SSSD container fails to install with 401 HTTP error
Issue
During the installation of the containerised SSSD the ipa-client-install script fails
[root@atomic ~]# atomic install rhel7/sssd
docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh
Initializing configuration context from host ...
Discovery was successful!
Client hostname: atomic.internal.local
Realm: INTERNAL.LOCAL
DNS Domain: internal.local
IPA Server: ipa-atomic.internal.local
BaseDN: dc=internal,dc=local
Skipping synchronizing time with NTP server.
Downloading the CA certificate via HTTP, this is INSECURE
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=INTERNAL.LOCAL
Issuer: CN=Certificate Authority,O=INTERNAL.LOCAL
Valid From: Wed Jun 28 09:52:34 2017 UTC
Valid Until: Sun Jun 28 09:52:34 2037 UTC
Joining realm failed: HTTP response code is 401, not 200
Use ipa-getkeytab to obtain a host principal for this server.
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639107): No credentials cache found
Installation failed. Force set so not rolling back changes.
Environment
- Red Hat Enterprise Linux Atomic Host
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.