2021-09-07T11:51:17Z DEBUG Logging to /var/log/ipaclient-install.log 2021-09-07T11:51:17Z DEBUG ipa-client-install was invoked with arguments [] and options: {'unattended': True, 'principal': 'admin', 'prompt_password': False, 'on_master': False, 'ca_cert_files': None, 'force': False, 'configure_firefox': False, 'firefox_dir': None, 'keytab': None, 'mkhomedir': False, 'force_join': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': True, 'force_ntpd': False, 'nisdomain': None, 'no_nisdomain': True, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_sudo': False, 'no_dns_sshfp': False, 'kinit_attempts': None, 'request_cert': False, 'ip_addresses': None, 'all_ip_addresses': False, 'fixed_primary': False, 'permit': False, 'enable_dns_updates': True, 'no_krb5_offline_passwords': False, 'preserve_sssd': False, 'automount_location': None, 'domain_name': None, 'servers': None, 'realm_name': None, 'host_name': None, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2021-09-07T11:51:17Z DEBUG IPA version 4.9.6-2.fc34 2021-09-07T11:51:17Z DEBUG IPA platform fedora 2021-09-07T11:51:17Z DEBUG IPA os-release Fedora 34 (Thirty Four) 2021-09-07T11:51:17Z DEBUG Starting external process 2021-09-07T11:51:17Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:17Z DEBUG Process finished, return code=0 2021-09-07T11:51:17Z DEBUG stdout= 2021-09-07T11:51:17Z DEBUG stderr= 2021-09-07T11:51:17Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2021-09-07T11:51:17Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:51:17Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:51:17Z DEBUG Starting external process 2021-09-07T11:51:17Z DEBUG args=['sudo', '-V'] 2021-09-07T11:51:17Z DEBUG Process finished, return code=0 2021-09-07T11:51:17Z DEBUG stdout=Sudo version 1.9.5p2 Configure options: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo --enable-openssl --disable-root-mailer --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-selinux --with-passprompt=[sudo] password for %p: --enable-python --with-linux-audit --with-sssd Sudoers policy plugin version 1.9.5p2 Sudoers file grammar version 48 Sudoers path: /etc/sudoers nsswitch path: /etc/nsswitch.conf ldap.conf path: /etc/ldap.conf ldap.secret path: /etc/ldap.secret Authentication methods: 'pam' Syslog facility if syslog is being used for logging: authpriv Syslog priority to use when user authenticates successfully: notice Syslog priority to use when user authenticates unsuccessfully: alert Ignore '.' in $PATH Send mail if the user is not in sudoers Lecture user the first time they run sudo Require users to authenticate by default Root may run sudo Always set $HOME to the target user's home directory Allow some information gathering to give useful error messages Visudo will honor the EDITOR environment variable Set the LOGNAME and USER environment variables Length at which to wrap log file lines (0 for no wrap): 80 Authentication timestamp timeout: 5.0 minutes Password prompt timeout: 5.0 minutes Number of tries to enter a password: 3 Umask to use or 0777 to use user's: 022 Path to mail program: /usr/sbin/sendmail Flags for mail program: -t Address to send mail to: root Subject line for mail messages: *** SECURITY information for %h *** Incorrect password message: Sorry, try again. Path to lecture status dir: /var/db/sudo/lectured Path to authentication timestamp dir: /run/sudo/ts Default password prompt: [sudo] password for %p: Default user to run commands as: root Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin Path to the editor for use by visudo: /bin/vi When to require a password for 'list' pseudocommand: any When to require a password for 'verify' pseudocommand: all File descriptors >= 3 will be closed before executing a command Reset the environment to a default set of variables Environment variables to check for safety: TZ TERM LINGUAS LC_* LANGUAGE LANG COLORTERM Environment variables to remove: *=()* RUBYOPT RUBYLIB PYTHONUSERBASE PYTHONINSPECT PYTHONPATH PYTHONHOME TMPPREFIX ZDOTDIR READNULLCMD NULLCMD FPATH PERL5DB PERL5OPT PERL5LIB PERLLIB PERLIO_DEBUG JAVA_TOOL_OPTIONS SHELLOPTS BASHOPTS GLOBIGNORE PS4 BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN CDPATH IFS Environment variables to preserve: XAUTHORITY _XKB_CHARSET LINGUAS LANGUAGE LC_ALL LC_TIME LC_TELEPHONE LC_PAPER LC_NUMERIC LC_NAME LC_MONETARY LC_MESSAGES LC_MEASUREMENT LC_IDENTIFICATION LC_COLLATE LC_CTYPE LC_ADDRESS LANG USERNAME QTDIR MAIL LS_COLORS KDEDIR HISTSIZE HOSTNAME DISPLAY COLORS Locale to use while parsing sudoers: C Compress I/O logs using zlib Directory in which to store input/output logs: /var/log/sudo-io File in which to store the input/output log: %{seq} Add an entry to the utmp/utmpx