View Issue Details

IDProjectCategoryView StatusLast Update
0004984Rocky-Linux-9ipapublic2024-11-27 01:47
ReporterSergei Ser Assigned ToLouis Abel  
PriorityhighSeverityblockReproducibilityalways
Status closedResolutionfixed 
Summary0004984: ipa client 4.10.2 - Failed to obtain host TGT
DescriptionHello!
- Rocky 9.3 and ipa-client 4.10.2 - I can't join the domain - ERROR Failed to obtain host TGT: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639122): Pre-authentication failed: Invalid argument

- Rocky 9.0, 9.1, 9.2 and ipa-client 4.10.2 - Joins the domain without problems

All credentials entered are correct.


2023-12-08T08:32:29Z INFO Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
2023-12-08T08:32:29Z ERROR Failed to obtain host TGT: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639122): Pre-authentication failed: Invalid argument
2023-12-08T08:32:29Z ERROR Installation failed. Rolling back changes.
2023-12-08T08:32:29Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:32:29Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:29Z DEBUG Starting external process
2023-12-08T08:32:29Z DEBUG args=['/usr/sbin/ipa-client-automount', '--uninstall', '--debug']
2023-12-08T08:32:30Z DEBUG Process finished, return code=2
2023-12-08T08:32:30Z DEBUG stdout=IPA client is not configured on this system
TagsNo tags attached.

Activities

Louis Abel

Louis Abel

2023-12-08 09:04

administrator   ~0005281

Last edited: 2023-12-08 09:16

Thank you for the report.

In our own testing, we have been able to successfully join Rocky Linux 8.9/9.3, Fedora 39, CentOS Stream 8 and 9 to a 9.3 domain (ipa version 4.10.2-4.el9_3.1) without any issues.

Please provide the following information:

# IPA server
cat /etc/os-release
rpm -q krb5-libs
rpm -q ipa-server
rpm -q sssd
update-crypto-policies --show
grep <hostname of ipa client> /var/log/krb5kdc.log

# IPA client
Please attach a sanitized /var/log/ipaclient-install.log
Sergei Ser

Sergei Ser

2023-12-08 11:00

reporter   ~0005282

# IPA server

1) cat /etc/os-release

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"


2) rpm -q krb5-libs
krb5-libs-1.15.1-46.el7.x86_64

3) rpm -q ipa-server
ipa-server-4.6.6-11.el7.centos.x86_64

4) rpm -q sssd
sssd-1.16.4-37.el7_8.3.x86_64


5)update-crypto-policies --show
not using

6) grep <hostname of ipa client> /var/log/krb5kdc.log

Dec 08 11:32:29 dc01 krb5kdc[2085](info): AS_REQ (4 etypes {20 19 18 17}) ip: NEEDED_PREAUTH: host/inf-my-tt@domain for krbtgt/domain@domain, Additional pre-authentication required
Dec 08 11:32:29 dc01 krb5kdc[2085](info): AS_REQ (4 etypes {20 19 18 17}) ip: NEEDED_PREAUTH: host/inf-my-tt@domain for krbtgt/domain@domain, Additional pre-authentication required
ipaclient-install.log (83,819 bytes)   
2023-12-08T08:31:45Z DEBUG Logging to /var/log/ipaclient-install.log
2023-12-08T08:31:45Z DEBUG ipa-client-install was invoked with arguments [] and options: {'unattended': False, 'principal': None, 'prompt_password': False, 'on_master': False, 'ca_cert_files': None, 'force': False, 'configure_firefox': False, 'firefox_dir': None, 'keytab': None, 'mkhomedir': False, 'force_join': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'nisdomain': None, 'no_nisdomain': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_sudo': False, 'subid': False, 'no_dns_sshfp': False, 'kinit_attempts': None, 'request_cert': False, 'ip_addresses': None, 'all_ip_addresses': False, 'fixed_primary': False, 'permit': False, 'enable_dns_updates': False, 'no_krb5_offline_passwords': False, 'preserve_sssd': False, 'pkinit_identity': None, 'pkinit_anchors': None, 'automount_location': None, 'domain_name': None, 'servers': None, 'realm_name': None, 'host_name': None, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False}
2023-12-08T08:31:45Z DEBUG IPA version 4.10.2-4.el9_3.1
2023-12-08T08:31:45Z DEBUG IPA platform rhel
2023-12-08T08:31:45Z DEBUG IPA os-release Rocky Linux 9.3 (Blue Onyx)
2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['/usr/sbin/selinuxenabled']
2023-12-08T08:31:45Z DEBUG Process finished, return code=0
2023-12-08T08:31:45Z DEBUG stdout=
2023-12-08T08:31:45Z DEBUG stderr=
2023-12-08T08:31:45Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:31:45Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:45Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service']
2023-12-08T08:31:45Z DEBUG Process finished, return code=1
2023-12-08T08:31:45Z DEBUG stdout=
2023-12-08T08:31:45Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory

2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service']
2023-12-08T08:31:45Z DEBUG Process finished, return code=3
2023-12-08T08:31:45Z DEBUG stdout=inactive

2023-12-08T08:31:45Z DEBUG stderr=
2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service']
2023-12-08T08:31:45Z DEBUG Process finished, return code=1
2023-12-08T08:31:45Z DEBUG stdout=
2023-12-08T08:31:45Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory

2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service']
2023-12-08T08:31:45Z DEBUG Process finished, return code=3
2023-12-08T08:31:45Z DEBUG stdout=inactive

2023-12-08T08:31:45Z DEBUG stderr=
2023-12-08T08:31:45Z DEBUG Starting external process
2023-12-08T08:31:45Z DEBUG args=['sudo', '-V']
2023-12-08T08:31:45Z DEBUG Process finished, return code=0
2023-12-08T08:31:45Z DEBUG stdout=Sudo version 1.9.5p2
Configure options: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo --disable-openssl --disable-root-mailer --disable-log-server --disable-log-client --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf --with-selinux --with-passprompt=[sudo] password for %p:  --enable-python --with-linux-audit --with-sssd
Sudoers policy plugin version 1.9.5p2
Sudoers file grammar version 48

Sudoers path: /etc/sudoers
nsswitch path: /etc/nsswitch.conf
ldap.conf path: /etc/sudo-ldap.conf
ldap.secret path: /etc/ldap.secret
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5.0 minutes
Password prompt timeout: 5.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to lecture status dir: /var/db/sudo/lectured
Path to authentication timestamp dir: /run/sudo/ts
Default password prompt: [sudo] password for %p: 
Default user to run commands as: root
Value to override user's $PATH with: /sbin:/bin:/usr/sbin:/usr/bin
Path to the editor for use by visudo: /bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for safety:
	TZ
	TERM
	LINGUAS
	LC_*
	LANGUAGE
	LANG
	COLORTERM
Environment variables to remove:
	*=()*
	RUBYOPT
	RUBYLIB
	PYTHONUSERBASE
	PYTHONINSPECT
	PYTHONPATH
	PYTHONHOME
	TMPPREFIX
	ZDOTDIR
	READNULLCMD
	NULLCMD
	FPATH
	PERL5DB
	PERL5OPT
	PERL5LIB
	PERLLIB
	PERLIO_DEBUG
	JAVA_TOOL_OPTIONS
	SHELLOPTS
	BASHOPTS
	GLOBIGNORE
	PS4
	BASH_ENV
	ENV
	TERMCAP
	TERMPATH
	TERMINFO_DIRS
	TERMINFO
	_RLD*
	LD_*
	PATH_LOCALE
	NLSPATH
	HOSTALIASES
	RES_OPTIONS
	LOCALDOMAIN
	CDPATH
	IFS
Environment variables to preserve:
	XAUTHORITY
	_XKB_CHARSET
	LINGUAS
	LANGUAGE
	LC_ALL
	LC_TIME
	LC_TELEPHONE
	LC_PAPER
	LC_NUMERIC
	LC_NAME
	LC_MONETARY
	LC_MESSAGES
	LC_MEASUREMENT
	LC_IDENTIFICATION
	LC_COLLATE
	LC_CTYPE
	LC_ADDRESS
	LANG
	USERNAME
	QTDIR
	PS2
	PS1
	MAIL
	LS_COLORS
	KDEDIR
	HISTSIZE
	HOSTNAME
	DISPLAY
	COLORS
Locale to use while parsing sudoers: C
Compress I/O logs using zlib
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use: sudo
PAM service name to use for login shells: sudo-i
Attempt to establish PAM credentials for the target user
Create a new PAM session for the command to run in
Perform PAM account validation management
Enable sudoers netgroup support
Check parent directories for writability when editing files with sudoedit
Query the group plugin for unknown system groups
Allow commands to be run even if sudo cannot write to the audit log
Allow commands to be run even if sudo cannot write to the log file
Resolve groups in sudoers and match on the group ID, not the name
Log entries larger than this value will be split into multiple syslog messages: 960
File mode to use for the I/O log files: 0600
Execute commands by file descriptor instead of by path: digest_only
Type of authentication timestamp record: tty
Ignore case when matching user names
Ignore case when matching group names
Log when a command is allowed by sudoers
Log when a command is denied by sudoers
Sudo log server timeout in seconds: 30
Enable SO_KEEPALIVE socket option on the socket connected to the logserver
Verify that the log server's certificate is valid
Set the pam remote user to the user running sudo
The format of logs to produce: sudo
Enable SELinux RBAC support

