IPA replica install fails with the error "kadmin.local: Included profile directory could not be read while initializing krb5 library"
Issue
Scenario:1
------------------
- IPA install fails when calling kadmin.local
Done configuring certificate server (pki-tomcatd).
Restarting the directory and certificate servers
Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
[1/8]: adding sasl mappings to the directory
[2/8]: configuring KDC
[3/8]: creating a keytab for the directory
[error] CalledProcessError: Command ''kadmin.local' '-q' 'addprinc -randkey ldap/hostname.x.x.x.x@X.X.X.X' '-x' 'ipa-setup-override-restrictions'' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR Command ''kadmin.local' '-q' 'addprinc -randkey ldap/hostname.x.x.x.x@X.X.X.X' '-x' 'ipa-setup-override-restrictions'' returned non-zero exit status 1
Scenario:2
------------------
- IPA install fails with the error
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Environment
Scenario:1
------------------
- Red Hat Enterprise Linux 7
- ipa-client-4.2.0-15.el7.x86_64
ipa-server-4.2.0-15.el7.x86_64
Scenario:2
------------------
- Red Hat Enterprise Linux 7
- ipa-client-4.4.0-12.el7.x86_64
- krb5-libs-1.13.2-12.el7_2.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
