Managing krb5.conf via smart parameters of foreman does not work for me. #75
Comments
|
Had to d a fork and modify
if $_manage_krb_config { |
|
Thanks for this. Was exactly the fix I needed for my environment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi , Can you please help me with figuring out what I am doing wrong?
I am trying to add
default_tkt_enctypes = aes256-cts rc4-hmac
default_tgs_enctypes = aes256-cts rc4-hmac
to krb5.conf as otherwise it would not allow to talk to DC due to unsupported encryption type.
[root@puppet-lab ~]# puppet agent -t Warning: Setting 'pluginsync' is deprecated. (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1906:inblock in initialize_default_settings!')Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppet-lab.lakros.com
Info: Applying configuration version 'puppet-production-5ee8da4a2f9'
Notice: /Stage[main]/Realmd::Install/Package[krb5-workstation]/ensure: created
Notice: /Stage[main]/Realmd::Install/Package[samba-common-tools]/ensure: created
Notice: /Stage[main]/Realmd::Config/File[/etc/realmd.conf]/ensure: defined content as '{sha256}e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
Info: Class[Realmd::Config]: Scheduling refresh of Class[Realmd::Join]
Info: Class[Realmd::Join]: Scheduling refresh of Class[Realmd::Join::Password]
Info: Class[Realmd::Join::Password]: Scheduling refresh of Exec[realm_join_with_password]
Notice: /Stage[main]/Realmd::Join::Password/File[/usr/libexec/realm_join_with_password]/ensure: defined content as '{sha256}e20763cd32aee0b4a245bc09c36e7bd05eec4f87f2ffbd9b42bf072b2cc067cb'
Notice: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]/returns: Password for [email protected]: See: journalctl REALMD_OPERATION=r248.5716
Notice: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]/returns: realm: Couldn't join realm: Failed to join the domain
Error: '/usr/libexec/realm_join_with_password realm join LAKROS.COM --unattended --user=[email protected] --computer-name=puppet-lab' returned 1 instead of one of [0]
Error: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]/returns: change from 'notrun' to ['0'] failed: '/usr/libexec/realm_join_with_password realm join LAKROS.COM --unattended --user=[email protected] --computer-name=puppet-lab' returned 1 instead of one of [0]
Notice: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]/returns: Password for [email protected]: See: journalctl REALMD_OPERATION=r249.6182
Notice: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]/returns: realm: Couldn't join realm: Failed to join the domain
Error: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]: Failed to call refresh: '/usr/libexec/realm_join_with_password realm join LAKROS.COM --unattended --user=[email protected] --computer-name=puppet-lab' returned 1 instead of one of [0]
Error: /Stage[main]/Realmd::Join::Password/Exec[realm_join_with_password]: '/usr/libexec/realm_join_with_password realm join LAKROS.COM --unattended --user=[email protected] --computer-name=puppet-lab' returned 1 instead of one of [0]
Info: Class[Realmd::Join::Password]: Unscheduling all events on Class[Realmd::Join::Password]
Notice: /Stage[main]/Realmd::Sssd::Config/File[/etc/sssd/sssd.conf]: Dependency Exec[realm_join_with_password] has failures: true
Warning: /Stage[main]/Realmd::Sssd::Config/File[/etc/sssd/sssd.conf]: Skipping because of failed dependencies
Warning: /Stage[main]/Realmd::Sssd::Config/Exec[force_config_cache_rebuild]: Skipping because of failed dependencies
Warning: /Stage[main]/Realmd::Sssd::Service/Service[sssd]: Skipping because of failed dependencies
Info: Stage[main]: Unscheduling all events on Stage[main]
Notice: Applied catalog in 42.24 seconds
`
[root@puppet-lab ~]# journalctl REALMD_OPERATION=r249.6182 -- Logs begin at Mon 2021-02-15 00:59:52 EST, end at Thu 2021-02-18 01:41:59 EST. -- Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Resolving: _ldap._tcp.lakros.com Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Performing LDAP DSE lookup on: 10.37.69.50 Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Performing LDAP DSE lookup on: 10.37.69.69 Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Successfully discovered: lakros.com Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Joining using a manual netbios name: puppet-lab Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * LANG=C /usr/sbin/adcli join --verbose --domain lakros.com --domain-realm LAKROS.COM --domain-controller 10.37.69.50 --computer-name puppet-lab --login-type user --login-user doma> Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Using domain name: lakros.com Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Using computer account name: puppet-lab Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Using domain realm: lakros.com Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Sending netlogon pings to domain controller: cldap://10.37.69.50 Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Received NetLogon info from: DFX-DC01.lakros.com Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-YlydTq/krb5.d/adcli-krb5-conf-BfXMuU Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: ! Couldn't authenticate as: [email protected]: KDC has no support for encryption type Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: adcli: couldn't connect to lakros.com domain: Couldn't authenticate as: [email protected]: KDC has no support for encryption type Feb 18 01:25:13 puppet-lab.lakros.com realmd[5780]: ! Failed to join the domainAs you see it doesn't apply conf from smart variables.
Thank you.
The text was updated successfully, but these errors were encountered: