Bug 1359692
Summary: | ipa-client-install join fail with traceback against RHEL-6.8 ipa-server | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | jcholast, jhrozek, mvarun, pvoborni, rcritten |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-4.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 05:59:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrik Kis
2016-07-25 10:12:38 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6129 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b8b7b9bf8e8a23d652c99c335219abf9de1a6fb7 Verified ipa-client-4.4.0-11.el7.x86_64 ########### ON SERVER ########### [root@server68 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.8 (Santiago) [root@server68 ~]# rpm -qa ipa-server ipa-server-3.0.0-50.el6.1.x86_64 [root@server68 ~]# hostname server68.stestrelm.test ########### ON CLIENT ########### [root@73client ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 Beta (Maipo) [root@73client ~]# rpm -qa ipa-client ipa-client-4.4.0-11.el7.x86_64 [root@73client ~]# ipa-client-install --domain stestrelm.test --realm STESTRELM.TEST --principal admin --server=server68.stestrelm.test -W --debug /usr/sbin/ipa-client-install was invoked with options: {'domain': 'stestrelm.test', 'force': False, 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name': 'STESTRELM.TEST', 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None, 'ca_cert_file': None, 'principal': 'admin', 'keytab': None, 'hostname': None, 'request_cert': False, 'trust_sshfp': False, 'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'firefox_dir': None, 'server': ['server68.stestrelm.test'], 'prompt_password': True, 'permit': False, 'debug': True, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall': False} missing options might be asked for interactively later IPA version 4.4.0-11.el7 Starting external process args=/bin/systemctl is-enabled chronyd.service Process finished, return code=0 stdout=enabled stderr= WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd [IPA Discovery] Starting IPA discovery with domain=stestrelm.test, servers=['server68.stestrelm.test'], hostname=73client.stestrelm.test Server and domain forced [Kerberos realm search] Kerberos realm forced [LDAP server check] Verifying that server68.stestrelm.test (realm STESTRELM.TEST) is an IPA server Init LDAP connection to: server68.stestrelm.test Search LDAP server for IPA base DN Check if naming context 'dc=stestrelm,dc=test' is for IPA Naming context 'dc=stestrelm,dc=test' is a valid IPA context Search for (objectClass=krbRealmContainer) in dc=stestrelm,dc=test (sub) Found: cn=STESTRELM.TEST,cn=kerberos,dc=stestrelm,dc=test Discovery result: Success; server=server68.stestrelm.test, domain=stestrelm.test, kdc=server68.stestrelm.test, basedn=dc=stestrelm,dc=test Validated servers: server68.stestrelm.test will use discovered domain: stestrelm.test Using servers from command line, disabling DNS discovery will use provided server: server68.stestrelm.test Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes will use discovered realm: STESTRELM.TEST will use discovered basedn: dc=stestrelm,dc=test Client hostname: 73client.stestrelm.test Hostname source: Machine's FQDN Realm: STESTRELM.TEST Realm source: Discovered from LDAP DNS records in server68.stestrelm.test DNS Domain: stestrelm.test DNS Domain source: Forced IPA Server: server68.stestrelm.test IPA Server source: Provided as option BaseDN: dc=stestrelm,dc=test BaseDN source: From IPA server ldap://server68.stestrelm.test:389 Continue to configure the system with these values? [no]: yes Starting external process args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r STESTRELM.TEST Process finished, return code=5 stdout= stderr=realm not found Skipping synchronizing time with NTP server. Starting external process args=keyctl get_persistent @s 0 Process finished, return code=0 stdout=847286038 stderr= Enabling persistent keyring CCACHE Writing Kerberos configuration to /tmp/tmphduV0V: #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = STESTRELM.TEST dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] STESTRELM.TEST = { kdc = server68.stestrelm.test:88 master_kdc = server68.stestrelm.test:88 admin_server = server68.stestrelm.test:749 kpasswd_server = server68.stestrelm.test:464 default_domain = stestrelm.test pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .stestrelm.test = STESTRELM.TEST stestrelm.test = STESTRELM.TEST 73client.stestrelm.test = STESTRELM.TEST Password for admin: Initializing principal admin using password Starting external process args=/usr/bin/kinit admin -c /tmp/krbccBQOMtv/ccache Process finished, return code=0 stdout=Password for admin: stderr= trying to retrieve CA cert via LDAP from server68.stestrelm.test flushing ldap://server68.stestrelm.test:389 from SchemaCache retrieving schema for SchemaCache