未分类
安装ipa-client错误:kinit: Clients credentials have been revoked while getting initial credentials
安装ipa-client时, 遇到如下错误:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@log1-prod-iuap-yycloud scripts]# ipa-client-install --mkhomedir --enable-dns-updates --force-join --principal=admin --password=xxxxxx -U Discovery was successful! Client hostname: log1-prod-iuap-yycloud.yonyouiuap.com Realm: YONYOUIUAP.COM DNS Domain: yonyouiuap.com IPA Server: freeipa4-iuap-hb2-ali.yonyouiuap.com BaseDN: dc=yonyouiuap,dc=com Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) Kerberos authentication failed: kinit: Clients credentials have been revoked while getting initial credentials Installation failed. Rolling back changes. IPA client is not configured on this system. |
执行kinit admin:
|
1 2 |
[sean@middlewaredocker1-iuap-hb2-ali ~]$ kinit admin kinit: Clients credentials have been revoked while getting initial credentials |
去ipa server端查询:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@freeipa4-iuap-hb2-ali sean]# ipa user-status admin ----------------------- Account disabled: False ----------------------- Server: freeipa3-iuap-hb2-ali.yonyouiuap.com Failed logins: 6 Last successful authentication: 20170918090442Z Last failed authentication: 20170918115216Z Time now: 2017-09-18T12:04:36Z Server: freeipa1-iuap-hb2-ali.yonyouiuap.com failed: Server is unwilling to perform: Too many failed logins. Server: freeipa4-iuap-hb2-ali.yonyouiuap.com Failed logins: 0 Last successful authentication: 20170918120436Z Last failed authentication: 20170918115237Z Time now: 2017-09-18T12:04:36Z ---------------------------- Number of entries returned 3 ---------------------------- |
原来是尝试次数过多(默认6次)被锁了 解锁一下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
---------------------------- [root@freeipa4-iuap-hb2-ali sean]# ipa user-unlock admin ------------------------ Unlocked account "admin" ------------------------ [root@freeipa4-iuap-hb2-ali sean]# ipa user-status admin ----------------------- Account disabled: False ----------------------- Server: freeipa3-iuap-hb2-ali.yonyouiuap.com Failed logins: 0 Last successful authentication: 20170922031611Z Last failed authentication: 20170918123414Z Time now: 2017-09-22T03:16:12Z Server: freeipa1-iuap-hb2-ali.yonyouiuap.com Failed logins: 0 Last successful authentication: 20170922031612Z Last failed authentication: 20170918123627Z Time now: 2017-09-22T03:16:12Z Server: freeipa4-iuap-hb2-ali.yonyouiuap.com Failed logins: 0 Last successful authentication: 20170922031611Z Last failed authentication: 20170918123621Z Time now: 2017-09-22T03:16:12Z ---------------------------- Number of entries returned 3 ---------------------------- |
再次安装ipa-client, 成功。