During the installation of the containerised SSSD the ipa-client-install script fails
[root@atomic ~]# atomic install rhel7/sssd docker run --rm=true --privileged --net=host -v /:/host -e NAME=sssd -e IMAGE=rhel7/sssd -e HOST=/host rhel7/sssd /bin/install.sh Initializing configuration context from host ... Discovery was successful! Client hostname: atomic.internal.local Realm: INTERNAL.LOCAL DNS Domain: internal.local IPA Server: ipa-atomic.internal.local BaseDN: dc=internal,dc=local Skipping synchronizing time with NTP server. Downloading the CA certificate via HTTP, this is INSECURE Successfully retrieved CA cert Subject: CN=Certificate Authority,O=INTERNAL.LOCAL Issuer: CN=Certificate Authority,O=INTERNAL.LOCAL Valid From: Wed Jun 28 09:52:34 2017 UTC Valid Until: Sun Jun 28 09:52:34 2037 UTC Joining realm failed: HTTP response code is 401, not 200 Use ipa-getkeytab to obtain a host principal for this server. Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639107): No credentials cache found Installation failed. Force set so not rolling back changes.
- Red Hat Enterprise Linux Atomic Host
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.