges: bytes > > >> < Content-Length: 1370 > > >> < Connection: close > > >> < Content-Type: text/html; charset=UTF-8 < > > >> * Closing connection 0 > > >> HTTP response code is 401, not 200 > > >> > > >> Joining realm failed: XML-RPC CALL: > > >> > > >> <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n > > >> <methodName>join</methodName>\r\n <params>\r\n > > >> <param><value><array><data>\r\n > > >> <value><string>ppa.cyberfuel.com</string></value>\r\n > > >> </data></array></value></param>\r\n > > >> <param><value><struct>\r\n > > >> <member><name>nsosversion</name>\r\n > > >> <value><string>2.6.32-573.8.1.el6.x86_64</string></value></member>\r\ > > >> n <member><name>nshardwareplatform</name>\r\n > > >> <value><string>x86_64</string></value></member>\r\n > > >> </struct></value></param>\r\n > > >> </params>\r\n > > >> </methodCall>\r\n > > >> > > >> * About to connect() to freeipa.cyberfuel.com port 443 (#0) > > >> * Trying 192.168.20.90... > > >> * Adding handle: conn: 0x10bb2f0 > > >> * Adding handle: send: 0 > > >> * Adding handle: recv: 0 > > >> * Curl_addHandleToPipeline: length: 1 > > >> * - Conn 0 (0x10bb2f0) send_pipe: 1, recv_pipe: 0 > > >> * Connected to freeipa.cyberfuel.com (192.168.20.90) port 443 (#0) > > >> * successfully set certificate verify locations: > > >> * CAfile: /etc/ipa/ca.crt > > >> CApath: none > > >> * SSL connection using AES256-SHA > > >> * Server certificate: > > >> * subject: O=CYBERFUEL.COM; CN=freeipa.cyberfuel.com > > >> * start date: 2015-09-30 17:52:11 GMT > > >> * expire date: 2017-09-30 17:52:11 GMT > > >> * common name: freeipa.cyberfuel.com (matched) > > >> * issuer: O=CYBERFUEL.COM; CN=Certificate Authority > > >> * SSL certificate verify ok. > > >>> POST /ipa/xml HTTP/1.1 > > >> Host: freeipa.cyberfuel.com > > >> Accept: */* > > >> Content-Type: text/xml > > >> User-Agent: ipa-join/3.0.0 > >>> Referer:https://freeipa.cyberfuel.com/ipa/xml > > >> X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1 > > >> Content-Length: 477 > > >> > > >> * upload completely sent off: 477 out of 477 bytes < HTTP/1.1 401 > > >> Authorization Required < Date: Fri, 29 Apr 2016 16:16:32 GMT > > >> * Server Apache/2.2.15 (CentOS) is not blacklisted < Server: > > >> Apache/2.2.15 (CentOS) < WWW-Authenticate: Negotiate < Last-Modified: > > >> Tue, 12 Apr 2016 23:07:44 GMT < ETag: "a0528-55a-53051ba8f7000" > > >> < Accept-Ranges: bytes > > >> < Content-Length: 1370 > > >> < Connection: close > > >> < Content-Type: text/html; charset=UTF-8 < > > >> * Closing connection 0 > > >> HTTP response code is 401, not 200 > > >> > > >> Installation failed. Rolling back changes. > > >> IPA client is not configured on this system. > > >> > > >> ------------------------------------------------- > > >> > > >> It's the version curl IPA server > > >> > > >> [root@freeipa log]# rpm -qa | grep curl > > >> python-pycurl-7.19.0-8.el6.x86_64 > > >> curl-7.19.7-46.el6.x86_64 > > >> libcurl-7.19.7-46.el6.x86_64 > > >> [root@freeipa log]# > > >> > > >> > > >> It's the version curl PPA server(IPA Client) > > >> > > >> [root@ppa named]# rpm -qa | grep curl > > >> curl-7.31.0-1.el6.x86_64 > > >> python-pycurl-7.19.0-8.el6.x86_64 > > >> libcurl-7.31.0-1.el6.x86_64 > > >> libcurl-7.31.0-1.el6.i686 > > >> > > >> > > >> The version curl is different, but the version curl PPA is the > > >> repository Odin Plesk. > > >> > > >> ----------------------------------------------------- > > >> > > >> > > >> [root@ppa tmp]# cat kerberos_trace.log > > >> > > >> [12118] 1461855578.809966: ccselect module realm chose cache > >>> FILE:/tmp/tmptSoqDX with client [email protected] <mailto:[email protected]>for > >>> server principalldap/[email protected] > <mailto:ldap/[email protected]> > >>> [12118] 1461855578.810171: [email protected] <mailto:[email protected]>-> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not > > >> found [12118] 1461855578.810252: Getting credentials > >>>[email protected] <mailto:[email protected]>-> > ldap/[email protected] > <mailto:ldap/[email protected]>using > > >> ccache FILE:/tmp/tmptSoqDX [12118] 1461855578.810369: Retrieving > >>>[email protected] <mailto:[email protected]>-> > ldap/[email protected] > <mailto:ldap/[email protected]>from > > >> FILE:/tmp/tmptSoqDX with > > >> result: -1765328243/Matching credential not found [12118] > >>> 1461855578.810451: [email protected] <mailto:[email protected]>-> > >>>krbtgt/[email protected] > <mailto:krbtgt/[email protected]>from FILE:/tmp/tmptSoqDX with > result: > > >> 0/Success > > >> [12118] 1461855578.810476: Found cached TGT for service realm: > > >> [email protected] <mailto:[email protected]> -> > krbtgt/[email protected] > <mailto:krbtgt/[email protected]> > > >> [12118] 1461855578.810509: Requesting tickets for > >>>ldap/[email protected] > <mailto:ldap/[email protected]>, referrals on [12118] > > >> 1461855578.810612: Generated subkey for TGS request: aes256-cts/7377 > > >> [12118] 1461855578.810679: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [12118] > > >> 1461855578.810913: Sending request (704 bytes) to CYBERFUEL.COM > > >> [12118] 1461855578.811239: Resolving hostname freeipa.cyberfuel.com > > >> [12118] 1461855578.811466: Initiating TCP connection to stream > > >> 192.168.0.90:88 > > >> [12118] 1461855578.811935: Sending TCP request to stream > > >> 192.168.0.90:88 [12118] 1461855578.816404: Received answer from > > >> stream > > >> 192.168.0.90:88 [12118] 1461855578.816714: Response was from master > >>> KDC [12118] 1461855578.816906: TGS reply is [email protected] <mailto:[email protected]> > >>> ->ldap/[email protected] > <mailto:ldap/[email protected]>with session key > > >> aes256-cts/BEB2 [12118] 1461855578.816977: TGS request result: > > >> 0/Success [12118] 1461855578.817018: Received creds for desired > >>> serviceldap/[email protected] > <mailto:ldap/[email protected]> > >>> [12118] 1461855578.817066: [email protected] <mailto:[email protected]>-> > >>>ldap/[email protected] > <mailto:ldap/[email protected]>from FILE:/tmp/tmptSoqDX > >>> [12118] 1461855578.817107: [email protected] <mailto:[email protected]>-> > >>>ldap/[email protected] > <mailto:ldap/[email protected]>in FILE:/tmp/tmptSoqDX > > >> [12118] 1461855578.817413: Creating authenticator for > > >> [email protected] <mailto:[email protected]> -> > ldap/[email protected] > <mailto:ldap/[email protected]>, > > >> seqnum 299651167, subkey aes256-cts/98D3, session key aes256-cts/BEB2 > > >> [12118] 1461855578.874786: ccselect module realm chose cache > >>> FILE:/tmp/tmptSoqDX with client [email protected] <mailto:[email protected]>for > >>> server principalldap/[email protected] > <mailto:ldap/[email protected]> > >>> [12118] 1461855578.874938: [email protected] <mailto:[email protected]>-> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmptSoqDX with result: -1765328243/Matching credential not > > >> found [12118] 1461855578.875079: Read AP-REP, time 1461855578.817442, > > >> subkey aes256-cts/4B32, seqnum 706045221 [17304] 1461858424.873888: > > >> ccselect module realm chose cache FILE:/tmp/tmpH0QF6P with client > > >> principal [email protected] for server principal > > >> ldap/[email protected] > > >> [17304] 1461858424.874126: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not > > >> found [17304] 1461858424.874220: Getting credentials > > >> [email protected] -> ldap/[email protected] using > > >> ccache FILE:/tmp/tmpH0QF6P [17304] 1461858424.874413: Retrieving > > >> [email protected] -> ldap/[email protected] from > > >> FILE:/tmp/tmpH0QF6P with > > >> result: -1765328243/Matching credential not found [17304] > > >> 1461858424.874531: Retrieving [email protected] -> > > >> krbtgt/[email protected] from FILE:/tmp/tmpH0QF6P with result: > > >> 0/Success > > >> [17304] 1461858424.874603: Found cached TGT for service realm: > > >> [email protected] -> krbtgt/[email protected] > > >> [17304] 1461858424.874631: Requesting tickets for > > >> ldap/[email protected], referrals on [17304] > > >> 1461858424.874747: Generated subkey for TGS request: aes256-cts/8C33 > > >> [17304] 1461858424.874788: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [17304] > > >> 1461858424.875121: Sending request (704 bytes) to CYBERFUEL.COM > > >> [17304] 1461858424.875525: Resolving hostname freeipa.cyberfuel.com > > >> [17304] 1461858424.875805: Initiating TCP connection to stream > > >> 192.168.20.90:88 > > >> [17304] 1461858424.877976: Sending TCP request to stream > > >> 192.168.20.90:88 [17304] 1461858424.882385: Received answer from > > >> stream 192.168.20.90:88 [17304] 1461858424.882531: Response was from > > >> master KDC [17304] 1461858424.882775: TGS reply is for > > >> [email protected] -> ldap/[email protected] with > > >> session key aes256-cts/20DA [17304] 1461858424.882850: TGS request > > >> result: 0/Success [17304] 1461858424.882883: Received creds for > > >> desired service ldap/[email protected] > > >> [17304] 1461858424.882918: Removing [email protected] -> > > >> ldap/[email protected] from FILE:/tmp/tmpH0QF6P > > >> [17304] 1461858424.882951: Storing [email protected] -> > > >> ldap/[email protected] in FILE:/tmp/tmpH0QF6P > > >> [17304] 1461858424.883271: Creating authenticator for > > >> [email protected] -> ldap/[email protected], > > >> seqnum 443746416, subkey aes256-cts/13DE, session key aes256-cts/20DA > > >> [17304] 1461858424.898190: ccselect module realm chose cache > > >> FILE:/tmp/tmpH0QF6P with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [17304] 1461858424.898401: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpH0QF6P with result: -1765328243/Matching credential not > > >> found [17304] 1461858424.898615: Read AP-REP, time 1461858424.883334, > > >> subkey aes256-cts/A0F5, seqnum 906104721 [23457] 1461863053.621386: > > >> ccselect module realm chose cache > > >> FILE:/tmp/tmp576FE3 with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [23457] 1461863053.621602: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not > > >> found [23457] 1461863053.621719: Getting credentials > > >> [email protected] -> ldap/[email protected] using > > >> ccache FILE:/tmp/tmp576FE3 [23457] 1461863053.621918: Retrieving > > >> [email protected] -> ldap/[email protected] from > > >> FILE:/tmp/tmp576FE3 with > > >> result: -1765328243/Matching credential not found [23457] > > >> 1461863053.622097: Retrieving [email protected] -> > > >> krbtgt/[email protected] from FILE:/tmp/tmp576FE3 with result: > > >> 0/Success > > >> [23457] 1461863053.622144: Found cached TGT for service realm: > > >> [email protected] -> krbtgt/[email protected] > > >> [23457] 1461863053.622176: Requesting tickets for > > >> ldap/[email protected], referrals on [23457] > > >> 1461863053.622288: Generated subkey for TGS request: aes256-cts/897C > > >> [23457] 1461863053.622331: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23457] > > >> 1461863053.622662: Sending request (704 bytes) to CYBERFUEL.COM > > >> [23457] 1461863053.623133: Resolving hostname freeipa.cyberfuel.com > > >> [23457] 1461863053.623367: Initiating TCP connection to stream > > >> 192.168.20.90:88 > > >> [23457] 1461863053.623866: Sending TCP request to stream > > >> 192.168.20.90:88 [23457] 1461863053.627939: Received answer from > > >> stream 192.168.20.90:88 [23457] 1461863053.628229: Response was from > > >> master KDC [23457] 1461863053.628485: TGS reply is for > > >> [email protected] -> ldap/[email protected] with > > >> session key aes256-cts/9E88 [23457] 1461863053.628560: TGS request > > >> result: 0/Success [23457] 1461863053.628610: Received creds for > > >> desired service ldap/[email protected] > > >> [23457] 1461863053.628655: Removing [email protected] -> > > >> ldap/[email protected] from FILE:/tmp/tmp576FE3 > > >> [23457] 1461863053.628689: Storing [email protected] -> > > >> ldap/[email protected] in FILE:/tmp/tmp576FE3 > > >> [23457] 1461863053.629119: Creating authenticator for > > >> [email protected] -> ldap/[email protected], > > >> seqnum 13046067, subkey aes256-cts/BAC3, session key aes256-cts/9E88 > > >> [23457] 1461863053.640471: ccselect module realm chose cache > > >> FILE:/tmp/tmp576FE3 with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [23457] 1461863053.640721: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmp576FE3 with result: -1765328243/Matching credential not > > >> found [23457] 1461863053.640909: Read AP-REP, time 1461863053.629208, > > >> subkey aes256-cts/8866, seqnum 421358565 [23749] 1461863277.525338: > > >> ccselect module realm chose cache FILE:/tmp/tmprfuOsj with client > > >> principal [email protected] for server principal > > >> ldap/[email protected] > > >> [23749] 1461863277.525435: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not > > >> found [23749] 1461863277.525469: Getting credentials > > >> [email protected] -> ldap/[email protected] using > > >> ccache FILE:/tmp/tmprfuOsj [23749] 1461863277.525529: Retrieving > > >> [email protected] -> ldap/[email protected] from > > >> FILE:/tmp/tmprfuOsj with > > >> result: -1765328243/Matching credential not found [23749] > > >> 1461863277.525572: Retrieving [email protected] -> > > >> krbtgt/[email protected] from FILE:/tmp/tmprfuOsj with result: > > >> 0/Success > > >> [23749] 1461863277.525584: Found cached TGT for service realm: > > >> [email protected] -> krbtgt/[email protected] > > >> [23749] 1461863277.525593: Requesting tickets for > > >> ldap/[email protected], referrals on [23749] > > >> 1461863277.525645: Generated subkey for TGS request: aes256-cts/C22D > > >> [23749] 1461863277.525662: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [23749] > > >> 1461863277.525806: Sending request (704 bytes) to CYBERFUEL.COM > > >> [23749] 1461863277.526052: Resolving hostname freeipa.cyberfuel.com > > >> [23749] 1461863277.526161: Initiating TCP connection to stream > > >> 192.168.20.90:88 > > >> [23749] 1461863277.526440: Sending TCP request to stream > > >> 192.168.20.90:88 [23749] 1461863277.530652: Received answer from > > >> stream 192.168.20.90:88 [23749] 1461863277.530737: Response was from > > >> master KDC [23749] 1461863277.530881: TGS reply is for > > >> [email protected] -> ldap/[email protected] with > > >> session key aes256-cts/79C3 [23749] 1461863277.530931: TGS request > > >> result: 0/Success [23749] 1461863277.530948: Received creds for > > >> desired service ldap/[email protected] > > >> [23749] 1461863277.530962: Removing [email protected] -> > > >> ldap/[email protected] from FILE:/tmp/tmprfuOsj > > >> [23749] 1461863277.530971: Storing [email protected] -> > > >> ldap/[email protected] in FILE:/tmp/tmprfuOsj > > >> [23749] 1461863277.531133: Creating authenticator for > > >> [email protected] -> ldap/[email protected], > > >> seqnum 1019693263, subkey aes256-cts/B3E0, session key > > >> aes256-cts/79C3 [23749] 1461863277.542808: ccselect module realm > > >> chose cache FILE:/tmp/tmprfuOsj with client principal > > >> [email protected] for server principal > > >> ldap/[email protected] > > >> [23749] 1461863277.542889: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmprfuOsj with result: -1765328243/Matching credential not > > >> found [23749] 1461863277.542988: Read AP-REP, time 1461863277.531150, > > >> subkey aes256-cts/5194, seqnum 376027188 [25544] 1461864401.258277: > > >> ccselect module realm chose cache FILE:/tmp/tmpbzX7EN with client > > >> principal [email protected] for server