Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira ( If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1646747 - 6.4 snap25 bug joining a realm on kickstart
Summary: 6.4 snap25 bug joining a realm on kickstart
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Provisioning Templates
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: 6.4.1
Assignee: satellite6-bugs
QA Contact: Sanket Jagtap
: 1651643 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2018-11-05 22:51 UTC by Mike McCune
Modified: 2021-12-10 18:10 UTC (History)
12 users (show)

Fixed In Version: foreman-
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1635680
Last Closed: 2018-12-06 22:32:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 25117 0 None None None 2018-11-05 22:51:44 UTC
Red Hat Product Errata RHBA-2018:3799 0 None None None 2018-12-06 22:33:26 UTC

Comment 3 Sanket Jagtap 2018-11-16 13:57:19 UTC
Build: Satellite 6.4.1

host was provisioned with a realm proxy and was successfully enrolled

hammer host info --id 2
Id:                       2
UUID:                     501e07bb-7c13-2767-d346-bc1ae15d5396
Name:                     daisy-figueira.domain
Organization:             Default Organization
Location:                 Default Location
Host Group:               rhel7_hstgrp
Compute Resource:         vmware
Compute Profile:          2-Medium
Puppet Environment:       production
Puppet CA Proxy:          qe-sat6-feature-rhel7.domain
Puppet Master Proxy:      qe-sat6-feature-rhel7.domain
Cert name:                daisy-figueira.domain
Managed:                  yes
Installed at:             2018/11/16 13:44:26
Last report:              2018/11/16 13:45:25
    IPv4 address:
    IPv6 address: 2620:52:0:86f:250:56ff:fe9e:683b
    MAC:          00:50:56:9e:68:3b
    Subnet ipv4:  Default Subnet
    Domain:       domain
Network interfaces:       
 1) Id:           2
    Identifier:   ens160
    Type:         interface (primary, provision)
    MAC address:  00:50:56:9e:68:3b
    IPv4 address:
    IPv6 address: 2620:52:0:86f:
    FQDN:         daisy-figueira.domain
Operating system:         
    Architecture:           x86_64
    Operating System:       RHEL Server 7.6
    Build:                  no
    Partition Table:        Kickstart default
    PXE Loader:             PXELinux BIOS
    Custom partition table:

All parameters:           
    kt_activation_keys => rhel7_ak
    enable-puppet5 => true
    enable-epel => false
Additional info:          
    Owner:      Admin User
    Owner Type: User
    Enabled:    yes
    Model:      VMware Virtual Platform
OpenSCAP Proxy:           1
Content Information:      
    Content View:          
        ID:   2
        Name: rhel7_cv
    Lifecycle Environment: 
        ID:   2
        Name: DEV
    Content Source:        
        ID:   1
        Name: qe-sat6-feature-rhel7.domain
    Kickstart Repository:  
    Applicable Packages:   0
    Upgradable Packages:   0
    Applicable Errata:     
        Enhancement: 0
        Bug Fix:     0
        Security:    0
Subscription Information: 
    UUID:                          46927e9d-7c71-44f1-8590-b6f823788f61
    Last Checkin:                  2018-11-16 13:44:10 UTC
    Service Level:                 
    Release Version:               
    Autoheal:                      true
    Registered To:                 qe-sat6-feature-rhel7.domain
    Registered At:                 2018-11-16 13:38:02 UTC
    Registered by Activation Keys: 
     1) rhel7_ak
Host Collections:

Discovery was successful!
Client hostname: daisy-figueira.domain
Realm: domain
DNS Domain: domain
IPA Server: qe-sat6-ipa.domain
BaseDN: dc=domain,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com
Skipping synchronizing time with NTP server.
Downloading the CA certificate via HTTP, this is INSECURE
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=domain
    Issuer:      CN=Certificate Authority,O=domain
    Valid From:  2016-03-17 17:17:12
    Valid Until: 2036-03-17 17:17:12

Enrolled in IPA realm domain
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm domain
trying https://qe-sat6-ipa.domain/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://qe-sat6-ipa.domain/ipa/json'
trying https://qe-sat6-ipa.domain/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
Systemwide CA database updated.
Hostname (daisy-figueira.domain) does not have A/AAAA record.
Missing reverse record(s) for address(es): 2620:52:0:86f:250:56ff:fe9e:683b.
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
[try 1]: Forwarding 'host_mod' to json server 'https://qe-sat6-ipa.domain/ipa/session/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Principal is not set when enrolling with OTP; using principal 'admin@domain' for 'getent passwd'
Unable to find 'admin' user with 'getent passwd admin@domain'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring domain as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd 

[root@daisy-figueira ~]# id realm-proxy
uid=632600001(realm-proxy) gid=632600001(realm-proxy) groups=632600001(realm-proxy)
[root@daisy-figueira ~]# id admin
uid=632600000(admin) gid=632600000(admins) groups=632600000(admins)

Host is successfully enrolled

Comment 4 Evgeni Golov 2018-11-20 13:36:38 UTC
*** Bug 1651643 has been marked as a duplicate of this bug. ***

Comment 6 errata-xmlrpc 2018-12-06 22:32:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.