url=ldap://server68.stestrelm.test:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2a87ab8> Successfully retrieved CA cert Subject: CN=Certificate Authority,O=STESTRELM.TEST Issuer: CN=Certificate Authority,O=STESTRELM.TEST Valid From: Fri Sep 16 10:41:44 2016 UTC Valid Until: Tue Sep 16 10:41:44 2036 UTC Starting external process args=/usr/sbin/ipa-join -s server68.stestrelm.test -b dc=stestrelm,dc=test -h 73client.stestrelm.test -d Process finished, return code=0 stdout= stderr=XML-RPC CALL: <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n <methodName>join</methodName>\r\n <params>\r\n <param><value><array><data>\r\n <value><string>73client.stestrelm.test</string></value>\r\n </data></array></value></param>\r\n <param><value><struct>\r\n <member><name>nsosversion</name>\r\n <value><string>3.10.0-505.el7.x86_64</string></value></member>\r\n <member><name>nshardwareplatform</name>\r\n <value><string>x86_64</string></value></member>\r\n </struct></value></param>\r\n </params>\r\n </methodCall>\r\n * About to connect() to server68.stestrelm.test port 443 (#0) * Trying 10.16.98.186... * Connected to server68.stestrelm.test (10.16.98.186) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=server68.stestrelm.test,O=STESTRELM.TEST * start date: Sep 16 10:47:52 2016 GMT * expire date: Sep 17 10:47:52 2018 GMT * common name: server68.stestrelm.test * issuer: CN=Certificate Authority,O=STESTRELM.TEST > POST /ipa/xml HTTP/1.1 Host: server68.stestrelm.test Accept: */* Content-Type: text/xml User-Agent: ipa-join/4.4.0 Referer: https://server68.stestrelm.test/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0 Content-Length: 479 * upload completely sent off: 479 out of 479 bytes < HTTP/1.1 401 Authorization Required < Date: Fri, 16 Sep 2016 10:52:29 GMT < Server: Apache/2.2.15 (Red Hat) < WWW-Authenticate: Negotiate < Last-Modified: Tue, 12 Apr 2016 15:04:53 GMT < ETag: "22179f-55a-5304afbc10f40" < Accept-Ranges: bytes < Content-Length: 1370 < Connection: close < Content-Type: text/html; charset=UTF-8 < * Closing connection 0 * Issue another request to this URL: 'https://server68.stestrelm.test:443/ipa/xml' * About to connect() to server68.stestrelm.test port 443 (#1) * Trying 10.16.98.186... * Connected to server68.stestrelm.test (10.16.98.186) port 443 (#1) * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=server68.stestrelm.test,O=STESTRELM.TEST * start date: Sep 16 10:47:52 2016 GMT * expire date: Sep 17 10:47:52 2018 GMT * common name: server68.stestrelm.test * issuer: CN=Certificate Authority,O=STESTRELM.TEST * Server auth using GSS-Negotiate with user '' > POST /ipa/xml HTTP/1.1 Authorization: Negotiate YIIFHwYJKoZIhvcSAQICAQBuggUOMIIFCqADAgEFoQMCAQ6iBwMFACAAAACjggFmYYIBYjCCAV6gAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIqMCigAwIBA6EhMB8bBEhUVFAbF3NlcnZlcjY4LnN0ZXN0cmVsbS50ZXN0o4IBFzCCAROgAwIBEqEDAgECooIBBQSCAQHWSoF6l4h+YS00QLEZ08UX6GZvOi4yKh27Hk64o+qMbCKaUf2VgvIpqBtV2t4lvnX99fwzsGo+0W5iuVokqjzPc18i1Acpw6490/XtP0kM2MtHNzEbUm38zxT5ZX6JyOkY1aawzJK8yIF1JvUedlS7sWdq4uxwZtGv9du7L8N8rM4hBviJaiiBKFasy0GqEZvAI2ciHCVwTqbql4yKVo1OamBvBGgEZtashYNK4zJMPNza5EbQPopBzTvI3R8jPRN8s3vLOMM8LXzwmLU1VCNSafeMoLipcz8a+f7/wU/QJk5h5hC+2QEk3qZIXlh/2SUH1ZlXGWWJvTNNiR0zZiBXGqSCA4kwggOFoAMCARKiggN8BIIDeBLu0XDjUZZDBpQt7ZNHf1eusLxmWKDbfpBhtHoiDYgO+teIvWHfm06qi2CgK2qrgftJEoKJUyxYbHbtH3/aCVNnBw1GYjG8hIAbd6Y2LHJzIqLnunxutjrFYm/909Etm1ReQFQuVAZ8VnPQ7grkVU+DRQWYkvw6571X8rPDbvedJtfdQgNW1YlF+L2p13xFDlbiZIWMqLHf2KypadR0Z2nL1+/ot7t4SKXubXnedjz40kasCZxWRelT5e88vydCrUSvfsclJibyCelFgUHeTROJ5Z7EZBuhpZhMjZiYidM7NX6ktyeD5FxliZvyTcxAxTAD+nqBpuyWsrgH83gOhqmV4BdYeTXi94sGKeJB66WM/xkn2b5gg7mr0WfxUrzL+C215ExhOiYMdMgjgLOM/hnRUHiN5rF7vP3HzBgA8q/Y865zWf8cQPcfUcLhR5rJ9cQ39UE3V023Wd7TJYWwqVuACFeb4y+d/9tD8YwM1c/mNt5r8JC572XYa3g6YXxho7u9PinEwaolKMlyisLV7pbKNuigLz22Akv+D2o7NmTJFjNx2chrp0jpWxUuG45ZlBRithKwLpmZB79UfUucsBGOFLDmstzeWc9UhK0iBWyt2BWedK+wx2575VKiw7CVetF3sMnA6c0hHyL+q5AZSy6CbEUQznj823szQig6fWioXe+4eC6/3OpLh/McZYGuWUe/cgA2RDfN8gp+U0mymXmQA1q7ihwjF1AjS9MC3cKX7utEQn9D+CeKUazF/DTKVzWbD8B0Qcx/fo16mEHJlhoLcQUmrBvMedDQApWoAeWMcAjkG6bIJr6fpXrpv8zPCCYCVw43thzY7ipmvBBmiG9CezUcA66LQD0O7Pr5QYskE9BDGXc9YFPpvn0Gc5/BdfkMHsg6tT+OUVjVXzbZ4tnSpUX5Fw91+jzaslwUWuEYFabGDllgj9YikPuT77FoG5+/7h9bg9QQFkZzJvNoyqeUcDY3pLDgHCqIyAz7taUndI7g0ydbTQz4/8Aw63GEaMfcLLHZjcx7zk1IxS4jkQcUMgj/Kapu+X4qcJSv830TlWKJxGlGU65tOm/4BgJH/5NlJ/kB46ZoBRW65pQjMbfUDzhp2amuhAZMorjGMZMX6Syn9lUp6RlpbKzCtiMs7CumhKQorOBKvBhkouEw+hBqiRHTj2PrvA== Host: server68.stestrelm.test Accept: */* Content-Type: text/xml User-Agent: ipa-join/4.4.0 Referer: https://server68.stestrelm.test/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.32.5 Curl/7.29.0 Content-Length: 479 * upload completely sent off: 479 out of 479 bytes < HTTP/1.1 200 Success < Date: Fri, 16 Sep 2016 10:52:29 GMT < Server: Apache/2.2.15 (Red Hat) < WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv2wTtI4iDyc12eAfElT7BqjPkeiK5v1G7khA4ADJga81tnDcaQ2Vw9XMa4VP+0Fvy771BirFKYkMn68M4fCl+NR7aJ7DodzZf3nmrbVZN/tmBPz5FU40RJyFil2Q5G1AX37SpZt717jyCIvoAaaXa * Added cookie ipa_session="b3d84d36fb7ba1c3f267c8d6b6d2782f" for domain server68.stestrelm.test, path /ipa, expire 1474024349 < Set-Cookie: ipa_session=b3d84d36fb7ba1c3f267c8d6b6d2782f; Domain=server68.stestrelm.test; Path=/ipa; Expires=Fri, 16 Sep 2016 11:12:29 GMT; Secure; HttpOnly < Connection: close < Transfer-Encoding: chunked < Content-Type: text/xml; charset=utf-8 < * Closing connection 1 XML-RPC RESPONSE: <?xml version='1.0' encoding='UTF-8'?