file when allocating a pty PAM service name to use: sudo PAM service name to use for login shells: sudo-i Attempt to establish PAM credentials for the target user Create a new PAM session for the command to run in Perform PAM account validation management Enable sudoers netgroup support Check parent directories for writability when editing files with sudoedit Query the group plugin for unknown system groups Allow commands to be run even if sudo cannot write to the audit log Allow commands to be run even if sudo cannot write to the log file Resolve groups in sudoers and match on the group ID, not the name Log entries larger than this value will be split into multiple syslog messages: 960 File mode to use for the I/O log files: 0600 Execute commands by file descriptor instead of by path: digest_only Type of authentication timestamp record: tty Ignore case when matching user names Ignore case when matching group names Log when a command is allowed by sudoers Log when a command is denied by sudoers Sudo log server timeout in seconds: 30 Enable SO_KEEPALIVE socket option on the socket connected to the logserver Verify that the log server's certificate is valid Set the pam remote user to the user running sudo The format of logs to produce: sudo Enable SELinux RBAC support Local IP address and netmask pairs: 192.168.121.29/255.255.255.0 2620:52:0:4968:a163:e8a9:6aa8:88c7/ffff:ffff:ffff:ffff:: fe80::e85c:2471:6e06:f4c1/ffff:ffff:ffff:ffff:: Sudoers I/O plugin version 1.9.5p2 Sudoers audit plugin version 1.9.5p2 2021-09-07T11:51:17Z DEBUG stderr= 2021-09-07T11:51:17Z DEBUG Deleting invalid keytab: '/etc/krb5.keytab'. 2021-09-07T11:51:17Z DEBUG [IPA Discovery] 2021-09-07T11:51:17Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=client026.ipa.test 2021-09-07T11:51:17Z DEBUG Start searching for LDAP SRV record in "ipa.test" (domain of the hostname) and its sub-domains 2021-09-07T11:51:17Z DEBUG Search DNS for SRV record of _ldap._tcp.ipa.test 2021-09-07T11:51:17Z DEBUG DNS record found: 0 100 389 server.ipa.test. 2021-09-07T11:51:17Z DEBUG [Kerberos realm search] 2021-09-07T11:51:17Z DEBUG Search DNS for TXT record of _kerberos.ipa.test 2021-09-07T11:51:19Z DEBUG DNS record found: "IPA.TEST" 2021-09-07T11:51:19Z DEBUG Search DNS for SRV record of _kerberos._udp.ipa.test 2021-09-07T11:51:19Z DEBUG DNS record found: 0 100 88 server.ipa.test. 2021-09-07T11:51:19Z DEBUG [LDAP server check] 2021-09-07T11:51:19Z DEBUG Verifying that server.ipa.test (realm IPA.TEST) is an IPA server 2021-09-07T11:51:19Z DEBUG Init LDAP connection to: ldap://server.ipa.test:389 2021-09-07T11:51:29Z DEBUG Search LDAP server for IPA base DN 2021-09-07T11:51:29Z DEBUG Check if naming context 'dc=ipa,dc=test' is for IPA 2021-09-07T11:51:29Z DEBUG Naming context 'dc=ipa,dc=test' is a valid IPA context 2021-09-07T11:51:29Z DEBUG Search for (objectClass=krbRealmContainer) in dc=ipa,dc=test (sub) 2021-09-07T11:51:29Z DEBUG Found: cn=IPA.TEST,cn=kerberos,dc=ipa,dc=test 2021-09-07T11:51:29Z DEBUG Discovery result: Success; server=server.ipa.test, domain=ipa.test, kdc=server.ipa.test, basedn=dc=ipa,dc=test 2021-09-07T11:51:29Z DEBUG Validated servers: server.ipa.test 2021-09-07T11:51:29Z DEBUG will use discovered domain: ipa.test 2021-09-07T11:51:29Z DEBUG Start searching for LDAP SRV record in "ipa.test" (Validating DNS Discovery) and its sub-domains 2021-09-07T11:51:29Z DEBUG Search DNS for SRV record of _ldap._tcp.ipa.test 2021-09-07T11:51:30Z DEBUG DNS record found: 0 100 389 server.ipa.test. 2021-09-07T11:51:30Z DEBUG DNS validated, enabling discovery 2021-09-07T11:51:30Z DEBUG will use discovered server: server.ipa.test 2021-09-07T11:51:30Z INFO Discovery was successful! 2021-09-07T11:51:30Z DEBUG will use discovered realm: IPA.TEST 2021-09-07T11:51:30Z DEBUG will use discovered basedn: dc=ipa,dc=test 2021-09-07T11:51:30Z INFO Client hostname: client026.ipa.test 2021-09-07T11:51:30Z DEBUG Hostname source: Machine's FQDN 2021-09-07T11:51:30Z INFO Realm: IPA.TEST 2021-09-07T11:51:30Z DEBUG Realm source: Discovered from LDAP DNS records in server.ipa.test 2021-09-07T11:51:30Z INFO DNS Domain: ipa.test 2021-09-07T11:51:30Z DEBUG DNS Domain source: Discovered LDAP SRV records from ipa.test (domain of the hostname) 2021-09-07T11:51:30Z INFO IPA Server: server.ipa.test 2021-09-07T11:51:30Z DEBUG IPA Server source: Discovered from LDAP DNS records in server.ipa.test 2021-09-07T11:51:30Z INFO BaseDN: dc=ipa,dc=test 2021-09-07T11:51:30Z DEBUG BaseDN source: From IPA server ldap://server.ipa.test:389 2021-09-07T11:51:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2021-09-07T11:51:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:51:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:51:30Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:51:30Z