Local IP address and netmask pairs:
	ip/255.255.254.0
	fe80::250:56ff:fea3:b1aa/ffff:ffff:ffff:ffff::

Sudoers I/O plugin version 1.9.5p2
Sudoers audit plugin version 1.9.5p2

2023-12-08T08:31:45Z DEBUG stderr=
2023-12-08T08:31:45Z DEBUG [IPA Discovery]
2023-12-08T08:31:45Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=inf-my-tt.domain
2023-12-08T08:31:45Z DEBUG Start searching for LDAP SRV record in "domain" (domain of the hostname) and its sub-domains
2023-12-08T08:31:45Z DEBUG Search DNS for SRV record of _ldap._tcp.domain
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc01.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc02.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc03-dmz.domain.
2023-12-08T08:31:45Z DEBUG [Kerberos realm search]
2023-12-08T08:31:45Z DEBUG Search DNS for TXT record of _kerberos.domain
2023-12-08T08:31:45Z DEBUG DNS record found: "domain"
2023-12-08T08:31:45Z DEBUG Search DNS for SRV record of _kerberos._udp.domain
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 88 dc01.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 88 dc03-dmz.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 88 dc02.domain.
2023-12-08T08:31:45Z DEBUG [LDAP server check]
2023-12-08T08:31:45Z DEBUG Verifying that dc01.domain (realm domain) is an IPA server
2023-12-08T08:31:45Z DEBUG Init LDAP connection to: ldap://dc01.domain:389
2023-12-08T08:31:45Z DEBUG Search LDAP server for IPA base DN
2023-12-08T08:31:45Z DEBUG Check if naming context 'dc=ipa,dc=mont,dc=ru' is for IPA
2023-12-08T08:31:45Z DEBUG Naming context 'dc=ipa,dc=mont,dc=ru' is a valid IPA context
2023-12-08T08:31:45Z DEBUG Search for (objectClass=krbRealmContainer) in dc=ipa,dc=mont,dc=ru (sub)
2023-12-08T08:31:45Z DEBUG Found: cn=domain,cn=kerberos,dc=ipa,dc=mont,dc=ru
2023-12-08T08:31:45Z DEBUG Discovery result: Success; server=dc01.domain, domain=domain, kdc=dc01.domain,dc03-dmz.domain,dc02.domain, basedn=dc=ipa,dc=mont,dc=ru
2023-12-08T08:31:45Z DEBUG Validated servers: dc01.domain
2023-12-08T08:31:45Z DEBUG will use discovered domain: domain
2023-12-08T08:31:45Z DEBUG Start searching for LDAP SRV record in "domain" (Validating DNS Discovery) and its sub-domains
2023-12-08T08:31:45Z DEBUG Search DNS for SRV record of _ldap._tcp.domain
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc02.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc03-dmz.domain.
2023-12-08T08:31:45Z DEBUG DNS record found: 0 100 389 dc01.domain.
2023-12-08T08:31:45Z DEBUG DNS validated, enabling discovery
2023-12-08T08:31:45Z DEBUG will use discovered server: dc01.domain
2023-12-08T08:31:45Z INFO Discovery was successful!
2023-12-08T08:31:47Z DEBUG will use discovered realm: domain
2023-12-08T08:31:47Z DEBUG will use discovered basedn: dc=ipa,dc=mont,dc=ru
2023-12-08T08:31:47Z INFO Client hostname: inf-my-tt.domain
2023-12-08T08:31:47Z DEBUG Hostname source: Machine's FQDN
2023-12-08T08:31:47Z INFO Realm: domain
2023-12-08T08:31:47Z DEBUG Realm source: Discovered from LDAP DNS records in dc01.domain
2023-12-08T08:31:47Z INFO DNS Domain: domain
2023-12-08T08:31:47Z DEBUG DNS Domain source: Discovered LDAP SRV records from domain (domain of the hostname)
2023-12-08T08:31:47Z INFO IPA Server: dc01.domain
2023-12-08T08:31:47Z DEBUG IPA Server source: Discovered from LDAP DNS records in dc01.domain
2023-12-08T08:31:47Z INFO BaseDN: dc=ipa,dc=mont,dc=ru
2023-12-08T08:31:47Z DEBUG BaseDN source: From IPA server ldap://dc01.domain:389
2023-12-08T08:31:48Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:31:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:48Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/usr/sbin/ipa-rmkeytab', '-k', '/etc/krb5.keytab', '-r', 'domain']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=Removing principal host/inf-my-tt.domain@domain

2023-12-08T08:31:48Z INFO Removed old keys for realm domain from /etc/krb5.keytab
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=1
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory

2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=3
2023-12-08T08:31:48Z DEBUG stdout=inactive

2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=1
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory

2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=3
2023-12-08T08:31:48Z DEBUG stdout=inactive

2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Search DNS for SRV record of _ntp._udp.domain
2023-12-08T08:31:48Z DEBUG DNS record found: 0 100 123 dc02.domain.
2023-12-08T08:31:48Z DEBUG DNS record found: 0 100 123 dc03-dmz.domain.
2023-12-08T08:31:48Z DEBUG DNS record found: 0 100 123 dc01.domain.
2023-12-08T08:31:48Z DEBUG Found DNS record for NTP server: 	dc02.domain
2023-12-08T08:31:48Z DEBUG Found DNS record for NTP server: 	dc03-dmz.domain
2023-12-08T08:31:48Z DEBUG Found DNS record for NTP server: 	dc01.domain
2023-12-08T08:31:48Z INFO Synchronizing time
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'chronyd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=1
2023-12-08T08:31:48Z DEBUG stdout=disabled

2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:48Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:31:48Z DEBUG Configuring chrony
2023-12-08T08:31:48Z DEBUG Setting time servers:
2023-12-08T08:31:48Z DEBUG 'dc02.domain'
2023-12-08T08:31:48Z DEBUG 'dc03-dmz.domain'
2023-12-08T08:31:48Z DEBUG 'dc01.domain'
2023-12-08T08:31:48Z DEBUG Backing up '/etc/chrony.conf'
2023-12-08T08:31:48Z DEBUG Backing up system configuration file '/etc/chrony.conf'
2023-12-08T08:31:48Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:31:48Z DEBUG Writing configuration to '/etc/chrony.conf'
2023-12-08T08:31:48Z INFO Configuration of chrony was changed by installer.
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/usr/sbin/selinuxenabled']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/sbin/restorecon', '/etc/chrony.conf']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'enable', 'chronyd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.