>\n <methodResponse>\n <params>\n <param>\n <value><array><data>\n <value><string>fqdn=73client.stestrelm.test,cn=computers,cn=accounts,dc=stestrelm,dc=test</string></value>\n <value><struct>\n <member>\n <name>dn</name>\n <value><string>fqdn=73client.stestrelm.test,cn=computers,cn=accounts,dc=stestrelm,dc=test</string></value>\n </member>\n <member>\n <name>ipacertificatesubjectbase</name>\n <value><array><data>\n <value><string>O=STESTRELM.TEST</string></value>\n </data></array></value>\n </member>\n <member>\n <name>has_keytab</name>\n <value><boolean>0</boolean></value>\n </member>\n <member>\n <name>objectclass</name>\n <value><array><data>\n <value><string>ipaobject</string></value>\n <value><string>nshost</string></value>\n <value><string>ipahost</string></value>\n <value><string>pkiuser</string></value>\n <value><string>ipaservice</string></value>\n <value><string>krbprincipalaux</string></value>\n <value><string>krbprincipal</string></value>\n <value><string>ieee802device</string></value>\n <value><string>ipasshhost</string></value>\n <value><string>top</string></value>\n <value><string>ipaSshGroupOfPubKeys</string></value>\n </data></array></value>\n </member>\n <member>\n <name>fqdn</name>\n <value><array><data>\n <value><string>73client.stestrelm.test</string></value>\n </data></array></value>\n </member>\n <member>\n <name>has_password</name>\n <value><boolean>0</boolean></value>\n </member>\n <member>\n <name>ipauniqueid</name>\n <value><array><data>\n <value><string>a9c278e8-7bfb-11e6-8869-021016980186</string></value>\n </data></array></value>\n </member>\n <member>\n <name>krbprincipalname</name>\n <value><array><data>\n <value><string>host/73client.stestrelm.test</string></value>\n </data></array></value>\n </member>\n <member>\n <name>managedby_host</name>\n <value><array><data>\n <value><string>73client.stestrelm.test</string></value>\n </data></array></value>\n </member>\n </struct></value>\n </data></array></value>\n </param>\n </params>\n </methodResponse>\n Failed to parse result: unsupported extended operation Retrying with pre-4.0 keytab retrieval method... Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25) Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26) Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=STESTRELM.TEST Enrolled in IPA realm STESTRELM.TEST Starting external process args=kdestroy Process finished, return code=0 stdout= stderr= Initializing principal host/73client.stestrelm.test using keytab /etc/krb5.keytab using ccache /etc/ipa/.dns_ccache Attempt 1/5: success Backing up system configuration file '/etc/ipa/default.conf' -> Not backing up - '/etc/ipa/default.conf' doesn't exist Created /etc/ipa/default.conf Backing up system configuration file '/etc/sssd/sssd.conf' -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist New SSSD config will be created Backing up system configuration file '/etc/nsswitch.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Backing up system configuration file '/etc/krb5.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Starting external process args=keyctl get_persistent @s 0 Process finished, return code=0 stdout=847286038 stderr= Enabling persistent keyring CCACHE Writing Kerberos configuration to /etc/krb5.conf: #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = STESTRELM.TEST dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] STESTRELM.TEST = { kdc = server68.stestrelm.test:88 master_kdc = server68.stestrelm.test:88 admin_server = server68.stestrelm.test:749 kpasswd_server = server68.stestrelm.test:464 default_domain = stestrelm.test pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .stestrelm.test = STESTRELM.TEST stestrelm.test = STESTRELM.TEST 73client.stestrelm.test = STESTRELM.TEST Configured /etc/krb5.conf for IPA realm STESTRELM.TEST Starting external process args=keyctl search @s user ipa_session_cookie:host/73client.stestrelm.test Process finished, return code=0 stdout=614752947 stderr= Starting external process args=keyctl unlink 614752947 @s Process finished, return code=0 stdout= stderr= Starting external process args=/usr/bin/certutil -d /tmp/tmpy2Cdxo -N -f /tmp/tmprVlkyM Process finished, return code=0 stdout= stderr= Starting external process args=/usr/bin/certutil -d /tmp/tmpy2Cdxo -A -n CA certificate 1 -t C,, Process finished, return code=0 stdout= stderr= Starting external process args=keyctl search @s user ipa_session_cookie:host/73client.stestrelm.test Process finished, return code=1 stdout= stderr=keyctl_search: Required key not available failed to find session_cookie in persistent storage for principal 'host/73client.stestrelm.test' trying https://server68.stestrelm.test/ipa/json Created connection context.rpcclient_48226128 Forwarding 'schema' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Forwarding 'env' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Forwarding 'ping' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Destroyed connection context.rpcclient_48226128 importing all plugin modules in ipaclient.remote_plugins.2_49... importing plugin module ipaclient.remote_plugins.2_49.aci importing plugin module ipaclient.remote_plugins.2_49.automember importing plugin module ipaclient.remote_plugins.2_49.automount importing plugin module ipaclient.remote_plugins.2_49.batch importing plugin module ipaclient.remote_plugins.2_49.cert importing plugin module ipaclient.remote_plugins.2_49.config importing plugin module ipaclient.remote_plugins.2_49.delegation importing plugin module ipaclient.remote_plugins.2_49.dns importing plugin module ipaclient.remote_plugins.2_49.entitle importing plugin module ipaclient.remote_plugins.2_49.group importing plugin module ipaclient.remote_plugins.2_49.hbacrule importing plugin module ipaclient.remote_plugins.2_49.hbacsvc importing plugin module ipaclient.remote_plugins.2_49.hbacsvcgroup importing plugin module ipaclient.remote_plugins.2_49.hbactest importing plugin module ipaclient.remote_plugins.2_49.host importing plugin module ipaclient.remote_plugins.2_49.hostgroup importing plugin module ipaclient.remote_plugins.2_49.idrange importing plugin module ipaclient.remote_plugins.2_49.internal importing plugin module ipaclient.remote_plugins.2_49.join importing plugin module ipaclient.remote_plugins.2_49.krbtpolicy importing plugin module ipaclient.remote_plugins.2_49.migration importing plugin module ipaclient.remote_plugins.2_49.misc importing plugin module ipaclient.remote_plugins.2_49.netgroup importing plugin module ipaclient.remote_plugins.2_49.passwd importing plugin module ipaclient.remote_plugins.2_49.permission importing plugin module ipaclient.remote_plugins.2_49.ping importing plugin module ipaclient.remote_plugins.2_49.pkinit importing plugin module ipaclient.remote_plugins.2_49.privilege importing plugin module ipaclient.remote_plugins.2_49.pwpolicy importing plugin module ipaclient.remote_plugins.2_49.role importing plugin module ipaclient.remote_plugins.2_49.selfservice importing plugin module ipaclient.remote_plugins.2_49.selinuxusermap importing plugin module ipaclient.remote_plugins.2_49.service importing plugin module ipaclient.remote_plugins.2_49.session importing plugin module ipaclient.remote_plugins.2_49.sudocmd importing plugin module ipaclient.remote_plugins.2_49.sudocmdgroup importing plugin module ipaclient.remote_plugins.2_49.sudorule importing plugin module ipaclient.remote_plugins.2_49.trust importing plugin module ipaclient.remote_plugins.2_49.user importing all plugin modules in ipaclient.plugins... importing plugin module ipaclient.plugins.automember importing plugin module ipaclient.plugins.automount importing plugin module ipaclient.plugins.cert importing plugin module ipaclient.plugins.certprofile importing plugin module ipaclient.plugins.dns importing plugin module ipaclient.plugins.hbacrule importing plugin module ipaclient.plugins.hbactest importing plugin module ipaclient.plugins.host importing plugin module ipaclient.plugins.idrange importing plugin module ipaclient.plugins.internal importing plugin module ipaclient.plugins.location importing plugin module ipaclient.plugins.migration importing plugin module ipaclient.plugins.misc importing plugin module ipaclient.plugins.otptoken importing plugin module ipaclient.plugins.otptoken_yubikey importing plugin module ipaclient.plugins.passwd importing plugin module ipaclient.plugins.permission importing plugin module ipaclient.plugins.rpcclient importing plugin module ipaclient.plugins.server importing plugin module ipaclient.plugins.service importing plugin module ipaclient.plugins.sudorule importing plugin module ipaclient.plugins.topology importing plugin module ipaclient.plugins.trust importing plugin module ipaclient.plugins.user importing plugin module ipaclient.plugins.vault Starting external process args=keyctl search @s user ipa_session_cookie:host/73client.stestrelm.test Process finished, return code=1 stdout= stderr=keyctl_search: Required key not available failed to find session_cookie in persistent storage for principal 'host/73client.stestrelm.test' trying https://server68.stestrelm.test/ipa/json