DEBUG Starting external process 2021-09-07T11:51:30Z DEBUG args=['/usr/sbin/ipa-rmkeytab', '-k', '/etc/krb5.keytab', '-r', 'IPA.TEST'] 2021-09-07T11:51:30Z DEBUG Process finished, return code=7 2021-09-07T11:51:30Z DEBUG stdout= 2021-09-07T11:51:30Z DEBUG stderr=Failed to set cursor 'No such file or directory' 2021-09-07T11:51:30Z INFO Skipping chrony configuration 2021-09-07T11:51:30Z DEBUG Starting external process 2021-09-07T11:51:30Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:30Z DEBUG Process finished, return code=0 2021-09-07T11:51:30Z DEBUG stdout= 2021-09-07T11:51:30Z DEBUG stderr= 2021-09-07T11:51:30Z DEBUG Starting external process 2021-09-07T11:51:30Z DEBUG args=['/sbin/restorecon', '/etc/krb5.conf.d/freeipa'] 2021-09-07T11:51:30Z DEBUG Process finished, return code=0 2021-09-07T11:51:30Z DEBUG stdout= 2021-09-07T11:51:30Z DEBUG stderr= 2021-09-07T11:51:30Z DEBUG Starting external process 2021-09-07T11:51:30Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2021-09-07T11:51:30Z DEBUG Process finished, return code=0 2021-09-07T11:51:30Z DEBUG stdout=987649933 2021-09-07T11:51:30Z DEBUG stderr= 2021-09-07T11:51:30Z DEBUG Enabling persistent keyring CCACHE 2021-09-07T11:51:30Z DEBUG Writing Kerberos configuration to /tmp/tmpw9u4a8rn: 2021-09-07T11:51:30Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.TEST dns_lookup_realm = false rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] IPA.TEST = { kdc = server.ipa.test:88 master_kdc = server.ipa.test:88 admin_server = server.ipa.test:749 kpasswd_server = server.ipa.test:464 default_domain = ipa.test pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .ipa.test = IPA.TEST ipa.test = IPA.TEST client026.ipa.test = IPA.TEST 2021-09-07T11:51:30Z DEBUG Writing configuration file /tmp/tmpw9u4a8rn 2021-09-07T11:51:30Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.TEST dns_lookup_realm = false rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] IPA.TEST = { kdc = server.ipa.test:88 master_kdc = server.ipa.test:88 admin_server = server.ipa.test:749 kpasswd_server = server.ipa.test:464 default_domain = ipa.test pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .ipa.test = IPA.TEST ipa.test = IPA.TEST client026.ipa.test = IPA.TEST 2021-09-07T11:51:30Z DEBUG Initializing principal admin@IPA.TEST using password 2021-09-07T11:51:30Z DEBUG Starting external process 2021-09-07T11:51:30Z DEBUG args=['/usr/bin/kinit', 'admin@IPA.TEST', '-c', '/tmp/krbcc9lh_tpeo/ccache'] 2021-09-07T11:51:30Z DEBUG Process finished, return code=0 2021-09-07T11:51:30Z DEBUG stdout=Password for admin@IPA.TEST: 2021-09-07T11:51:30Z DEBUG stderr= 2021-09-07T11:51:30Z DEBUG trying to retrieve CA cert via LDAP from server.ipa.test 2021-09-07T11:51:31Z DEBUG retrieving schema for SchemaCache url=ldap://server.ipa.test:389 conn= 2021-09-07T11:51:31Z INFO Successfully retrieved CA cert Subject: CN=Certificate Authority,O=IPA.TEST Issuer: CN=Certificate Authority,O=IPA.TEST Valid From: 2021-09-07 11:42:24 Valid Until: 2041-09-07 11:42:24 2021-09-07T11:51:31Z DEBUG Starting external process 2021-09-07T11:51:31Z DEBUG args=['/usr/sbin/ipa-join', '-s', 'server.ipa.test', '-b', 'dc=ipa,dc=test', '-h', 'client026.ipa.test', '-k', '/etc/krb5.keytab'] 2021-09-07T11:51:40Z DEBUG Process finished, return code=0 2021-09-07T11:51:40Z DEBUG stdout= 2021-09-07T11:51:40Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab 2021-09-07T11:51:40Z INFO Enrolled in IPA realm IPA.TEST 2021-09-07T11:51:40Z DEBUG Starting external process 2021-09-07T11:51:40Z DEBUG args=['/usr/bin/kdestroy'] 2021-09-07T11:51:40Z DEBUG Process finished, return code=0 2021-09-07T11:51:40Z DEBUG stdout= 2021-09-07T11:51:40Z DEBUG stderr= 2021-09-07T11:51:40Z DEBUG Initializing principal host/client026.ipa.test@IPA.TEST using keytab /etc/krb5.keytab 2021-09-07T11:51:40Z DEBUG using ccache /etc/ipa/.dns_ccache 2021-09-07T11:51:40Z DEBUG Attempt 1/5: success 2021-09-07T11:51:40Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2021-09-07T11:51:40Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2021-09-07T11:51:40Z DEBUG Writing configuration file /etc/ipa/default.conf 2021-09-07T11:51:40Z DEBUG #File modified by ipa-client-install [global] basedn = dc=ipa,dc=test realm = IPA.TEST domain = ipa.test server = server.ipa.test host = client026.ipa.test xmlrpc_uri = https://server.ipa.test/ipa/xml enable_ra = True 2021-09-07T11:51:40Z INFO Created /etc/ipa/default.conf 2021-09-07T11:51:40Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2021-09-07T11:51:40Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist 2021-09-07T11:51:40Z DEBUG New SSSD