Build: Satellite 6.4.1

host was provisioned with a realm proxy and was successfully enrolled

hammer host info --id 2
Id:                       2
UUID:                     501e07bb-7c13-2767-d346-bc1ae15d5396
Name:                     daisy-figueira.domain
Organization:             Default Organization
Location:                 Default Location
Host Group:               rhel7_hstgrp
Compute Resource:         vmware
Compute Profile:          2-Medium
Puppet Environment:       production
Puppet CA Proxy:          qe-sat6-feature-rhel7.domain
Puppet Master Proxy:      qe-sat6-feature-rhel7.domain
Cert name:                daisy-figueira.domain
Managed:                  yes
Installed at:             2018/11/16 13:44:26
Last report:              2018/11/16 13:45:25
Network:                  
    IPv4 address: 0.0.0.157
    IPv6 address: 2620:52:0:86f:250:56ff:fe9e:683b
    MAC:          00:50:56:9e:68:3b
    Subnet ipv4:  Default Subnet
    Domain:       domain
Network interfaces:       
 1) Id:           2
    Identifier:   ens160
    Type:         interface (primary, provision)
    MAC address:  00:50:56:9e:68:3b
    IPv4 address: 0.0.0.157
    IPv6 address: 2620:52:0:86f:
    FQDN:         daisy-figueira.domain
Operating system:         
    Architecture:           x86_64
    Operating System:       RHEL Server 7.6
    Build:                  no
    Partition Table:        Kickstart default
    PXE Loader:             PXELinux BIOS
    Custom partition table:
Parameters:               

All parameters:           
    kt_activation_keys => rhel7_ak
    enable-puppet5 => true
    enable-epel => false
Additional info:          
    Owner:      Admin User
    Owner Type: User
    Enabled:    yes
    Model:      VMware Virtual Platform
    Comment:
OpenSCAP Proxy:           1
Content Information:      
    Content View:          
        ID:   2
        Name: rhel7_cv
    Lifecycle Environment: 
        ID:   2
        Name: DEV
    Content Source:        
        ID:   1
        Name: qe-sat6-feature-rhel7.domain
    Kickstart Repository:  
        ID:   
        Name:
    Applicable Packages:   0
    Upgradable Packages:   0
    Applicable Errata:     
        Enhancement: 0
        Bug Fix:     0
        Security:    0
Subscription Information: 
    UUID:                          46927e9d-7c71-44f1-8590-b6f823788f61
    Last Checkin:                  2018-11-16 13:44:10 UTC
    Service Level:                 
    Release Version:               
    Autoheal:                      true
    Registered To:                 qe-sat6-feature-rhel7.domain
    Registered At:                 2018-11-16 13:38:02 UTC
    Registered by Activation Keys: 
     1) rhel7_ak
Host Collections:

psotinstall.log:
Discovery was successful!
Client hostname: daisy-figueira.domain
Realm: domain
DNS Domain: domain
IPA Server: qe-sat6-ipa.domain
BaseDN: dc=domain,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com
Skipping synchronizing time with NTP server.
Downloading the CA certificate via HTTP, this is INSECURE
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=domain
    Issuer:      CN=Certificate Authority,O=domain
    Valid From:  2016-03-17 17:17:12
    Valid Until: 2036-03-17 17:17:12

Enrolled in IPA realm domain
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm domain
trying https://qe-sat6-ipa.domain/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://qe-sat6-ipa.domain/ipa/json'
trying https://qe-sat6-ipa.domain/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
Systemwide CA database updated.
Hostname (daisy-figueira.domain) does not have A/AAAA record.
Missing reverse record(s) for address(es): 2620:52:0:86f:250:56ff:fe9e:683b.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Principal is not set when enrolling with OTP; using principal 'admin@domain' for 'getent passwd'
Unable to find 'admin' user with 'getent passwd admin@domain'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring domain as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd 

[root@daisy-figueira ~]# id realm-proxy
uid=632600001(realm-proxy) gid=632600001(realm-proxy) groups=632600001(realm-proxy)
[root@daisy-figueira ~]# id admin
uid=632600000(admin) gid=632600000(admins) groups=632600000(admins)


Host is successfully enrolled

*** Bug 1651643 has been marked as a duplicate of this bug. ***

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3799