Created connection context.rpcclient_71253392 Try RPC connection Forwarding 'ping' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Forwarding 'ca_is_enabled' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Forwarding 'env' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Starting external process args=/usr/bin/certutil -d /etc/ipa/nssdb -N -f /etc/ipa/nssdb/pwdfile.txt Process finished, return code=0 stdout= stderr= flushing ldap://server68.stestrelm.test:389 from SchemaCache retrieving schema for SchemaCache url=ldap://server68.stestrelm.test:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4b27128> Adding CA certificates to the IPA NSS database. Starting external process args=/usr/bin/certutil -d /etc/ipa/nssdb -A -n STESTRELM.TEST IPA CA -t CT,C,C Process finished, return code=0 stdout= stderr= Starting external process args=/usr/bin/update-ca-trust Process finished, return code=0 stdout= stderr= Systemwide CA database updated. The DNS query name does not exist: 73client.stestrelm.test. Hostname (73client.stestrelm.test) does not have A/AAAA record. Writing nsupdate commands to /etc/ipa/.dns_update.txt: debug update delete 73client.stestrelm.test. IN A show send update delete 73client.stestrelm.test. IN AAAA show send update add 73client.stestrelm.test. 1200 IN A 10.19.34.84 show send update add 73client.stestrelm.test. 1200 IN AAAA 2620:52:0:1322:221:5eff:fe20:1082 show send Starting external process args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt Process finished, return code=0 stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY A Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7877 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1958284418.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 1958284418.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023153 1474023153 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4Egdu/yUFCqatKNmFUSz1KNqqr nfWF1m36xrsH0VQ/GMhHHz++Ui+mbK7DDYyAhS7AoFBfyzgpgC7zS8bB ffccnmc1zxEeXTLV7ZRXp8hKAzD6hDAkvhxOXq6i8Wci9KFFzQ9iTWy5 pEZMdsaHEqf7HT4uAt/HwFvMIrpSVafOvaJYcCbGIn0ermhAwWhsr8wT WP6XWgLZAB6SW/J3iCXH2o7TDIZmuRWFzp6U0FPJywDGvYK4sMq+Nkri XjpB0yzsUCFa3CDUx0X9VBEgXENoP5oDKMzqPE8b+P0zqQY= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7963 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY A ;; TSIG PSEUDOSECTION: 1958284418.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023153 300 28 BAQE//////8AAAAANkysz6dDWFzq/jcmiDIu7Q== 7963 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY AAAA Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55557 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;2949027940.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 2949027940.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023153 1474023153 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4Egdva/QHm3o2xkL/gQ4ewWt+e fmBMGQQnD+8jONSpCC1ABzeggoV7BUP/FpIRjuE4oq4uoZr+RgnY4+8s xXplqEmPxIEhczPHCSFGzp7QbxMI3bmOkpwVHE+zYiMWVqUXpND03YDP WorY8FKwkdIFEnKJ/Kcg9/GnNsXeJipPTpxs3PPfA+bc0ygUrQtf1hZE 50hNm9iYkH6s9AZp10mwv1EGwqQalBPzAcyTUbLMVwrF06E3XFX100q+ 0oCI+xEHNbL/WWi0Q85Rd0W7LOhTzXdV6fo+OMiZx/DVgg4= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 19235 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY AAAA ;; TSIG PSEUDOSECTION: 2949027940.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023153 300 28 BAQE//////8AAAAACsDLxOX4SlhzCYLsQL9qqQ== 19235 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN A 10.19.34.84 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5649 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1236734906.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 1236734906.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023153 1474023153 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4EgdtCAxGiaaYlL1Ds44w3Ehu4 Kt3NgjRAgmJyXIFLFgl822eJFoCJ1nwFYH/1BRJ5wLAnX0viMJtWT2lL 5kzm4ozX3e0HtDkVEcoQPjhWLAloZ9JYcgW52wdMBGQgVl1khmKEHIjG U06QpE+suozipJCc+taUdysJuVmdgiEtR1IvDFTGKz+otnvuFAZ+BEiq 73LkGwcfzOm/+BFQLwE+Nlh8KpeW+1BjgJ8D1HFHdR+n8On+J43ar2Fh 8oLY228rALagz1UVffqW3sv3n7lsGSCvC7f7iIWrDSwFdUM= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 63882 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN A 10.19.34.84 ;; TSIG PSEUDOSECTION: 1236734906.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023153 300 28 BAQE//////8AAAAAD1RsjUSOphpVo6eL/GtSOA== 63882 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN AAAA 2620:52:0:1322:221:5eff:fe20:1082 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52943 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1013301938.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 1013301938.