config will be created 2021-09-07T11:51:40Z DEBUG Backing up system configuration file '/etc/authselect/user-nsswitch.conf' 2021-09-07T11:51:40Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2021-09-07T11:51:40Z DEBUG Updating configuration file /etc/authselect/user-nsswitch.conf 2021-09-07T11:51:40Z DEBUG # # /etc/nsswitch.conf # # Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # Valid databases are: aliases, ethers, group, gshadow, hosts, # initgroups, netgroup, networks, passwd, protocols, publickey, # rpc, services, and shadow. # # Valid service provider entries include (in alphabetical order): # # compat Use /etc files plus *_compat pseudo-db # db Use the pre-processed /var/db files # dns Use DNS (Domain Name Service) # files Use the local files in /etc # hesiod Use Hesiod (DNS) for user lookups # # See `info libc 'NSS Basics'` for more information. # # Commonly used alternative service providers (may need installation): # # ldap Use LDAP directory server # myhostname Use systemd host names # mymachines Use systemd machine names # mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD # resolve Use systemd resolved resolver # sss Use System Security Services Daemon (sssd) # systemd Use systemd for dynamic user option # winbind Use Samba winbind support # wins Use Samba wins support # wrapper Use wrapper module for testing # # Notes: # # 'sssd' performs its own 'files'-based caching, so it should generally # come before 'files'. # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long # entries are cached. # # Installation instructions: # # To use 'db', install the appropriate package(s) (provide 'makedb' and # libnss_db.so.*), and place the 'db' in front of 'files' for entries # you want to be looked up first in the databases, like this: # # passwd: db files # shadow: db files # group: db files # In order of likelihood of use to accelerate lookup. passwd: sss files systemd shadow: files group: sss files systemd hosts: files myhostname resolve [!UNAVAIL=return] dns services: files sss netgroup: sss automount: files sss aliases: files ethers: files gshadow: files # Allow initgroups to default to the setting for group. # initgroups: files networks: files dns protocols: files publickey: files rpc: files sudoers: files sss 2021-09-07T11:51:40Z INFO Configured sudoers in /etc/authselect/user-nsswitch.conf 2021-09-07T11:51:41Z INFO Configured /etc/sssd/sssd.conf 2021-09-07T11:51:41Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2021-09-07T11:51:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2021-09-07T11:51:41Z DEBUG Starting external process 2021-09-07T11:51:41Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:41Z DEBUG Process finished, return code=0 2021-09-07T11:51:41Z DEBUG stdout= 2021-09-07T11:51:41Z DEBUG stderr= 2021-09-07T11:51:41Z DEBUG Starting external process 2021-09-07T11:51:41Z DEBUG args=['/sbin/restorecon', '/etc/krb5.conf.d/freeipa'] 2021-09-07T11:51:41Z DEBUG Process finished, return code=0 2021-09-07T11:51:41Z DEBUG stdout= 2021-09-07T11:51:41Z DEBUG stderr= 2021-09-07T11:51:41Z DEBUG Starting external process 2021-09-07T11:51:41Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2021-09-07T11:51:41Z DEBUG Process finished, return code=0 2021-09-07T11:51:41Z DEBUG stdout=987649933 2021-09-07T11:51:41Z DEBUG stderr= 2021-09-07T11:51:41Z DEBUG Enabling persistent keyring CCACHE 2021-09-07T11:51:41Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: 2021-09-07T11:51:41Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.TEST dns_lookup_realm = true rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] IPA.TEST = { pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .ipa.test = IPA.TEST ipa.test = IPA.TEST client026.ipa.test = IPA.TEST 2021-09-07T11:51:41Z DEBUG Writing configuration file /etc/krb5.conf 2021-09-07T11:51:41Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.TEST dns_lookup_realm = true rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] IPA.TEST = { pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .ipa.test = IPA.TEST ipa.test = IPA.TEST client026.ipa.test = IPA.TEST 2021-09-07T11:51:41Z INFO Configured /etc/krb5.conf for IPA realm IPA.TEST 2021-09-07T11:51:41Z DEBUG Starting external process 2021-09-07T11:51:41Z DEBUG args=['/usr/bin/certutil', '-d', '/tmp/tmpd_oxjvdc', '-N', '-f', '/tmp/tmpd_oxjvdc/pwdfile.txt', '-@', '/tmp/tmpd_oxjvdc/pwdfile.txt'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpd_oxjvdc'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout=Warning no default label for /tmp/tmpd_oxjvdc 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpd_oxjvdc/cert9.db'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout=Warning no default