2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'restart', 'chronyd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=
2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service']
2023-12-08T08:31:48Z DEBUG Process finished, return code=0
2023-12-08T08:31:48Z DEBUG stdout=active

2023-12-08T08:31:48Z DEBUG stderr=
2023-12-08T08:31:48Z DEBUG Restart of chronyd.service complete
2023-12-08T08:31:48Z INFO Attempting to sync time with chronyc.
2023-12-08T08:31:48Z DEBUG Starting external process
2023-12-08T08:31:48Z DEBUG args=['/usr/bin/chronyc', '-d', 'waitsync', '4', '0', '0', '3']
2023-12-08T08:31:54Z DEBUG Process finished, return code=0
2023-12-08T08:31:54Z DEBUG stdout=try: 1, refid: 00000000, correction: 0.000000000, skew: 0.000
try: 2, refid: 00000000, correction: 0.000000000, skew: 0.000
try: 3, refid: 0A15FE16, correction: 0.411695391, skew: 53.477

2023-12-08T08:31:54Z DEBUG stderr=Resolved 127.0.0.1 to 127.0.0.1
Resolved ::1 to ::1
Could not remove /run/chrony/chronyc.98679.sock : No such file or directory
Opened Unix socket fd=3 remote=/run/chrony/chronyd.sock local=/run/chrony/chronyc.98679.sock
Sent data fd=3 len=104
Timeout 1.000000 seconds
Received data fd=3 len=104
Reply cmd=33 reply=5 stat=0
Sent data fd=3 len=104
Timeout 1.000000 seconds
Received data fd=3 len=104
Reply cmd=33 reply=5 stat=0
Sent data fd=3 len=104
Timeout 1.000000 seconds
Received data fd=3 len=104
Reply cmd=33 reply=5 stat=0

2023-12-08T08:31:54Z INFO Time synchronization was successful.
2023-12-08T08:32:15Z DEBUG will use principal provided as option: myuser
2023-12-08T08:32:15Z DEBUG Starting external process
2023-12-08T08:32:15Z DEBUG args=['/usr/sbin/selinuxenabled']
2023-12-08T08:32:15Z DEBUG Process finished, return code=0
2023-12-08T08:32:15Z DEBUG stdout=
2023-12-08T08:32:15Z DEBUG stderr=
2023-12-08T08:32:15Z DEBUG Starting external process
2023-12-08T08:32:15Z DEBUG args=['/sbin/restorecon', '/etc/krb5.conf.d/freeipa']
2023-12-08T08:32:15Z DEBUG Process finished, return code=0
2023-12-08T08:32:15Z DEBUG stdout=
2023-12-08T08:32:15Z DEBUG stderr=
2023-12-08T08:32:15Z DEBUG Starting external process
2023-12-08T08:32:15Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0']
2023-12-08T08:32:15Z DEBUG Process finished, return code=0
2023-12-08T08:32:15Z DEBUG stdout=780631014

2023-12-08T08:32:15Z DEBUG stderr=
2023-12-08T08:32:15Z DEBUG Enabling persistent keyring CCACHE
2023-12-08T08:32:15Z DEBUG Writing Kerberos configuration to /tmp/tmpec_wcgxq:
2023-12-08T08:32:15Z DEBUG #File modified by ipa-client-install

includedir /etc/krb5.conf.d/
[libdefaults]
  default_realm = domain
  dns_lookup_realm = false
  rdns = false
  dns_canonicalize_hostname = false
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 0
  default_ccache_name = KEYRING:persistent:%{uid}


[realms]
  domain = {
    kdc = dc01.domain:88
    master_kdc = dc01.domain:88
    admin_server = dc01.domain:749
    kpasswd_server = dc01.domain:464
    default_domain = domain
    pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
    pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem

  }


[domain_realm]
  .domain = domain
  domain = domain
  inf-my-tt.domain = domain



2023-12-08T08:32:15Z DEBUG Writing configuration file /tmp/tmpec_wcgxq
2023-12-08T08:32:15Z DEBUG #File modified by ipa-client-install

includedir /etc/krb5.conf.d/
[libdefaults]
  default_realm = domain
  dns_lookup_realm = false
  rdns = false
  dns_canonicalize_hostname = false
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 0
  default_ccache_name = KEYRING:persistent:%{uid}


[realms]
  domain = {
    kdc = dc01.domain:88
    master_kdc = dc01.domain:88
    admin_server = dc01.domain:749
    kpasswd_server = dc01.domain:464
    default_domain = domain
    pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
    pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem

  }


[domain_realm]
  .domain = domain
  domain = domain
  inf-my-tt.domain = domain



2023-12-08T08:32:28Z DEBUG Initializing principal myuser@domain using password
2023-12-08T08:32:28Z DEBUG Starting external process
2023-12-08T08:32:28Z DEBUG args=['/usr/bin/kinit', 'myuser@domain', '-c', '/tmp/krbccry7zokx2/ccache']
2023-12-08T08:32:28Z DEBUG Process finished, return code=0
2023-12-08T08:32:28Z DEBUG stdout=Password for myuser@domain: 

2023-12-08T08:32:28Z DEBUG stderr=
2023-12-08T08:32:28Z DEBUG trying to retrieve CA cert via LDAP from dc01.domain
2023-12-08T08:32:28Z DEBUG retrieving schema for SchemaCache url=ldap://dc01.domain:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f826b83f670>
2023-12-08T08:32:29Z INFO Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=domain
    Issuer:      CN=Certificate Authority,O=domain
    Valid From:  2018-12-14 10:48:38
    Valid Until: 2038-12-14 10:48:38

2023-12-08T08:32:29Z DEBUG Starting external process
2023-12-08T08:32:29Z DEBUG args=['/usr/sbin/ipa-join', '-s', 'dc01.domain', '-b', 'dc=ipa,dc=mont,dc=ru', '-h', 'inf-my-tt.domain', '-k', '/etc/krb5.keytab']
2023-12-08T08:32:29Z DEBUG Process finished, return code=0
2023-12-08T08:32:29Z DEBUG stdout=
2023-12-08T08:32:29Z DEBUG stderr=Failed to parse result: Insufficient access rights

Retrying with pre-4.0 keytab retrieval method...
Failed to retrieve encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC (#18)
Failed to retrieve encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC (#17)
Keytab successfully retrieved and stored in: /etc/krb5.keytab

2023-12-08T08:32:29Z INFO Enrolled in IPA realm domain
2023-12-08T08:32:29Z DEBUG Starting external process
2023-12-08T08:32:29Z DEBUG args=['/usr/bin/kdestroy']
2023-12-08T08:32:29Z DEBUG Process finished, return code=0
2023-12-08T08:32:29Z DEBUG stdout=
2023-12-08T08:32:29Z DEBUG stderr=
2023-12-08T08:32:29Z DEBUG Initializing principal host/inf-my-tt.domain@domain using keytab /etc/krb5.keytab
2023-12-08T08:32:29Z DEBUG using ccache /etc/ipa/.dns_ccache
2023-12-08T08:32:29Z INFO Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
2023-12-08T08:32:29Z ERROR Failed to obtain host TGT: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639122): Pre-authentication failed: Invalid argument
2023-12-08T08:32:29Z ERROR Installation failed. Rolling back changes.
2023-12-08T08:32:29Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:32:29Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:29Z DEBUG Starting external process
2023-12-08T08:32:29Z DEBUG args=['/usr/sbin/ipa-client-automount', '--uninstall', '--debug']
2023-12-08T08:32:30Z DEBUG Process finished, return code=2
2023-12-08T08:32:30Z DEBUG stdout=IPA client is not configured on this system