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474023154 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4Egdu3ul8HxjlnL633NOCKH3hW Xt+vAKwkALfMlvZ2hrO9ZgrfBqZ8VlXT0f8ZLdByvbGP8gYKTw5QbVou PZjU4vFBuSjZ2w5lOrHPYZBqIKIvC4VDrGpZ0P2urHwQe/F9sZNkv/Kr o2Nk7FWzD9ky3rAvFdKHYYyW2HHSlCLHD+cb/kVMJLY/u6oDo869iaxj A/VIUYtqiDPt9zSyzmT4PKd1inF/TQd0Me043mENuz2nL4q+OEopXWSv eenFvJxjsJFrhV+zp/k9+NIB8V30HsbKuxfO188gTk6JjJ0= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52194 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN AAAA 2620:52:0:1322:221:5eff:fe20:1082 ;; TSIG PSEUDOSECTION: 1013301938.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQE//////8AAAAAK7dH4WoU5euC4zuCCjwE8Q== 52194 NOERROR 0 stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48750 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 0 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023035 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7877 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1958284418.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 1958284418.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023153 1474026753 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvCqhcytOsaJTO8WxfmUCdZ7hmxbuq7J5GiV0YRb//igJwkwvGzPUb X2bTgqpMyYHA7loyCTuQDFkk9w+yl91P0qLmTR844Y4v0vrW5u1N9Ndv R3mDmZ/hkqQchVyMgi2np7nikGW+sfMVsqbRZ9CU 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7963 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 1958284418.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023153 300 28 BAQF//////8AAAAAJUjxzx+2utuesA+HALQjLg== 7963 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56775 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 0 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023035 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55557 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;2949027940.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 2949027940.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474026754 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvnVPFqNlyTias7m20CUYOgePySQ/d2DNnqPlNTj/Oi7CDvr6XzKsk VckQFkgQjpUXr8jpciZJCGe8JeKMUOPz5i+2HLcHdkNoYxDXzAY8EJxo vCBU7QuRJGSjg6i+qGbIIi5Vo695VWAscEmnXmHV 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 19235 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 2949027940.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQF//////8AAAAAL5I+mtW3Tkv6J+i1LTyuUQ== 19235 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24317 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 0 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023035 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5649 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1236734906.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 1236734906.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474026754 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvoJUHfmSS7AhObEm3OpNsjxBA44NUoXkzWxpzXc8wEEK2SzIr2/oC vKiR/20rls4Rt1ORlSvovtSKPFCzfepgfNc6gBeBXBGkAj460X14Xsc3 4C4lR0hsRo59+4Mm+sYqeB15IaYhpT3HkgT4sAmx 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 63882 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 1236734906.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQF//////8AAAAANDqoWEUJaQT4t14n0upJwg== 63882 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61189 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 3600 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023036 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52943 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1013301938.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 1013301938.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474026754 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvHllAsblzXGqQJ6HnxEaKeltG5cC8ieJI3ZCwIo7P4tpATRjF+lFo 1NYEL58SgJG1Ba8QbXBTUykABbXwbQ+O1Uh10nIOHc0noTC9DInpAQze ClYr8HUyx5uU5yi/n3e/CjwLjduMDRDNBpRZi1tj 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52194 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 1013301938.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQF//////8AAAAAL9RuY6OMAp1tCzpz2LDj1w== 52194 NOERROR 0 DNS resolver: Query: 73client.stestrelm.test IN A DNS resolver: Query: 73client.stestrelm.test IN AAAA DNS resolver: Query: 84.34.19.10.in-addr.arpa. IN PTR DNS resolver: Query: 2.8.0.1.0.2.e.f.f.f.e.5.1.2.2.0.2.2.3.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. IN PTR DNS resolver: No record. Missing reverse record(s) for address(es): 2620:52:0:1322:221:5eff:fe20:1082. Incorrect reverse record(s): 10.19.34.84 is pointing to qe-blade-14.idmqe.lab.eng.bos.redhat.com. instead of 73client.stestrelm.test. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://server68.stestrelm.test/ipa/json' NSSConnection init server68.stestrelm.test Connecting: 10.16.98.186:0 approved_usage = SSL Server intended_usage = SSL Server cert valid True for "CN=server68.stestrelm.test,O=STESTRELM.TEST" handshake complete, peer = 10.16.98.186:443 Protocol: TLS1.2 Cipher: TLS_RSA_WITH_AES_256_CBC_SHA Writing nsupdate commands to /etc/ipa/.dns_update.txt: debug update delete 73client.stestrelm.test. IN SSHFP show send update add 73client.stestrelm.test. 1200 IN SSHFP 1 1 E8F13C7AB5830DDD22272EBAB51D55E13200DC8E update add 73client.stestrelm.test. 1200 IN SSHFP 1 2 2A13DD4AAA729EF3092E0F0123D6D5427DB49EFE4881DE7859809FFA89C14ACF update add 73client.stestrelm.test. 1200 IN SSHFP 3 1 0A3AEED2513B25B539051DBCABD8AC5168517128 update add 73client.stestrelm.test. 1200 IN SSHFP 3 2 07662CCEA76BA85A2FD5A2AE35299BF6B3619FDA89819A691C7A0CC4A41B5A3D update add 73client.stestrelm.test. 1200 IN SSHFP 4 1 EEF019D4A3A6B6FFE1A8C0A1048D9082F6AC7C96 update add 73client.stestrelm.test. 1200 IN SSHFP 4 2 7FDA52219C62BD1CF77507FBBB76EB05EBE96BC7B60442D4E08F49B42B791F35 show send Starting external process args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt Process finished, return code=0 stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY SSHFP Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42108 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1211186824.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 1211186824.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474023154 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4Egdvg9ycwqmpYCWE6KQ8LEBgc oR0LghCMbg8YZt8YI3OPt48EvUROoqEoUNopdhCN/R+IXMZuN0lkyCG/ sv0UtoEf/KV/iuVJNdIBM8RcPRr0VDx1DX0GHiYAFVQqM4A3CiV46fUF zHIJOqj/8ZF/N+IaaOZgcMUzGFBlCmVH0j6anPSBfLeA1NUmflOad/Zx W2nebpwF8TvkiSk0h3AVWsYEvOqBsMGkHy2sKcRycgICHIA/cvsZWuy+ i/KBJKLkR8+79gQqW/ZqGPGD6nbhBd/wacur29MWDJDKdMM= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22837 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 0 ANY SSHFP ;; TSIG PSEUDOSECTION: 1211186824.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQE//////8AAAAANYDinCrrBRSinVDWYLFz3A== 22837 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN SSHFP 1 1 E8F13C7AB5830DDD22272EBAB51D55E13200DC8E 73client.stestrelm.test. 1200 IN SSHFP 1 2 2A13DD4AAA729EF3092E0F0123D6D5427DB49EFE4881DE7859809FFA 89C14ACF 73client.stestrelm.test. 1200 IN SSHFP 3 1 0A3AEED2513B25B539051DBCABD8AC5168517128 73client.stestrelm.test. 1200 IN SSHFP 3 2 07662CCEA76BA85A2FD5A2AE35299BF6B3619FDA89819A691C7A0CC4 A41B5A3D 73client.stestrelm.test. 1200 IN SSHFP 4 1 EEF019D4A3A6B6FFE1A8C0A1048D9082F6AC7C96 73client.stestrelm.test. 1200 IN SSHFP 4 2 7FDA52219C62BD1CF77507FBBB76EB05EBE96BC7B60442D4E08F49B4 2B791F35 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32679 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;2597784398.sig-server68.stestrelm.test. ANY TKEY ;; ADDITIONAL SECTION: 2597784398.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474023154 3 NOERROR 665 YIIClQYJKoZIhvcSAQICAQBuggKEMIICgKADAgEFoQMCAQ6iBwMFACAA AACjggF9YYIBeTCCAXWgAwIBBaEQGw5TVEVTVFJFTE0uVEVTVKIpMCeg AwIBA6EgMB4bA0ROUxsXc2VydmVyNjguc3Rlc3RyZWxtLnRlc3SjggEv MIIBK6ADAgESoQMCAQKiggEdBIIBGdqFssCbSbxcxJ1Novl6Q4I17KTl 9Vsc2VOUPN1YkCKZqYarGeQpRM7ZTUlK0CndOsFkgLvob8Cvsf2XR8Ak PL/Jd79Iugitzux9mm4sfgfnR/lEwXTMgyu3awenomhfYleSHALnWQTa udSxbvUInxbz1rzKsH7j3YZ11UrLm04CLJLDyX5ABYMC+Mc+5x8SsvY0 /ebifI2fs791oiWCNql1F714R4W4AkiHRdmj6dlrLvoVV6yVG1CWBs/9 bZIQI45pI5kTSPW8P7D7BLvEYDlk9/g6hACFjOJQr7T2qsquEgizwK1H 2fNrkGAKLZbUYItwZyAPNCZ1LQeB8zCWTn2fueZw38/UFMI7K5p9kFdG Lzi6VQv11+NppIHpMIHmoAMCARKigd4EgdtlthSBUQ4M2zuFzpOzhJJS 17d8oRiNdaNeRGctazcCAQ278p42YV3hci0MlcnKP2vMZmNBizufXtvL ljid8MH29PQxBhMorLYTCA/IoU1CXMy5YxL3arJW4H+sVNrNdCmQTqkC RzCzb3s4E5jznafMEJCdXZvv6HERFjREDK2J3tZR27HUS279VcdidF8J UdmWu8BEuyvWYCxMdcGIdefrgB5gEn6kVb6kikdxTHFbIaH+wUXvvHLp WR6ANlPVjS6hOAu4rYru7IcUtjGtbMObAQjTsnpxVImUeEc= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 59419 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 6, ADDITIONAL: 1 ;; UPDATE SECTION: 73client.stestrelm.test. 1200 IN SSHFP 1 1 E8F13C7AB5830DDD22272EBAB51D55E13200DC8E 73client.stestrelm.test. 1200 IN SSHFP 1 2 2A13DD4AAA729EF3092E0F0123D6D5427DB49EFE4881DE7859809FFA 89C14ACF 73client.stestrelm.test. 1200 IN SSHFP 3 1 0A3AEED2513B25B539051DBCABD8AC5168517128 73client.stestrelm.test. 1200 IN SSHFP 3 2 07662CCEA76BA85A2FD5A2AE35299BF6B3619FDA89819A691C7A0CC4 A41B5A3D 73client.stestrelm.test. 1200 IN SSHFP 4 1 EEF019D4A3A6B6FFE1A8C0A1048D9082F6AC7C96 73client.stestrelm.test. 1200 IN SSHFP 4 2 7FDA52219C62BD1CF77507FBBB76EB05EBE96BC7B60442D4E08F49B4 2B791F35 ;; TSIG PSEUDOSECTION: 2597784398.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQE//////8AAAAACQJkNCTNy/EYkpqg7oxqFQ== 59419 NOERROR 0 stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55869 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 3600 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023154 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42108 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1211186824.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 1211186824.