principal > > >> ldap/[email protected] > > >> [25544] 1461864401.258584: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not > > >> found [25544] 1461864401.258678: Getting credentials > > >> [email protected] -> ldap/[email protected] using > > >> ccache FILE:/tmp/tmpbzX7EN [25544] 1461864401.258873: Retrieving > > >> [email protected] -> ldap/[email protected] from > > >> FILE:/tmp/tmpbzX7EN with > > >> result: -1765328243/Matching credential not found [25544] > > >> 1461864401.259040: Retrieving [email protected] -> > > >> krbtgt/[email protected] from FILE:/tmp/tmpbzX7EN with result: > > >> 0/Success > > >> [25544] 1461864401.259076: Found cached TGT for service realm: > > >> [email protected] -> krbtgt/[email protected] > > >> [25544] 1461864401.259102: Requesting tickets for > > >> ldap/[email protected], referrals on [25544] > > >> 1461864401.259244: Generated subkey for TGS request: aes256-cts/277A > > >> [25544] 1461864401.259291: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [25544] > > >> 1461864401.259676: Sending request (704 bytes) to CYBERFUEL.COM > > >> [25544] 1461864401.260108: Resolving hostname freeipa.cyberfuel.com > > >> [25544] 1461864401.260361: Initiating TCP connection to stream > > >> 192.168.20.90:88 > > >> [25544] 1461864401.260980: Sending TCP request to stream > > >> 192.168.20.90:88 [25544] 1461864401.264399: Received answer from > > >> stream 192.168.20.90:88 [25544] 1461864401.264593: Response was from > > >> master KDC [25544] 1461864401.264893: TGS reply is for > > >> [email protected] -> ldap/[email protected] with > > >> session key aes256-cts/9106 [25544] 1461864401.264966: TGS request > > >> result: 0/Success [25544] 1461864401.264996: Received creds for > > >> desired service ldap/[email protected] > > >> [25544] 1461864401.265029: Removing [email protected] -> > > >> ldap/[email protected] from FILE:/tmp/tmpbzX7EN > > >> [25544] 1461864401.265058: Storing [email protected] -> > > >> ldap/[email protected] in FILE:/tmp/tmpbzX7EN > > >> [25544] 1461864401.265581: Creating authenticator for > > >> [email protected] -> ldap/[email protected], > > >> seqnum 921501424, subkey aes256-cts/99EA, session key aes256-cts/9106 > > >> [25544] 1461864401.275884: ccselect module realm chose cache > > >> FILE:/tmp/tmpbzX7EN with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [25544] 1461864401.276059: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpbzX7EN with result: -1765328243/Matching credential not > > >> found [25544] 1461864401.276196: Read AP-REP, time 1461864401.265627, > > >> subkey aes256-cts/0E9F, seqnum 871496824 [18097] 1461937028.664354: > > >> ccselect module realm chose cache > > >> FILE:/tmp/tmpF9x_o8 with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [18097] 1461937028.664456: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not > > >> found [18097] 1461937028.664490: Getting credentials > > >> [email protected] -> ldap/[email protected] using > > >> ccache FILE:/tmp/tmpF9x_o8 [18097] 1461937028.664549: Retrieving > > >> [email protected] -> ldap/[email protected] from > > >> FILE:/tmp/tmpF9x_o8 with > > >> result: -1765328243/Matching credential not found [18097] > > >> 1461937028.664590: Retrieving [email protected] -> > > >> krbtgt/[email protected] from FILE:/tmp/tmpF9x_o8 with result: > > >> 0/Success > > >> [18097] 1461937028.664601: Found cached TGT for service realm: > > >> [email protected] -> krbtgt/[email protected] > > >> [18097] 1461937028.664611: Requesting tickets for > > >> ldap/[email protected], referrals on [18097] > > >> 1461937028.664700: Generated subkey for TGS request: aes256-cts/6372 > > >> [18097] 1461937028.664727: etypes requested in TGS request: > > >> aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac [18097] > > >> 1461937028.664865: Sending request (704 bytes) to CYBERFUEL.COM > > >> [18097] 1461937028.665035: Resolving hostname freeipa.cyberfuel.com > > >> [18097] 1461937028.665136: Initiating TCP connection to stream > > >> 192.168.20.90:88 > > >> [18097] 1461937028.665510: Sending TCP request to stream > > >> 192.168.20.90:88 [18097] 1461937028.668919: Received answer from > > >> stream 192.168.20.90:88 [18097] 1461937028.668984: Response was from > > >> master KDC [18097] 1461937028.669109: TGS reply is for > > >> [email protected] -> ldap/[email protected] with > > >> session key aes256-cts/9592 [18097] 1461937028.669136: TGS request > > >> result: 0/Success [18097] 1461937028.669156: Received creds for > > >> desired service ldap/[email protected] > > >> [18097] 1461937028.669167: Removing [email protected] -> > > >> ldap/[email protected] from FILE:/tmp/tmpF9x_o8 > > >> [18097] 1461937028.669176: Storing [email protected] -> > > >> ldap/[email protected] in FILE:/tmp/tmpF9x_o8 > > >> [18097] 1461937028.669304: Creating authenticator for > > >> [email protected] -> ldap/[email protected], > > >> seqnum 940175329, subkey aes256-cts/53B9, session key aes256-cts/9592 > > >> [18097] 1461937028.676414: ccselect module realm chose cache > > >> FILE:/tmp/tmpF9x_o8 with client principal [email protected] for > > >> server principal ldap/[email protected] > > >> [18097] 1461937028.676470: Retrieving [email protected] -> > > >> krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF: from > > >> FILE:/tmp/tmpF9x_o8 with result: -1765328243/Matching credential not > > >> found [18097] 1461937028.676534: Read AP-REP, time 1461937028.669328, > > >> subkey aes256-cts/26C4, seqnum 864174069 > > >> > > >> ----------------------------------- > > >> > > >> > > >> Regards > > >> > > >> Jose Alvarez > > >> > > >> > > >> -----Original Message----- > > >> From: Rob Crittenden [mailto:[email protected]] > > >> Sent: viernes 29 de abril de 2016 09:34 a.m. > > >> To: Jose Alvarez R. <[email protected]>; > > >> [email protected] > > >> Subject: Re: [Freeipa-users] HTTP response code is 401, not 200 > > >> > > >> Jose Alvarez R. wrote: > > >>> Hi Users > > >>> > > >>> You can help me? > > >>> > > >>> I have the problem for join a client to my FREEIPA Server. The > > >>> version IPA Server is 3.0 and IP client is 3.0 > > >>> > > >>> When I join my client to IPA server show these errors: > > >>> > > >>> [root@ppa ~]# tail -f /var/log/ipaclient-install.log > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG stderr= > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG trying to retrieve CA cert via LDAP from > > >>> ldap://freeipa.cyberfuel.com > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG Existing CA cert and Retrieved CA cert > > >>> are identical > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG args=/usr/sbin/ipa-join -s > > >>> freeipa.cyberfuel.com -b dc=cyberfuel,dc=com > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG stdout= > > >>> > > >>> 2016-04-28T17:26:41Z DEBUG stderr=HTTP response code is 401, not 200 > > >>> > > >>> 2016-04-28T17:26:41Z ERROR Joining realm failed: HTTP response code > > >>> is 401, not 200 > > >>> > > >>> 2016-04-28T17:26:41Z ERROR Installation failed. Rolling back changes. > > >>> > > >>> 2016-04-28T17:26:41Z ERROR IPA client is not configured on this system. > > >> > > >> I'd look in the 389-ds access and error logs on the IPA server to see > > >> if there are any more details. Look for the BIND from the client and > > >> see what happens. > > >> > > >> More context from the log file might be helpful. I believe if you run > > >> the client installer with --debug then additional flags are passed to > > >> ipa-join to include the XML-RPC conversation and that might be useful > > too. > > >> > > >> What account are you using to enroll with, admin? > > >> > > >> rob > > >> > > > > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