2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/pki/nssdb', '-L', '-n', 'IPA Machine Certificate - inf-my-tt.domain', '-a', '-f', '/etc/pki/nssdb/pwdfile.txt']
2023-12-08T08:32:30Z DEBUG Process finished, return code=255
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=certutil: Could not find cert: IPA Machine Certificate - inf-my-tt.domain
: PR_FILE_NOT_FOUND_ERROR: File not found

2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'start', 'certmonger.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=active

2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Start of certmonger.service complete
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'stop', 'certmonger.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Stop of certmonger.service complete
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'disable', 'certmonger.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'stop', 'oddjobd.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Stop of oddjobd.service complete
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'disable', 'oddjobd.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z INFO Disabling client Kerberos and LDAP configurations
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z INFO Restoring client configuration files
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/usr/sbin/selinuxenabled']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/sbin/restorecon', '/etc/chrony.conf']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2023-12-08T08:32:30Z DEBUG   -> no files, removing file
2023-12-08T08:32:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'disable', 'nis-domainname.service']
2023-12-08T08:32:30Z DEBUG Process finished, return code=0
2023-12-08T08:32:30Z DEBUG stdout=
2023-12-08T08:32:30Z DEBUG stderr=
2023-12-08T08:32:30Z DEBUG Starting external process
2023-12-08T08:32:30Z DEBUG args=['/bin/systemctl', 'list-unit-files', '--full']
2023-12-08T08:32:31Z DEBUG Process finished, return code=0
2023-12-08T08:32:31Z DEBUG stdout=UNIT FILE                                  STATE           PRESET
proc-sys-fs-binfmt_misc.automount          static          -
-.mount                                    generated       -
boot.mount                                 generated       -
dev-hugepages.mount                        static          -
dev-mqueue.mount                           static          -
home.mount                                 generated       -
proc-fs-nfsd.mount                         static          -
proc-sys-fs-binfmt_misc.mount              disabled        disabled
sys-fs-fuse-connections.mount              static          -
sys-kernel-config.mount                    static          -
sys-kernel-debug.mount                     static          -
sys-kernel-tracing.mount                   static          -
tmp.mount                                  disabled        disabled
var-lib-nfs-rpc_pipefs.mount               static          -
var.mount                                  generated       -
systemd-ask-password-console.path          static          -
systemd-ask-password-plymouth.path         static          -
systemd-ask-password-wall.path             static          -
session-3.scope                            transient       -
arp-ethers.service                         disabled        disabled
atd.service                                enabled         enabled
auditd.service                             enabled         enabled
auth-rpcgss-module.service                 static          -
autofs.service                             disabled        disabled
autovt@.service                            alias           -
blk-availability.service                   disabled        disabled
bluetooth.service                          enabled         enabled
bolt.service                               static          -
canberra-system-bootup.service             disabled        disabled
canberra-system-shutdown-reboot.service    disabled        disabled
canberra-system-shutdown.service           disabled        disabled
certmonger.service                         disabled        disabled
chrony-wait.service                        disabled        disabled
chronyd.service                            enabled         enabled
cni-dhcp.service                           disabled        disabled
cockpit-motd.service                       static          -
cockpit-wsinstance-http.service            static          -
cockpit-wsinstance-https-factory@.service  static          -
cockpit-wsinstance-https@.service          static          -
cockpit.service                            static          -
console-getty.service                      disabled        disabled
container-getty@.service                   static          -
cpupower.service                           disabled        disabled
crond.service                              enabled         enabled
dbus-broker.service                        enabled         enabled
dbus-org.bluez.service                     alias           -
dbus-org.fedoraproject.FirewallD1.service  alias           -
dbus-org.freedesktop.hostname1.service     alias           -
dbus-org.freedesktop.locale1.service       alias           -
dbus-org.freedesktop.login1.service        alias           -
dbus-org.freedesktop.nm-dispatcher.service alias           -
dbus-org.freedesktop.timedate1.service     alias           -
dbus.service                               alias           -
debug-shell.service                        disabled        disabled
dm-event.service                           static          -
dnf-makecache.service                      static          -
dnf-system-upgrade-cleanup.service         static          -
dnf-system-upgrade.service                 disabled        disabled
dracut-cmdline.service                     static          -
dracut-initqueue.service                   static          -
dracut-mount.service                       static          -
dracut-pre-mount.service                   static          -
dracut-pre-pivot.service                   static          -
dracut-pre-trigger.service                 static          -
dracut-pre-udev.service                    static          -
dracut-shutdown-onfailure.service          static          -
dracut-shutdown.service                    static          -
emergency.service                          static          -
firewalld.service                          enabled         enabled
flatpak-system-helper.service              static          -
fprintd.service                            static          -
fstrim.service                             static          -
geoclue.service                            static          -
getty@.service                             enabled         enabled
grub-boot-indeterminate.service            static          -
grub2-systemd-integration.service          static          -
gssproxy.service                           disabled        disabled
initrd-cleanup.service                     static          -
initrd-parse-etc.service                   static          -
initrd-switch-root.service                 static          -
initrd-udevadm-cleanup-db.service          static          -
iprdump.service                            disabled        disabled
iprinit.service                            disabled        disabled
iprupdate.service                          disabled        disabled
irqbalance.service                         enabled         enabled
iscsi-init.service                         static          -
iscsi-onboot.service                       enabled         enabled
iscsi-shutdown.service                     static          -
iscsi.service                              enabled         enabled
iscsid.service                             disabled        disabled
iscsiuio.service                           disabled        disabled
kdump.service                              enabled         enabled
kmod-static-nodes.service                  static          -
kpatch.service                             disabled        disabled
kvm_stat.service                           disabled        disabled
ldconfig.service                           static          -
ledmon.service                             disabled        disabled
libstoragemgmt.service                     enabled         enabled
logrotate.service                          static          -
low-memory-monitor.service                 enabled         enabled
lvm2-lvmpolld.service                      static          -
lvm2-monitor.service                       enabled         enabled
man-db-cache-update.service                static          -
man-db-restart-cache-update.service        disabled        disabled
mcelog.service                             enabled         enabled
mdadm-grow-continue@.service               static          -
mdadm-last-resort@.service                 static          -
mdcheck_continue.service                   static          -
mdcheck_start.service                      static          -
mdmon@.service                             static          -
mdmonitor-oneshot.service                  static          -
mdmonitor.service                          enabled         enabled
microcode.service                          enabled         enabled
mlocate-updatedb.service                   static          -
modprobe@.service                          static          -
multipathd.service                         enabled         enabled
netavark-dhcp-proxy.service                disabled        disabled
NetworkManager-dispatcher.service          enabled         enabled
NetworkManager-wait-online.service         enabled         disabled
NetworkManager.service                     enabled         enabled
nfs-blkmap.service                         disabled        disabled
nfs-idmapd.service                         static          -
nfs-mountd.service                         static          -
nfs-server.service                         disabled        disabled
nfs-utils.service                          static          -
nfsdcld.service                            static          -
nftables.service                           disabled        disabled
nis-domainname.service                     disabled        enabled
nm-priv-helper.service                     static          -
nvmefc-boot-connections.service            enabled         enabled
nvmf-autoconnect.service                   disabled        disabled
nvmf-connect@.service                      static          -
oddjobd.service                            disabled        disabled
packagekit-offline-update.service          static          -
packagekit.service                         static          -
pam_namespace.service                      static          -
plymouth-halt.service                      static          -
plymouth-kexec.service                     static          -
plymouth-poweroff.service                  static          -
plymouth-quit-wait.service                 static          -
plymouth-quit.service                      static          -
plymouth-read-write.service                static          -
plymouth-reboot.service                    static          -
plymouth-start.service                     static          -
plymouth-switch-root-initramfs.service     static          -
plymouth-switch-root.service               static          -
podman-auto-update.service                 disabled        disabled
podman-clean-transient.service             disabled        disabled
podman-kube@.service                       disabled        disabled
podman-restart.service                     disabled        disabled
podman.service                             disabled        disabled
polkit.service                             static          -
psacct.service                             disabled        disabled
quotaon.service                            static          -
raid-check.service                         static          -
rc-local.service                           static          -
rdisc.service                              disabled        disabled
realmd.service                             static          -
rescue.service                             static          -
rpc-gssd.service                           static          -
rpc-statd-notify.service                   static          -
rpc-statd.service                          static          -
rpcbind.service                            enabled         enabled
rpmdb-rebuild.service                      disabled        disabled
rsyslog.service                            enabled         enabled
rtkit-daemon.service                       enabled         enabled
selinux-autorelabel-mark.service           enabled         enabled
selinux-autorelabel.service                static          -
selinux-check-proper-disable.service       disabled        disabled
serial-getty@.service                      disabled        disabled
setroubleshootd.service                    static          -
smartd.service                             enabled         enabled
sshd-keygen@.service                       disabled        disabled
sshd.service                               enabled         enabled
sshd@.service                              static          -
sssd-autofs.service                        indirect        disabled
sssd-ifp.service                           static          -
sssd-kcm.service                           indirect        disabled