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474026754 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvjAILQKjhakaltfqoYQ9T5GHoR0Qms+flesM25X0EFWLfd3JJW+ve P3YMSMczWAFHtqYQY+k2mAhJ/i9js1hTLDhwOdNLOvD3bhTg1Cqt0+9P Ebt4rZpkVAiqafXDawYfYKkCLHCDuJuVKN5YOw/H 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22837 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 1211186824.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQF//////8AAAAAEpCNX/cUxbSD0linybI3cg== 22837 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49445 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;73client.stestrelm.test. IN SOA ;; AUTHORITY SECTION: stestrelm.test. 3600 IN SOA server68.stestrelm.test. hostmaster.stestrelm.test. 1474023154 3600 900 1209600 3600 Found zone name: stestrelm.test The master is: server68.stestrelm.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32679 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;2597784398.sig-server68.stestrelm.test. ANY TKEY ;; ANSWER SECTION: 2597784398.sig-server68.stestrelm.test. 0 ANY TKEY gss-tsig. 1474023154 1474026754 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvvUVFeAkxRbCiMrMdpM3hb0jLCFcd0Iv/1SEZAn2fpr791Kteonmq osyOVQwvPOpWlzHmTF1pFgymxntAfp6tVOlmibSaZLQ/QqfbGHB6i2AQ a0LAQV66raDOerJIBI2xh6LQFPNC39ZoR8zJzltg 0 Sending update to 10.16.98.186#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 59419 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;stestrelm.test. IN SOA ;; TSIG PSEUDOSECTION: 2597784398.sig-server68.stestrelm.test. 0 ANY TSIG gss-tsig. 1474023154 300 28 BAQF//////8AAAAADlzzBCnzszje45VRNY9GSA== 59419 NOERROR 0 Starting external process args=/bin/systemctl list-unit-files --full Process finished, return code=0 stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static . . systemd-tmpfiles-clean.timer static 285 unit files listed. stderr= Starting external process args=/bin/systemctl list-unit-files --full Process finished, return code=0 stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static . . systemd-tmpfiles-clean.timer static 285 unit files listed. stderr= Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd Process finished, return code=0 stdout= stderr= SSSD enabled Starting external process args=/bin/systemctl restart sssd.service Process finished, return code=0 stdout= stderr= Starting external process args=/bin/systemctl is-active sssd.service Process finished, return code=0 stdout=active stderr= Starting external process args=/bin/systemctl enable sssd.service Process finished, return code=0 stdout= stderr= Backing up system configuration file '/etc/openldap/ldap.conf' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured /etc/openldap/ldap.conf Starting external process args=getent passwd admin Process finished, return code=0 stdout=admin:*:414600000:414600000:Administrator:/home/admin:/bin/bash stderr= Backing up system configuration file '/etc/ssh/ssh_config' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Configured /etc/ssh/ssh_config Backing up system configuration file '/etc/ssh/sshd_config' Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' Starting external process args=sshd -t -f /dev/null -o AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys -o AuthorizedKeysCommandUser=nobody Process finished, return code=0 stdout= stderr=Could not load host key: /etc/ssh/ssh_host_dsa_key Configured /etc/ssh/sshd_config Starting external process args=/bin/systemctl is-active sshd.service Process finished, return code=0 stdout=active stderr= Starting external process args=/bin/systemctl restart sshd.service Process finished, return code=0 stdout= stderr= Starting external process args=/bin/systemctl is-active sshd.service Process finished, return code=0 stdout=active stderr= Configuring stestrelm.test as NIS domain. Starting external process args=/usr/bin/nisdomainname Process finished, return code=1 stdout=nisdomainname: Local domain name not set stderr= Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args=/bin/systemctl is-enabled rhel-domainname.service Process finished, return code=1 stdout=disabled stderr= Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' Starting external process args=/usr/sbin/authconfig --update --nisdomain stestrelm.test Process finished, return code=0 stdout= stderr= Starting external process args=/bin/systemctl enable rhel-domainname.service Process finished, return code=0 stdout= stderr=Created symlink from /etc/systemd/system/sysinit.target.wants/rhel-domainname.service to /usr/lib/systemd/system/rhel-domainname.service. Starting external process args=/bin/systemctl restart rhel-domainname.service Process finished, return code=0 stdout= stderr= Starting external process args=/bin/systemctl is-active rhel-domainname.service Process finished, return code=0 stdout=active stderr= Client configuration complete. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |