Description of problem: Running ipa-client-install in RHEL5.1 + RHEL5.9 ipa-client packages fails with the following message: ... 2013-07-08 11:07:56,290 DEBUG args=kinit admin.GSNET.CORP 2013-07-08 11:07:56,290 DEBUG stdout=Password for admin.GSNET.CORP: 2013-07-08 11:07:56,290 DEBUG stderr=winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared file: /v ar/run/pcscd.pub 2013-07-08 11:07:56,291 DEBUG trying to retrieve CA cert via LDAP from ldap://vmlbcipal01.idm.lvtc.gsnet.corp 2013-07-08 11:07:56,433 DEBUG get_ca_cert_from_ldap() error: Local error SASL(-1): generic failure: GSSAPI Error: Uns pecified GSS failure. Minor code may provide more information (Unknown code krb5 7) 2013-07-08 11:07:56,433 DEBUG {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 7)', 'desc': 'Local error'} 2013-07-08 11:07:56,434 ERROR Cannot obtain CA certificate 'ldap://vmlbcipal01.idm.lvtc.gsnet.corp' doesn't have a certificate. 2013-07-08 11:07:56,446 DEBUG args=kdestroy 2013-07-08 11:07:56,447 DEBUG stdout= 2013-07-08 11:07:56,447 DEBUG stderr= ... Version-Release number of selected component (if applicable): ipa-client-2.1.3-5.el5_9.2.x86_64.rpm How reproducible: Try to enroll a RHEL5.1 client with RHEL5.9 ipa-client packages Steps to Reproduce: 1. Install RHEL5.1 2. Install ipa-client packages from RHEL5.9 3. Run ipa-client-install Actual results: ... 2013-07-08 11:07:56,290 DEBUG args=kinit admin.GSNET.CORP 2013-07-08 11:07:56,290 DEBUG stdout=Password for admin.GSNET.CORP: 2013-07-08 11:07:56,290 DEBUG stderr=winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared file: /v ar/run/pcscd.pub 2013-07-08 11:07:56,291 DEBUG trying to retrieve CA cert via LDAP from ldap://vmlbcipal01.idm.lvtc.gsnet.corp 2013-07-08 11:07:56,433 DEBUG get_ca_cert_from_ldap() error: Local error SASL(-1): generic failure: GSSAPI Error: Uns pecified GSS failure. Minor code may provide more information (Unknown code krb5 7) 2013-07-08 11:07:56,433 DEBUG {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 7)', 'desc': 'Local error'} 2013-07-08 11:07:56,434 ERROR Cannot obtain CA certificate 'ldap://vmlbcipal01.idm.lvtc.gsnet.corp' doesn't have a certificate. 2013-07-08 11:07:56,446 DEBUG args=kdestroy 2013-07-08 11:07:56,447 DEBUG stdout= 2013-07-08 11:07:56,447 DEBUG stderr= ... Expected results: ipa-client-install execution succesfully Additional info: Removing pcsc-lite and re-running ipa-client-install works fine
I tested with ipa-client-2.1.3-7.el5 and pcsc-lite-1.4.4-4.el5_5 and installation worked fine for me. I think that the possible problem in your case may be the mixed RHEL-5.1 and RHEL-5.9 environment. Anyway, moving to krb5 component as according to log, it's kinit that's failing.
krb5 error 7 is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, which is an error that comes form a KDC. What error was logged in the KDC's krb5kdc.log at this time?
Marking as closed due to insufficient data.