sssd-nss.service                           indirect        disabled
sssd-pac.service                           indirect        disabled
sssd-pam.service                           indirect        disabled
sssd-ssh.service                           indirect        disabled
sssd-sudo.service                          indirect        disabled
sssd.service                               enabled         enabled
sysstat-collect.service                    static          -
sysstat-summary.service                    static          -
sysstat.service                            enabled         enabled
system-update-cleanup.service              static          -
systemd-ask-password-console.service       static          -
systemd-ask-password-plymouth.service      static          -
systemd-ask-password-wall.service          static          -
systemd-backlight@.service                 static          -
systemd-binfmt.service                     static          -
systemd-bless-boot.service                 static          -
systemd-boot-check-no-failures.service     disabled        disabled
systemd-boot-system-token.service          static          -
systemd-boot-update.service                disabled        enabled
systemd-coredump@.service                  static          -
systemd-exit.service                       static          -
systemd-firstboot.service                  static          -
systemd-fsck-root.service                  static          -
systemd-fsck@.service                      static          -
systemd-growfs-root.service                static          -
systemd-growfs@.service                    static          -
systemd-halt.service                       static          -
systemd-hibernate-resume@.service          static          -
systemd-hibernate.service                  static          -
systemd-hostnamed.service                  static          -
systemd-hwdb-update.service                static          -
systemd-hybrid-sleep.service               static          -
systemd-initctl.service                    static          -
systemd-journal-catalog-update.service     static          -
systemd-journal-flush.service              static          -
systemd-journald.service                   static          -
systemd-journald@.service                  static          -
systemd-kexec.service                      static          -
systemd-localed.service                    static          -
systemd-logind.service                     static          -
systemd-machine-id-commit.service          static          -
systemd-modules-load.service               static          -
systemd-network-generator.service          enabled         enabled
systemd-pcrphase-initrd.service            static          -
systemd-pcrphase-sysinit.service           static          -
systemd-pcrphase.service                   static          -
systemd-poweroff.service                   static          -
systemd-pstore.service                     disabled        enabled
systemd-quotacheck.service                 static          -
systemd-random-seed.service                static          -
systemd-reboot.service                     static          -
systemd-remount-fs.service                 enabled-runtime disabled
systemd-repart.service                     static          -
systemd-rfkill.service                     static          -
systemd-suspend-then-hibernate.service     static          -
systemd-suspend.service                    static          -
systemd-sysctl.service                     static          -
systemd-sysext.service                     disabled        disabled
systemd-sysupdate-reboot.service           indirect        disabled
systemd-sysupdate.service                  indirect        disabled
systemd-sysusers.service                   static          -
systemd-timedated.service                  static          -
systemd-tmpfiles-clean.service             static          -
systemd-tmpfiles-setup-dev.service         static          -
systemd-tmpfiles-setup.service             static          -
systemd-udev-settle.service                static          -
systemd-udev-trigger.service               static          -
systemd-udevd.service                      static          -
systemd-update-done.service                static          -
systemd-update-utmp-runlevel.service       static          -
systemd-update-utmp.service                static          -
systemd-user-sessions.service              static          -
systemd-vconsole-setup.service             static          -
systemd-volatile-root.service              static          -
teamd@.service                             static          -
udisks2.service                            enabled         enabled
upower.service                             enabled         enabled
usb_modeswitch@.service                    static          -
user-runtime-dir@.service                  static          -
user@.service                              static          -
vgauthd.service                            enabled         disabled
vmtoolsd.service                           enabled         enabled
system-cockpithttps.slice                  static          -
system-systemd\x2dcryptsetup.slice         static          -
user.slice                                 static          -
cni-dhcp.socket                            disabled        disabled
cockpit-wsinstance-http.socket             static          -
cockpit-wsinstance-https-factory.socket    static          -
cockpit-wsinstance-https@.socket           static          -
cockpit.socket                             disabled        disabled
dbus.socket                                enabled         enabled
dm-event.socket                            enabled         enabled
iscsid.socket                              enabled         enabled
iscsiuio.socket                            enabled         enabled
lvm2-lvmpolld.socket                       enabled         enabled
multipathd.socket                          enabled         disabled
netavark-dhcp-proxy.socket                 disabled        disabled
podman.socket                              disabled        disabled
rpcbind.socket                             enabled         enabled
sshd.socket                                disabled        disabled
sssd-autofs.socket                         disabled        disabled
sssd-kcm.socket                            enabled         enabled
sssd-nss.socket                            disabled        disabled
sssd-pac.socket                            disabled        disabled
sssd-pam-priv.socket                       disabled        disabled
sssd-pam.socket                            disabled        disabled
sssd-ssh.socket                            disabled        disabled
sssd-sudo.socket                           disabled        disabled
syslog.socket                              static          -
systemd-coredump.socket                    static          -
systemd-initctl.socket                     static          -
systemd-journald-audit.socket              static          -
systemd-journald-dev-log.socket            static          -
systemd-journald-varlink@.socket           static          -
systemd-journald.socket                    static          -
systemd-journald@.socket                   static          -
systemd-rfkill.socket                      static          -
systemd-udevd-control.socket               static          -
systemd-udevd-kernel.socket                static          -
dev-mapper-vg_swap\x2dlv_swap.swap         generated       -
basic.target                               static          -
blockdev@.target                           static          -
bluetooth.target                           static          -
boot-complete.target                       static          -
cryptsetup-pre.target                      static          -
cryptsetup.target                          static          -
ctrl-alt-del.target                        alias           -
default.target                             alias           -
emergency.target                           static          -
exit.target                                disabled        disabled
factory-reset.target                       static          -
final.target                               static          -
first-boot-complete.target                 static          -
getty-pre.target                           static          -
getty.target                               static          -
graphical.target                           static          -
halt.target                                disabled        disabled
hibernate.target                           static          -
hybrid-sleep.target                        static          -
initrd-fs.target                           static          -
initrd-root-device.target                  static          -
initrd-root-fs.target                      static          -
initrd-switch-root.target                  static          -
initrd-usr-fs.target                       static          -
initrd.target                              static          -
integritysetup-pre.target                  static          -
integritysetup.target                      static          -
iprutils.target                            disabled        disabled
kexec.target                               disabled        disabled
local-fs-pre.target                        static          -
local-fs.target                            static          -
multi-user.target                          indirect        disabled
network-online.target                      static          -
network-pre.target                         static          -
network.target                             static          -
nfs-client.target                          enabled         disabled
nss-lookup.target                          static          -
nss-user-lookup.target                     static          -
nvmf-connect.target                        static          -
paths.target                               static          -
poweroff.target                            disabled        disabled
printer.target                             static          -
reboot.target                              enabled         enabled
remote-cryptsetup.target                   disabled        enabled
remote-fs-pre.target                       static          -
remote-fs.target                           enabled         enabled
remote-veritysetup.target                  disabled        disabled
rescue.target                              static          -
rpc_pipefs.target                          static          -
rpcbind.target                             static          -
runlevel0.target                           alias           -
runlevel1.target                           alias           -
runlevel2.target                           alias           -
runlevel3.target                           alias           -
runlevel4.target                           alias           -
runlevel5.target                           alias           -
runlevel6.target                           alias           -
selinux-autorelabel.target                 static          -
shutdown.target                            static          -
sigpwr.target                              static          -
sleep.target                               static          -
slices.target                              static          -
smartcard.target                           static          -
sockets.target                             static          -
sound.target                               static          -
sshd-keygen.target                         static          -
suspend-then-hibernate.target              static          -
suspend.target                             static          -
swap.target                                static          -
sysinit.target                             static          -
system-update-pre.target                   static          -
system-update.target                       static          -
time-set.target                            static          -
time-sync.target                           static          -
timers.target                              static          -
umount.target                              static          -
usb-gadget.target                          static          -
veritysetup-pre.target                     static          -
veritysetup.target                         static          -
dnf-makecache.timer                        enabled         enabled
fstrim.timer                               disabled        disabled
logrotate.timer                            enabled         enabled
mdadm-last-resort@.timer                   static          -
mdcheck_continue.timer                     disabled        disabled
mdcheck_start.timer                        disabled        disabled
mdmonitor-oneshot.timer                    disabled        disabled
mlocate-updatedb.timer                     enabled         enabled
podman-auto-update.timer                   disabled        disabled
raid-check.timer                           disabled        disabled
sysstat-collect.timer                      enabled         disabled
sysstat-summary.timer                      enabled         disabled
systemd-sysupdate-reboot.timer             disabled        disabled
systemd-sysupdate.timer                    disabled        disabled
systemd-tmpfiles-clean.timer               static          -

392 unit files listed.

2023-12-08T08:32:31Z DEBUG stderr=
2023-12-08T08:32:31Z INFO nscd daemon is not installed, skip configuration
2023-12-08T08:32:31Z DEBUG Starting external process
2023-12-08T08:32:31Z DEBUG args=['/bin/systemctl', 'list-unit-files', '--full']
2023-12-08T08:32:31Z DEBUG Process finished, return code=0
2023-12-08T08:32:31Z DEBUG stdout=UNIT FILE                                  STATE           PRESET
proc-sys-fs-binfmt_misc.automount          static          -
-.mount                                    generated       -
boot.mount                                 generated       -
dev-hugepages.mount                        static          -
dev-mqueue.mount                           static          -
home.mount                                 generated       -
proc-fs-nfsd.mount                         static          -
proc-sys-fs-binfmt_misc.mount              disabled        disabled
sys-fs-fuse-connections.mount              static          -
sys-kernel-config.mount                    static          -
sys-kernel-debug.mount                     static          -
sys-kernel-tracing.mount                   static          -
tmp.mount                                  disabled        disabled
var-lib-nfs-rpc_pipefs.mount               static          -
var.mount                                  generated       -
systemd-ask-password-console.path          static          -
systemd-ask-password-plymouth.path         static          -
systemd-ask-password-wall.path             static          -
session-3.scope                            transient       -
arp-ethers.service                         disabled        disabled
atd.service                                enabled         enabled
auditd.service                             enabled         enabled
auth-rpcgss-module.service                 static          -
autofs.service                             disabled        disabled
autovt@.service                            alias           -
blk-availability.service                   disabled        disabled
bluetooth.service                          enabled         enabled
bolt.service                               static          -
canberra-system-bootup.service             disabled        disabled
canberra-system-shutdown-reboot.service    disabled        disabled
canberra-system-shutdown.service           disabled        disabled
certmonger.service                         disabled        disabled
chrony-wait.service                        disabled        disabled
chronyd.service                            enabled         enabled
cni-dhcp.service                           disabled        disabled
cockpit-motd.service                       static          -
cockpit-wsinstance-http.service            static          -
cockpit-wsinstance-https-factory@.service  static          -
cockpit-wsinstance-https@.service          static          -
cockpit.service                            static          -
console-getty.service                      disabled        disabled
container-getty@.service                   static          -
cpupower.service                           disabled        disabled
crond.service                              enabled         enabled
dbus-broker.service                        enabled         enabled
dbus-org.bluez.service                     alias           -
dbus-org.fedoraproject.FirewallD1.service  alias           -
dbus-org.freedesktop.hostname1.service     alias           -
dbus-org.freedesktop.locale1.service       alias           -
dbus-org.freedesktop.login1.service        alias           -
dbus-org.freedesktop.nm-dispatcher.service alias           -
dbus-org.freedesktop.timedate1.service     alias           -
dbus.service                               alias           -
debug-shell.service                        disabled        disabled
dm-event.service                           static          -
dnf-makecache.service                      static          -
dnf-system-upgrade-cleanup.service         static          -
dnf-system-upgrade.service                 disabled        disabled
dracut-cmdline.service                     static          -
dracut-initqueue.service                   static          -
dracut-mount.service                       static          -
dracut-pre-mount.service                   static          -
dracut-pre-pivot.service                   static          -
dracut-pre-trigger.service                 static          -
dracut-pre-udev.service                    static          -
dracut-shutdown-onfailure.service          static          -
dracut-shutdown.service                    static          -
emergency.service                          static          -
firewalld.service                          enabled         enabled
flatpak-system-helper.service              static          -
fprintd.service                            static          -
fstrim.service                             static          -
geoclue.service                            static          -
getty@.service                             enabled         enabled
grub-boot-indeterminate.service            static          -
grub2-systemd-integration.service          static          -
gssproxy.service                           disabled        disabled
initrd-cleanup.service                     static          -
initrd-parse-etc.service                   static          -
initrd-switch-root.service                 static          -
initrd-udevadm-cleanup-db.service          static          -
iprdump.service                            disabled        disabled
iprinit.service                            disabled        disabled
iprupdate.service                          disabled        disabled
irqbalance.service                         enabled         enabled
iscsi-init.service                         static          -
iscsi-onboot.service                       enabled         enabled
iscsi-shutdown.service                     static          -
iscsi.service                              enabled         enabled
iscsid.service                             disabled        disabled
iscsiuio.service                           disabled        disabled
kdump.service                              enabled         enabled
kmod-static-nodes.service                  static          -
kpatch.service                             disabled        disabled
kvm_stat.service                           disabled        disabled
ldconfig.service                           static          -
ledmon.service                             disabled        disabled
libstoragemgmt.service                     enabled         enabled
logrotate.service                          static          -
low-memory-monitor.service                 enabled         enabled
lvm2-lvmpolld.service                      static          -
lvm2-monitor.service                       enabled         enabled
man-db-cache-update.service                static          -
man-db-restart-cache-update.service        disabled        disabled
mcelog.service                             enabled         enabled
mdadm-grow-continue@.service               static          -
mdadm-last-resort@.service                 static          -
mdcheck_continue.service                   static          -
mdcheck_start.service                      static          -
mdmon@.service                             static          -
mdmonitor-oneshot.service                  static          -
mdmonitor.service                          enabled         enabled
microcode.service                          enabled         enabled
mlocate-updatedb.service                   static          -
modprobe@.service                          static          -
multipathd.service                         enabled         enabled
netavark-dhcp-proxy.service                disabled        disabled
NetworkManager-dispatcher.service          enabled         enabled
NetworkManager-wait-online.service         enabled         disabled
NetworkManager.service                     enabled         enabled
nfs-blkmap.service                         disabled        disabled
nfs-idmapd.service                         static          -
nfs-mountd.service                         static          -
nfs-server.service                         disabled        disabled
nfs-utils.service                          static          -
nfsdcld.service                            static          -
nftables.service                           disabled        disabled
nis-domainname.service                     disabled        enabled
nm-priv-helper.service                     static          -
nvmefc-boot-connections.service            enabled         enabled
nvmf-autoconnect.service                   disabled        disabled
nvmf-connect@.service                      static          -
oddjobd.service                            disabled        disabled
packagekit-offline-update.service          static          -
packagekit.service                         static          -
pam_namespace.service                      static          -
plymouth-halt.service                      static          -
plymouth-kexec.service                     static          -
plymouth-poweroff.service                  static          -
plymouth-quit-wait.service                 static          -
plymouth-quit.service                      static          -
plymouth-read-write.service                static          -
plymouth-reboot.service                    static          -
plymouth-start.service                     static          -
plymouth-switch-root-initramfs.service     static          -
plymouth-switch-root.service               static          -
podman-auto-update.service                 disabled        disabled
podman-clean-transient.service             disabled        disabled
podman-kube@.service                       disabled        disabled
podman-restart.service                     disabled        disabled
podman.service                             disabled        disabled
polkit.service                             static          -
psacct.service                             disabled        disabled
quotaon.service                            static          -
raid-check.service                         static          -
rc-local.service                           static          -
rdisc.service                              disabled        disabled
realmd.service                             static          -
rescue.service                             static          -
rpc-gssd.service                           static          -
rpc-statd-notify.service                   static          -
rpc-statd.service                          static          -
rpcbind.service                            enabled         enabled
rpmdb-rebuild.service                      disabled        disabled
rsyslog.service                            enabled         enabled
rtkit-daemon.service                       enabled         enabled
selinux-autorelabel-mark.service           enabled         enabled
selinux-autorelabel.service                static          -
selinux-check-proper-disable.service       disabled        disabled
serial-getty@.service                      disabled        disabled
setroubleshootd.service                    static          -
smartd.service                             enabled         enabled
sshd-keygen@.service                       disabled        disabled
sshd.service                               enabled         enabled
sshd@.service                              static          -
sssd-autofs.service                        indirect        disabled
sssd-ifp.service                           static          -
sssd-kcm.service                           indirect        disabled
sssd-nss.service                           indirect        disabled
sssd-pac.service                           indirect        disabled
sssd-pam.service                           indirect        disabled
sssd-ssh.service                           indirect        disabled
sssd-sudo.service                          indirect        disabled
sssd.service                               enabled         enabled
sysstat-collect.service                    static          -
sysstat-summary.service                    static          -
sysstat.service                            enabled         enabled
system-update-cleanup.service              static          -
systemd-ask-password-console.service       static          -
systemd-ask-password-plymouth.service      static          -
systemd-ask-password-wall.service          static          -