label for /tmp/tmpd_oxjvdc/cert9.db 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpd_oxjvdc/key4.db'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout=Warning no default label for /tmp/tmpd_oxjvdc/key4.db 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpd_oxjvdc/pkcs11.txt'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout=Warning no default label for /tmp/tmpd_oxjvdc/pkcs11.txt 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout= 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpd_oxjvdc/pwdfile.txt'] 2021-09-07T11:51:52Z DEBUG Process finished, return code=0 2021-09-07T11:51:52Z DEBUG stdout=Warning no default label for /tmp/tmpd_oxjvdc/pwdfile.txt 2021-09-07T11:51:52Z DEBUG stderr= 2021-09-07T11:51:52Z DEBUG Starting external process 2021-09-07T11:51:52Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/tmp/tmpd_oxjvdc', '-A', '-n', 'CA certificate 1', '-t', 'C,,', '-a', '-f', '/tmp/tmpd_oxjvdc/pwdfile.txt'] 2021-09-07T11:51:58Z DEBUG Process finished, return code=0 2021-09-07T11:51:58Z DEBUG stdout= 2021-09-07T11:51:58Z DEBUG stderr= 2021-09-07T11:51:58Z DEBUG failed to find session_cookie in persistent storage for principal 'host/client026.ipa.test@IPA.TEST' 2021-09-07T11:51:59Z DEBUG trying https://server.ipa.test/ipa/json 2021-09-07T11:51:59Z DEBUG Created connection context.rpcclient_139869309656032 2021-09-07T11:51:59Z DEBUG [try 1]: Forwarding 'schema' to json server 'https://server.ipa.test/ipa/json' 2021-09-07T11:51:59Z DEBUG New HTTP connection (server.ipa.test) 2021-09-07T11:52:02Z DEBUG received Set-Cookie ()'['ipa_session=MagBearerToken=JpLvgdWko2tYy8CznGwnyCIPLr8QdOOPIELxW2uXQ%2b9Y%2fUVrIIY05wX6iY%2foSXPMwJlKVrqKVP1h6CUltvcjYv3ImeCvn0eS78zbLbTTnvNvt6ATxyDKtc8TyWclk6S7WcpDnTyM5EoiM9bDnntsdsGZNmbzeE8p%2fclJ4ppXzWYqFklod39Q0m7KWLO2J4Cimk%2frkwyq6sScG6zN85wmi6UVeV8esQQt69CywZ5c00wbajBtNYhpBcrx%2b95ah0EC;path=/ipa;httponly;secure;']' 2021-09-07T11:52:02Z DEBUG storing cookie 'ipa_session=MagBearerToken=JpLvgdWko2tYy8CznGwnyCIPLr8QdOOPIELxW2uXQ%2b9Y%2fUVrIIY05wX6iY%2foSXPMwJlKVrqKVP1h6CUltvcjYv3ImeCvn0eS78zbLbTTnvNvt6ATxyDKtc8TyWclk6S7WcpDnTyM5EoiM9bDnntsdsGZNmbzeE8p%2fclJ4ppXzWYqFklod39Q0m7KWLO2J4Cimk%2frkwyq6sScG6zN85wmi6UVeV8esQQt69CywZ5c00wbajBtNYhpBcrx%2b95ah0EC;' for principal host/client026.ipa.test@IPA.TEST 2021-09-07T11:52:03Z DEBUG Destroyed connection context.rpcclient_139869309656032 2021-09-07T11:52:03Z DEBUG importing all plugin modules in ipaclient.remote_plugins.schema$d0f9bbb0... 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.remote_plugins.schema$d0f9bbb0.plugins 2021-09-07T11:52:03Z DEBUG importing all plugin modules in ipaclient.plugins... 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.automember 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.automount 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.ca 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.cert 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.certmap 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.certprofile 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.deskprofile 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.dns 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.hbacrule 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.hbactest 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.host 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.idrange 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.internal 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.location 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.migration 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.misc 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.otptoken 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.otptoken_yubikey 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.passwd 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.permission 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.rpcclient 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.server 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.service 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.sudorule 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.topology 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.trust 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.user 2021-09-07T11:52:03Z DEBUG importing plugin module ipaclient.plugins.vault 2021-09-07T11:52:05Z DEBUG found session_cookie in persistent storage for principal 'host/client026.ipa.test@IPA.TEST', cookie: 'ipa_session=MagBearerToken=JpLvgdWko2tYy8CznGwnyCIPLr8QdOOPIELxW2uXQ%2b9Y%2fUVrIIY05wX6iY%2foSXPMwJlKVrqKVP1h6CUltvcjYv3ImeCvn0eS78zbLbTTnvNvt6ATxyDKtc8TyWclk6S7WcpDnTyM5EoiM9bDnntsdsGZNmbzeE8p%2fclJ4ppXzWYqFklod39Q0m7KWLO2J4Cimk%2frkwyq6sScG6zN85wmi6UVeV8esQQt69CywZ5c00wbajBtNYhpBcrx%2b95ah0EC' 