This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 818313 - el5 ipa-client cannot enroll in 2.2 server
el5 ipa-client cannot enroll in 2.2 server
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipa-client (Show other bugs)
5.8
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
: ZStream
Depends On: 816693
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-02 14:01 EDT by RHEL Product and Program Management
Modified: 2012-08-10 08:56 EDT (History)
7 users (show)

See Also:
Fixed In Version: ipa-client-2.1.3-2.el5_8
Doc Type: Bug Fix
Doc Text:
If the client requested keys for encryption types that the server did not support, and the requested key was not returned, the ipa-getkeytab utility, and consequently the client enrollment, failed. With this update, the ipa-getkeytab utility has been modified to no longer fail if the key is not retrieved; a warning message is now displayed instead.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-21 16:56:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description RHEL Product and Program Management 2012-05-02 14:01:05 EDT
This bug has been copied from bug #816693 and has been proposed
to be backported to 5.8 z-stream (EUS).
Comment 4 Rob Crittenden 2012-05-04 13:32:55 EDT
Patch backported from 5.9.
Comment 6 Jenny Galipeau 2012-05-09 16:34:09 EDT
test pass:
  x86_64 ipa-client join ipa-server on i386 platform

[root@fushcia (RH5.8-x86_64) yi] ipa-client-install 
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com): yzhang.redhat.com
DNS discovery failed to find the IPA Server
Provide your IPA server name (ex: ipa.example.com): coconut.yzhang.redhat.com

The failure to use DNS to find your IPA server indicates that your
resolv.conf file is not properly configured.

Autodiscovery of servers for failover cannot work with this configuration.

If you proceed with the installation, services will be configured to always
access the discovered server for all operation and will not fail over to
other servers in case of failure.

Proceed with fixed values and no DNS discovery? [no]: yes
Hostname: fushcia.yzhang.redhat.com
Realm: YZHANG.REDHAT.COM
DNS Domain: yzhang.redhat.com
IPA Server: coconut.yzhang.redhat.com
BaseDN: dc=yzhang,dc=redhat,dc=com


Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@YZHANG.REDHAT.COM: 

Enrolled in IPA realm YZHANG.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM
Failed to stop the nscd daemon
SSSD enabled
NTP enabled
Client configuration complete.
[root@fushcia (RH5.8-x86_64) yi] kinit admin
Password for admin@YZHANG.REDHAT.COM: 
[root@fushcia (RH5.8-x86_64) yi] klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@YZHANG.REDHAT.COM

Valid starting     Expires            Service principal
05/08/12 10:21:23  05/09/12 10:21:20 
krbtgt/YZHANG.REDHAT.COM@YZHANG.REDHAT.COM


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@fushcia (RH5.8-x86_64) yi] id admin
uid=312000001(admin) gid=31200000(admins) groups=31200000(admins)
context=user_u:system_r:unconfined_t
Comment 7 Eliska Slobodova 2012-05-21 10:59:59 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
If the client requested keys for encryption types that the server did not support, and the requested key was not returned, the ipa-getkeytab utility, and consequently the client enrollment, failed. With this update, the ipa-getkeytab utility has been modified to no longer fail if the key is not retrieved; a warning message is now displayed instead.
Comment 9 errata-xmlrpc 2012-05-21 16:56:42 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0684.html

Note You need to log in before you can comment on or make changes to this bug.