systemd-backlight@.service                 static          -
systemd-binfmt.service                     static          -
systemd-bless-boot.service                 static          -
systemd-boot-check-no-failures.service     disabled        disabled
systemd-boot-system-token.service          static          -
systemd-boot-update.service                disabled        enabled
systemd-coredump@.service                  static          -
systemd-exit.service                       static          -
systemd-firstboot.service                  static          -
systemd-fsck-root.service                  static          -
systemd-fsck@.service                      static          -
systemd-growfs-root.service                static          -
systemd-growfs@.service                    static          -
systemd-halt.service                       static          -
systemd-hibernate-resume@.service          static          -
systemd-hibernate.service                  static          -
systemd-hostnamed.service                  static          -
systemd-hwdb-update.service                static          -
systemd-hybrid-sleep.service               static          -
systemd-initctl.service                    static          -
systemd-journal-catalog-update.service     static          -
systemd-journal-flush.service              static          -
systemd-journald.service                   static          -
systemd-journald@.service                  static          -
systemd-kexec.service                      static          -
systemd-localed.service                    static          -
systemd-logind.service                     static          -
systemd-machine-id-commit.service          static          -
systemd-modules-load.service               static          -
systemd-network-generator.service          enabled         enabled
systemd-pcrphase-initrd.service            static          -
systemd-pcrphase-sysinit.service           static          -
systemd-pcrphase.service                   static          -
systemd-poweroff.service                   static          -
systemd-pstore.service                     disabled        enabled
systemd-quotacheck.service                 static          -
systemd-random-seed.service                static          -
systemd-reboot.service                     static          -
systemd-remount-fs.service                 enabled-runtime disabled
systemd-repart.service                     static          -
systemd-rfkill.service                     static          -
systemd-suspend-then-hibernate.service     static          -
systemd-suspend.service                    static          -
systemd-sysctl.service                     static          -
systemd-sysext.service                     disabled        disabled
systemd-sysupdate-reboot.service           indirect        disabled
systemd-sysupdate.service                  indirect        disabled
systemd-sysusers.service                   static          -
systemd-timedated.service                  static          -
systemd-tmpfiles-clean.service             static          -
systemd-tmpfiles-setup-dev.service         static          -
systemd-tmpfiles-setup.service             static          -
systemd-udev-settle.service                static          -
systemd-udev-trigger.service               static          -
systemd-udevd.service                      static          -
systemd-update-done.service                static          -
systemd-update-utmp-runlevel.service       static          -
systemd-update-utmp.service                static          -
systemd-user-sessions.service              static          -
systemd-vconsole-setup.service             static          -
systemd-volatile-root.service              static          -
teamd@.service                             static          -
udisks2.service                            enabled         enabled
upower.service                             enabled         enabled
usb_modeswitch@.service                    static          -
user-runtime-dir@.service                  static          -
user@.service                              static          -
vgauthd.service                            enabled         disabled
vmtoolsd.service                           enabled         enabled
system-cockpithttps.slice                  static          -
system-systemd\x2dcryptsetup.slice         static          -
user.slice                                 static          -
cni-dhcp.socket                            disabled        disabled
cockpit-wsinstance-http.socket             static          -
cockpit-wsinstance-https-factory.socket    static          -
cockpit-wsinstance-https@.socket           static          -
cockpit.socket                             disabled        disabled
dbus.socket                                enabled         enabled
dm-event.socket                            enabled         enabled
iscsid.socket                              enabled         enabled
iscsiuio.socket                            enabled         enabled
lvm2-lvmpolld.socket                       enabled         enabled
multipathd.socket                          enabled         disabled
netavark-dhcp-proxy.socket                 disabled        disabled
podman.socket                              disabled        disabled
rpcbind.socket                             enabled         enabled
sshd.socket                                disabled        disabled
sssd-autofs.socket                         disabled        disabled
sssd-kcm.socket                            enabled         enabled
sssd-nss.socket                            disabled        disabled
sssd-pac.socket                            disabled        disabled
sssd-pam-priv.socket                       disabled        disabled
sssd-pam.socket                            disabled        disabled
sssd-ssh.socket                            disabled        disabled
sssd-sudo.socket                           disabled        disabled
syslog.socket                              static          -
systemd-coredump.socket                    static          -
systemd-initctl.socket                     static          -
systemd-journald-audit.socket              static          -
systemd-journald-dev-log.socket            static          -
systemd-journald-varlink@.socket           static          -
systemd-journald.socket                    static          -
systemd-journald@.socket                   static          -
systemd-rfkill.socket                      static          -
systemd-udevd-control.socket               static          -
systemd-udevd-kernel.socket                static          -
dev-mapper-vg_swap\x2dlv_swap.swap         generated       -
basic.target                               static          -
blockdev@.target                           static          -
bluetooth.target                           static          -
boot-complete.target                       static          -
cryptsetup-pre.target                      static          -
cryptsetup.target                          static          -
ctrl-alt-del.target                        alias           -
default.target                             alias           -
emergency.target                           static          -
exit.target                                disabled        disabled
factory-reset.target                       static          -
final.target                               static          -
first-boot-complete.target                 static          -
getty-pre.target                           static          -
getty.target                               static          -
graphical.target                           static          -
halt.target                                disabled        disabled
hibernate.target                           static          -
hybrid-sleep.target                        static          -
initrd-fs.target                           static          -
initrd-root-device.target                  static          -
initrd-root-fs.target                      static          -
initrd-switch-root.target                  static          -
initrd-usr-fs.target                       static          -
initrd.target                              static          -
integritysetup-pre.target                  static          -
integritysetup.target                      static          -
iprutils.target                            disabled        disabled
kexec.target                               disabled        disabled
local-fs-pre.target                        static          -
local-fs.target                            static          -
multi-user.target                          indirect        disabled
network-online.target                      static          -
network-pre.target                         static          -
network.target                             static          -
nfs-client.target                          enabled         disabled
nss-lookup.target                          static          -
nss-user-lookup.target                     static          -
nvmf-connect.target                        static          -
paths.target                               static          -
poweroff.target                            disabled        disabled
printer.target                             static          -
reboot.target                              enabled         enabled
remote-cryptsetup.target                   disabled        enabled
remote-fs-pre.target                       static          -
remote-fs.target                           enabled         enabled
remote-veritysetup.target                  disabled        disabled
rescue.target                              static          -
rpc_pipefs.target                          static          -
rpcbind.target                             static          -
runlevel0.target                           alias           -
runlevel1.target                           alias           -
runlevel2.target                           alias           -
runlevel3.target                           alias           -
runlevel4.target                           alias           -
runlevel5.target                           alias           -
runlevel6.target                           alias           -
selinux-autorelabel.target                 static          -
shutdown.target                            static          -
sigpwr.target                              static          -
sleep.target                               static          -
slices.target                              static          -
smartcard.target                           static          -
sockets.target                             static          -
sound.target                               static          -
sshd-keygen.target                         static          -
suspend-then-hibernate.target              static          -
suspend.target                             static          -
swap.target                                static          -
sysinit.target                             static          -
system-update-pre.target                   static          -
system-update.target                       static          -
time-set.target                            static          -
time-sync.target                           static          -
timers.target                              static          -
umount.target                              static          -
usb-gadget.target                          static          -
veritysetup-pre.target                     static          -
veritysetup.target                         static          -
dnf-makecache.timer                        enabled         enabled
fstrim.timer                               disabled        disabled
logrotate.timer                            enabled         enabled
mdadm-last-resort@.timer                   static          -
mdcheck_continue.timer                     disabled        disabled
mdcheck_start.timer                        disabled        disabled
mdmonitor-oneshot.timer                    disabled        disabled
mlocate-updatedb.timer                     enabled         enabled
podman-auto-update.timer                   disabled        disabled
raid-check.timer                           disabled        disabled
sysstat-collect.timer                      enabled         disabled
sysstat-summary.timer                      enabled         disabled
systemd-sysupdate-reboot.timer             disabled        disabled
systemd-sysupdate.timer                    disabled        disabled
systemd-tmpfiles-clean.timer               static          -

