Created attachment 737662 [details] logs Running realm join --user=admin $DOMAIN I got after entering admin's password: realm: Couldn't join realm: Running ipa-client-install failed From ipaclient-install.log: 2013-04-19T14:40:52Z DEBUG Starting external process 2013-04-19T14:40:52Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd 2013-04-19T14:40:52Z DEBUG Process execution failed After running /usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd manually: [root@vm-050 ~]# /usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd [root@vm-050 ~]# echo $? 0 However, realmd reports that host is already joined to the domain [root@vm-050 ~]# realm join --user=admin $DOMAINrealm: Already joined to this domain This is correct however, IPA server reports that host is joined.
Leaving the realm fails with the following: realm: Couldn't leave realm: Running ipa-client-install failed From the log: 2013-04-19T15:12:25Z DEBUG stderr= 2013-04-19T15:12:25Z DEBUG Starting external process 2013-04-19T15:12:25Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb -n IPA Machine Certificate - vm-050.idm.lab.eng.brq.redhat.com 2013-04-19T15:12:25Z DEBUG Process finished, return code=255 2013-04-19T15:12:25Z DEBUG stdout= 2013-04-19T15:12:25Z DEBUG stderr=certutil: Could not find cert: IPA Machine Certificate - vm-050.idm.lab.eng.brq.redhat.com : File not found 2013-04-19T15:12:25Z DEBUG Starting external process 2013-04-19T15:12:25Z DEBUG args=/bin/systemctl stop certmonger.service 2013-04-19T15:12:25Z DEBUG Process finished, return code=0 2013-04-19T15:12:25Z DEBUG stdout= 2013-04-19T15:12:25Z DEBUG stderr= 2013-04-19T15:12:29Z DEBUG Starting external process 2013-04-19T15:12:29Z DEBUG args=/bin/systemctl disable certmonger.service 2013-04-19T15:12:29Z DEBUG Process finished, return code=0 2013-04-19T15:12:29Z DEBUG stdout= 2013-04-19T15:12:29Z DEBUG stderr= 2013-04-19T15:12:29Z INFO Unenrolling client from IPA server 2013-04-19T15:12:30Z DEBUG Starting external process 2013-04-19T15:12:30Z DEBUG args=/usr/sbin/ipa-join --unenroll -h vm-050.idm.lab.eng.brq.redhat.com 2013-04-19T15:12:30Z DEBUG Process finished, return code=181 2013-04-19T15:12:30Z DEBUG stdout= 2013-04-19T15:12:30Z DEBUG stderr=Error obtaining initial credentials: Key table entry not found. 2013-04-19T15:12:30Z ERROR Unenrolling host failed: Error obtaining initial credentials: Key table entry not found. 2013-04-19T15:12:30Z INFO Removing Kerberos service principals from /etc/krb5.keytab 2013-04-19T15:12:30Z DEBUG Starting external process 2013-04-19T15:12:30Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IDM.LAB.ENG.BRQ.REDHAT.COM 2013-04-19T15:12:30Z DEBUG Process finished, return code=5 2013-04-19T15:12:30Z DEBUG stdout= 2013-04-19T15:12:30Z DEBUG stderr=realm not found 2013-04-19T15:12:30Z ERROR Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IDM.LAB.ENG.BRQ.REDHAT.COM' returned non-zero exit status 5 2013-04-19T15:12:30Z INFO Disabling client Kerberos and LDAP configurations 2013-04-19T15:12:30Z DEBUG Starting external process 2013-04-19T15:12:30Z DEBUG args=/usr/sbin/authconfig --disablekrb5 --disablesssd --update --disablemkhomedir --disableldap --disablesssdauth 2013-04-19T15:12:30Z DEBUG Process execution failed 2013-04-19T15:12:30Z ERROR Failed to remove krb5/LDAP configuration: [Errno 13] Permission denied
Does the same sequence of the IPA commands works in case of direct invocation via script without realmd?
This is fixed by selinux-policy-3.12.1-34.fc19 http://koji.fedoraproject.org/koji/buildinfo?buildID=412811 Please reopen if temporarily disabling SELinux does not solve this issue: setenforce permissive *** This bug has been marked as a duplicate of bug 953286 ***