2021-09-07T11:52:05Z DEBUG setting session_cookie into context 'ipa_session=MagBearerToken=JpLvgdWko2tYy8CznGwnyCIPLr8QdOOPIELxW2uXQ%2b9Y%2fUVrIIY05wX6iY%2foSXPMwJlKVrqKVP1h6CUltvcjYv3ImeCvn0eS78zbLbTTnvNvt6ATxyDKtc8TyWclk6S7WcpDnTyM5EoiM9bDnntsdsGZNmbzeE8p%2fclJ4ppXzWYqFklod39Q0m7KWLO2J4Cimk%2frkwyq6sScG6zN85wmi6UVeV8esQQt69CywZ5c00wbajBtNYhpBcrx%2b95ah0EC;' 2021-09-07T11:52:05Z DEBUG trying https://server.ipa.test/ipa/session/json 2021-09-07T11:52:05Z DEBUG Created connection context.rpcclient_139869314383344 2021-09-07T11:52:05Z DEBUG Try RPC connection 2021-09-07T11:52:05Z DEBUG [try 1]: Forwarding 'ping' to json server 'https://server.ipa.test/ipa/session/json' 2021-09-07T11:52:05Z DEBUG New HTTP connection (server.ipa.test) 2021-09-07T11:52:05Z DEBUG [try 1]: Forwarding 'ca_is_enabled' to json server 'https://server.ipa.test/ipa/session/json' 2021-09-07T11:52:05Z DEBUG HTTP connection keep-alive (server.ipa.test) 2021-09-07T11:52:06Z DEBUG [try 1]: Forwarding 'config_show' to json server 'https://server.ipa.test/ipa/session/json' 2021-09-07T11:52:06Z DEBUG HTTP connection keep-alive (server.ipa.test) 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/bin/certutil', '-d', '/etc/ipa/nssdb', '-N', '-f', '/etc/ipa/nssdb/pwdfile.txt', '-@', '/etc/ipa/nssdb/pwdfile.txt'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/sbin/restorecon', '-F', '/etc/ipa/nssdb'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/sbin/restorecon', '-F', '/etc/ipa/nssdb/cert9.db'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/sbin/restorecon', '-F', '/etc/ipa/nssdb/key4.db'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/sbin/restorecon', '-F', '/etc/ipa/nssdb/pkcs11.txt'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/usr/sbin/selinuxenabled'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:07Z DEBUG Starting external process 2021-09-07T11:52:07Z DEBUG args=['/sbin/restorecon', '-F', '/etc/ipa/nssdb/pwdfile.txt'] 2021-09-07T11:52:07Z DEBUG Process finished, return code=0 2021-09-07T11:52:07Z DEBUG stdout= 2021-09-07T11:52:07Z DEBUG stderr= 2021-09-07T11:52:08Z DEBUG Adding CA certificates to the IPA NSS database. 2021-09-07T11:52:08Z DEBUG Starting external process 2021-09-07T11:52:08Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/ipa/nssdb', '-A', '-n', 'IPA.TEST IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/ipa/nssdb/pwdfile.txt'] 2021-09-07T11:52:08Z DEBUG Process finished, return code=0 2021-09-07T11:52:08Z DEBUG stdout= 2021-09-07T11:52:08Z DEBUG stderr= 2021-09-07T11:52:08Z DEBUG Starting external process 2021-09-07T11:52:08Z DEBUG args=['/usr/bin/update-ca-trust'] 2021-09-07T11:52:09Z DEBUG Process finished, return code=0 2021-09-07T11:52:09Z DEBUG stdout= 2021-09-07T11:52:09Z DEBUG stderr= 2021-09-07T11:52:09Z INFO Systemwide CA database updated. 2021-09-07T11:52:09Z DEBUG The DNS query name does not exist: client026.ipa.test. 2021-09-07T11:52:09Z WARNING Hostname (client026.ipa.test) does not have A/AAAA record. 2021-09-07T11:52:09Z DEBUG IP check failed: cannot use loopback IP address 127.0.0.1 2021-09-07T11:52:09Z DEBUG IP check successful: 192.168.121.29 2021-09-07T11:52:09Z DEBUG IP check successful: 2620:52:0:4968:a163:e8a9:6aa8:88c7 2021-09-07T11:52:09Z DEBUG IP check failed: cannot use link-local IP address fe80::e85c:2471:6e06:f4c1%eth1 2021-09-07T11:52:09Z DEBUG IP check successful: 192.168.121.29 2021-09-07T11:52:09Z DEBUG Searching for an interface of IP address: 192.168.121.29 2021-09-07T11:52:09Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2021-09-07T11:52:09Z DEBUG Testing local IP address: 192.168.121.29/255.255.255.0 (interface: eth0) 2021-09-07T11:52:09Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2021-09-07T11:52:09Z DEBUG debug update delete client026.ipa.test. IN A show send update delete client026.ipa.test. IN AAAA show send update add client026.ipa.test. 1200 IN A 192.168.121.29 show send 2021-09-07T11:52:09Z DEBUG Starting external process 2021-09-07T11:52:09Z DEBUG args=['/usr/bin/nsupdate', '-g', '/etc/ipa/.dns_update.txt'] 2021-09-07T11:52:35Z DEBUG Process finished, return code=0 2021-09-07T11:52:35Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: client026.ipa.test. 0 ANY A Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65449 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;2324140948.sig-server.ipa.test. ANY TKEY ;; ADDITIONAL SECTION: 2324140948.