392 unit files listed.

2023-12-08T08:32:31Z DEBUG stderr=
2023-12-08T08:32:31Z INFO nslcd daemon is not installed, skip configuration
2023-12-08T08:32:31Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:31Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:31Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:31Z DEBUG Restoring system configuration file '/etc/chrony.conf'
2023-12-08T08:32:31Z DEBUG Configuration file /etc/chrony.conf was not restored.
2023-12-08T08:32:31Z DEBUG Starting external process
2023-12-08T08:32:31Z DEBUG args=['/bin/systemctl', 'stop', 'chronyd.service']
2023-12-08T08:32:31Z DEBUG Process finished, return code=0
2023-12-08T08:32:31Z DEBUG stdout=
2023-12-08T08:32:31Z DEBUG stderr=
2023-12-08T08:32:31Z DEBUG Stop of chronyd.service complete
2023-12-08T08:32:31Z DEBUG Starting external process
2023-12-08T08:32:31Z DEBUG args=['/bin/systemctl', 'disable', 'chronyd.service']
2023-12-08T08:32:31Z DEBUG Process finished, return code=0
2023-12-08T08:32:31Z DEBUG stdout=
2023-12-08T08:32:31Z DEBUG stderr=Removed "/etc/systemd/system/multi-user.target.wants/chronyd.service".

2023-12-08T08:32:31Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:31Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2023-12-08T08:32:31Z DEBUG   -> no modules, removing file
2023-12-08T08:32:31Z INFO Client uninstall complete.
2023-12-08T08:32:31Z DEBUG   File "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in execute
    return_value = self.run()
  File "/usr/lib/python3.9/site-packages/ipapython/install/cli.py", line 344, in run
    return cfgr.run()
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 360, in run
    return self.execute()
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 386, in execute
    for rval in self._executor():
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 435, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
    raise value
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 425, in __runner
    step()
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 419, in step_next
    return next(self.__gen)
  File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
    raise value
  File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 663, in _configure
    next(executor)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 435, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 526, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
    raise value
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 523, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 458, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
    raise value
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 425, in __runner
    step()
  File "/usr/lib/python3.9/site-packages/ipapython/install/core.py", line 419, in step_next
    return next(self.__gen)
  File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.9/site-packages/six.py", line 709, in reraise
    raise value
  File "/usr/lib/python3.9/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.9/site-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 4063, in main
    install(self)
  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 2679, in install
    _install(options, dict())
  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 115, in inner
    func(options, tdict)
  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 2934, in _install
    raise ScriptError(rval=CLIENT_INSTALL_ERROR)

2023-12-08T08:32:31Z DEBUG The ipa-client-install command failed, exception: ScriptError: 
2023-12-08T08:32:31Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
ipaclient-install.log (83,819 bytes)   
Louis Abel

Louis Abel

2024-01-08 23:21

administrator   ~0005513

After some analysis, you may be running into kerberos compatibility issues. Kerberos in 8 and 9 are 1.18.2-26 and 1.21.1-1 respectively. CentOS 7 sits firmly on 1.15.1-46 with no backports coming. There are some issues with PAC ticket signatures at the moment in 8 and 9, which may (or may not) be part of this issue. However, we cannot know for sure until patches are released upstream. When they are released upstream, it will trickle down to Rocky, which could eventually lead us to find out if this indeed the (or part of the) issue.

We will leave this ticket open until then.

Side notes:

As you are running on a soon to be end of life release (CentOS 7), we highly recommend planning on migrating to a newer version. This will require you to stand up EL8 systems and then decommission/remove the EL7 machines from the domain. The same operation would then need to be done if you're going to move to EL9. I recommend that you plan on moving all the way to EL9, as 8.10 arrives in May and it will be maintenance only after.

See the following documentation:

https://linuxguideandhints.com/el/freeipa/#server-migrationupgrade

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/migrating_to_identity_management_on_rhel_8/index

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/migrating_to_identity_management_on_rhel_9/index

See the following tickets:

https://issues.redhat.com/browse/RHEL-20442

https://pagure.io/freeipa/issue/9371
Louis Abel

Louis Abel

2024-11-27 01:47

administrator   ~0008918

Upstream ticket has been reported as "fixed" for this issue. If you are still having issues with current package set in Rocky Linux 8.10 and 9.5, please open a new bug report.

Issue History

Date Modified Username Field Change
2023-12-08 08:48 Sergei Ser New Issue
2023-12-08 09:04 Louis Abel Assigned To => Louis Abel
2023-12-08 09:04 Louis Abel Status new => needinfo
2023-12-08 09:04 Louis Abel Note Added: 0005281
2023-12-08 09:16 Louis Abel Note Edited: 0005281
2023-12-08 11:00 Sergei Ser Note Added: 0005282
2023-12-08 11:00 Sergei Ser File Added: ipaclient-install.log
2024-01-08 23:21 Louis Abel Note Added: 0005513
2024-11-27 01:47 Louis Abel Status needinfo => closed
2024-11-27 01:47 Louis Abel Resolution open => fixed
2024-11-27 01:47 Louis Abel Note Added: 0008918