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015530 1631015530 3 NOERROR 791 YIIDEwYGKwYBBQUCoIIDBzCCAwOgDTALBgkqhkiG9xIBAgKiggLwBIIC 7GCCAugGCSqGSIb3EgECAgEAboIC1zCCAtOgAwIBBaEDAgEOogcDBQAg AAAAo4IB3GGCAdgwggHUoAMCAQWhChsISVBBLlRFU1SiITAfoAMCAQGh GDAWGwNETlMbD3NlcnZlci5pcGEudGVzdKOCAZwwggGYoAMCARKhAwIB AqKCAYoEggGGqMdcRuSrh91/jhaLUpLJW7qETuWjhlgBmL5XeNm0aO2K iJbIbBAEIYnqNU0tBoaD0TirphO/hk4MYEdGc2dJQGaekcU/L7eRCPY4 3DIxkDSKEZX5Fv/OI6Ybky+TdFypKs+d14l10hjCG0rYKZSRm9azZpzj /2jvQdofr4ndhibkGeHUA5VC5cabv1oTk81osrAz5yUHuHsZb5X8yNVO Fhpa8L+sZ+zx643AzBr/BlaZv8BCNKVmqce8+eBJTAoF8qe+x+C+yO7L D8e8xEuszUHqvhBx1UFbPHTDEhaZRL/mGIUiLzeylwAglTUiNPHKDJak xeoOxfjbEJlZ3klRbmKMhoP5xd4hg75pnK0/DS2qjtwuqOs7xlwZlQbh QCUqhn0Jm9KP/YpMI3C3WijoJYkBHGC+kCTXrNT18UPigvLgUtSxi3s0 GTo7FD/d34G6ryALu1uzRd1u/+TQ7P30Q7yx02ybyn70d8PKuHfle8bk PLAwlOpTCDDUoNDCSCn1/bDU5EhqpIHdMIHaoAMCARKigdIEgc/acIe2 z++S7FWKz9eyaIEhDZNwqFplpN2UHWJ+zlZfTPVt5pwYaSKAdmJVB6Ho BhgirAmvS0C2qpbR8NfmdNR/DzEqY+6iXMluDHqWShTcodL2yJ9EAIql 0vQzu2nSoxARBdBfNoqVhSa+4AFknjZzF1flwXJ2ufimPsyp7KE+XsLO kU7OnNUh6ZGHomFMqujKlCrRb9M1OiBssRpTbaQEznFtYh1kvfwS5IXz 0VyxWkKrkJGLY1Hpq4TjHDd3Jfn4uUUur6TBdr0QTsNg0nA= 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 39518 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: client026.ipa.test. 0 ANY A ;; TSIG PSEUDOSECTION: 2324140948.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015530 300 28 BAQE//////8AAAAADnqBj8tZChO+yPRCjX0j7Q== 39518 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: client026.ipa.test. 0 ANY AAAA Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 987 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;637407605.sig-server.ipa.test. ANY TKEY ;; ADDITIONAL SECTION: 637407605.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015548 1631015548 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IB3GGCAdgwggHUoAMCAQWhChsISVBBLlRFU1SiITAfoAMCAQGh GDAWGwNETlMbD3NlcnZlci5pcGEudGVzdKOCAZwwggGYoAMCARKhAwIB AqKCAYoEggGGqMdcRuSrh91/jhaLUpLJW7qETuWjhlgBmL5XeNm0aO2K iJbIbBAEIYnqNU0tBoaD0TirphO/hk4MYEdGc2dJQGaekcU/L7eRCPY4 3DIxkDSKEZX5Fv/OI6Ybky+TdFypKs+d14l10hjCG0rYKZSRm9azZpzj /2jvQdofr4ndhibkGeHUA5VC5cabv1oTk81osrAz5yUHuHsZb5X8yNVO Fhpa8L+sZ+zx643AzBr/BlaZv8BCNKVmqce8+eBJTAoF8qe+x+C+yO7L D8e8xEuszUHqvhBx1UFbPHTDEhaZRL/mGIUiLzeylwAglTUiNPHKDJak xeoOxfjbEJlZ3klRbmKMhoP5xd4hg75pnK0/DS2qjtwuqOs7xlwZlQbh QCUqhn0Jm9KP/YpMI3C3WijoJYkBHGC+kCTXrNT18UPigvLgUtSxi3s0 GTo7FD/d34G6ryALu1uzRd1u/+TQ7P30Q7yx02ybyn70d8PKuHfle8bk PLAwlOpTCDDUoNDCSCn1/bDU5EhqpIHeMIHboAMCARKigdMEgdA77DmR c43F8TF6bhrNkJvmK1DdW2BnwTkLZRvYbwkcyL7zZDxPbk5k6KgrziIE B+aZbaod5WgeDTa8t4S1Wo+MVtGSl0TmzVzRGWnL+/iKYci12JHaMhfV CfmutBY+GSdHo2c6KnG9Pifh+J1PwFuqMwhiKpYwCe8PzLev11x3lKpw 94Peb6G6ltr9YaazION/EUkdwy8jhnQ/xJaLiq6yNl4ME+b46Rp3fDK9 xPfNcyvNyS5Im4Rv3OOhRNafKaA1O+yVh8Ht3wBMgSYKtHrY 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 3620 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: client026.ipa.test. 0 ANY AAAA ;; TSIG PSEUDOSECTION: 637407605.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015551 300 28 BAQE//////8AAAAAKioT6QBLqxzz3ccUyC2XZQ== 3620 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: client026.ipa.test. 1200 IN A 192.168.121.29 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54768 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4065066103.sig-server.ipa.test. ANY TKEY ;; ADDITIONAL SECTION: 4065066103.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015552 1631015552 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IB3GGCAdgwggHUoAMCAQWhChsISVBBLlRFU1SiITAfoAMCAQGh GDAWGwNETlMbD3NlcnZlci5pcGEudGVzdKOCAZwwggGYoAMCARKhAwIB AqKCAYoEggGGqMdcRuSrh91/jhaLUpLJW7qETuWjhlgBmL5XeNm0aO2K iJbIbBAEIYnqNU0tBoaD0TirphO/hk4MYEdGc2dJQGaekcU/L7eRCPY4 3DIxkDSKEZX5Fv/OI6Ybky+TdFypKs+d14l10hjCG0rYKZSRm9azZpzj /2jvQdofr4ndhibkGeHUA5VC5cabv1oTk81osrAz5yUHuHsZb5X8yNVO Fhpa8L+sZ+zx643AzBr/BlaZv8BCNKVmqce8+eBJTAoF8qe+x+C+yO7L D8e8xEuszUHqvhBx1UFbPHTDEhaZRL/mGIUiLzeylwAglTUiNPHKDJak xeoOxfjbEJlZ3klRbmKMhoP5xd4hg75pnK0/DS2qjtwuqOs7xlwZlQbh QCUqhn0Jm9KP/YpMI3C3WijoJYkBHGC+kCTXrNT18UPigvLgUtSxi3s0 GTo7FD/d34G6ryALu1uzRd1u/+TQ7P30Q7yx02ybyn70d8PKuHfle8bk PLAwlOpTCDDUoNDCSCn1/bDU5EhqpIHeMIHboAMCARKigdMEgdBE3/0z GN5pM7DaIpetmaeaYCvCl3zQg8q6AVOGWVVmFubzhyz46tch+d5Mfj8C oIML0AQugTfnPn0USb4Xduk1Yow+Ao1/flduxqT3dG6vaajEXtcOrKwU gVuvR9v+kas/1Ua7g0GsE/Y9pNLSanGtD4HmXnGTvAanNQ1wT2qjprEI PsCHU8cU+vFy+ZMEdqKpnsEg5Xt8grW9guruDfnOUZTvvuMuWwCSv5Ke 551am3TLXyP6FuOFLZ4B6I6OEjpJ8XorT/gdkrsKmg+4EpCC 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 42518 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: client026.ipa.test. 1200 IN A 192.168.121.29 ;; TSIG PSEUDOSECTION: 4065066103.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015553 300 28 BAQE//////8AAAAAJJiIvZHCGofcl0Ek7cGIvQ== 42518 NOERROR 0 2021-09-07T11:52:35Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52921 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;client026.ipa.test. IN SOA ;; AUTHORITY SECTION: ipa.test. 0 IN SOA server.ipa.test. hostmaster.ipa.test. 1631015675 3600 900 1209600 3600 Found zone name: ipa.test The master is: server.ipa.test start_gssrequest Found realm from ticket: IPA.TEST send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65449 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;2324140948.sig-server.ipa.test. ANY TKEY ;; ANSWER SECTION: 2324140948.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015530 1631019130 3 NOERROR 185 oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIB AgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuZFac7HzTNi/U yB97RfosYbDHO+FfkKJMCQ/HxiWxRFXh0MQADIyPDKAM3ojssVbRBLJz 4WQ1qroI/PWiJ59gueuEKvv/jd3nhWpx9pKA3HCX0uTUkN226nk9VAYs ftALNQddqHXp8MHyuqvukmY= 0 ;; TSIG PSEUDOSECTION: 2324140948.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015530 300 28 BAQF//////8AAAAAEdhkyJz98v1zavSGrVKGiQ== 65449 NOERROR 0 Sending update to 192.168.121.18#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 39518 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ipa.test. IN SOA ;; TSIG PSEUDOSECTION: 2324140948.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015548 300 28 BAQF//////8AAAAAEdhkyXnaQUJjU8ZX+YYc0g== 39518 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34358 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;client026.ipa.test. IN SOA ;; AUTHORITY SECTION: ipa.test. 0 IN SOA server.ipa.test. hostmaster.ipa.test. 1631015709 3600 900 1209600 3600 Found zone name: ipa.test The master is: server.ipa.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 987 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;637407605.sig-server.ipa.test. ANY TKEY ;; ANSWER SECTION: 637407605.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015551 1631019151 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvpZeLw8fXVRy1 jy7zASbXuxnE5rsI80q61ymReYy/c8i5/7YH1ov9H6FdvHoi58js1EEw lzyyAF81IMgN6Tq/cNYnnWn1SXFvslcnCK6XZdqBIV3JmrAmw/x0BD9U JB06W+/vOLW980RnyS/SOhGw 0 ;; TSIG PSEUDOSECTION: 637407605.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015551 300 28 BAQF//////8AAAAAMo27maPN6d72q73SVmzTPw== 987 NOERROR 0 Sending update to 192.168.121.18#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 3620 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ipa.test. IN SOA ;; TSIG PSEUDOSECTION: 637407605.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015552 300 28 BAQF//////8AAAAAMo27mrGVoMVxBN3NTrWslQ== 3620 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65066 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;client026.ipa.test. IN SOA ;; AUTHORITY SECTION: ipa.test. 0 IN SOA server.ipa.test. hostmaster.ipa.test. 1631015771 3600 900 1209600 3600 Found zone name: ipa.test The master is: server.ipa.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54768 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4065066103.sig-server.ipa.test. ANY TKEY ;; ANSWER SECTION: 4065066103.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015553 1631019153 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvhAPlJcaQpt4x DZgUrWamk4ftjo3Du+ACFPgT3eCJlzMBVzysixHUBZTaOpumOedS5hH8 4nONUv0yDV2l1gwEQrPIcJ45zH6P0YANnfAjUzNqSxhbgMlLI7Svgb6h /prI3GdkgNvSiJ3hPelWynpR 0 ;; TSIG PSEUDOSECTION: 4065066103.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015553 300 28 BAQF//////8AAAAAIH7xDjY6NO92rRDpdIS9/A== 54768 NOERROR 0 Sending update to 192.168.121.18#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 42518 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ipa.test. IN SOA ;; TSIG PSEUDOSECTION: 4065066103.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015554 300 28 BAQF//////8AAAAAIH7xD4TYIu2ui+RYrrk9GA== 42518 NOERROR 0 2021-09-07T11:52:35Z DEBUG DNS resolver: Query: client026.ipa.test IN A 2021-09-07T11:52:35Z DEBUG DNS resolver: Query: client026.ipa.test IN AAAA 2021-09-07T11:52:35Z DEBUG DNS resolver: No record. 2021-09-07T11:52:35Z DEBUG DNS resolver: Query: 192.168.121.29 IN PTR 2021-09-07T11:52:35Z DEBUG DNS resolver: No record. 2021-09-07T11:52:35Z WARNING Missing reverse record(s) for address(es): 192.168.121.29. 2021-09-07T11:52:35Z DEBUG Starting external process 2021-09-07T11:52:35Z DEBUG args=['/bin/systemctl', 'try-restart', 'certmonger.service'] 2021-09-07T11:52:35Z DEBUG Process finished, return code=0 2021-09-07T11:52:35Z DEBUG stdout= 2021-09-07T11:52:35Z DEBUG stderr= 2021-09-07T11:52:35Z DEBUG Starting external process 2021-09-07T11:52:35Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2021-09-07T11:52:35Z DEBUG Process finished, return code=3 2021-09-07T11:52:35Z DEBUG stdout=inactive 2021-09-07T11:52:35Z DEBUG stderr= 2021-09-07T11:52:35Z DEBUG Restart of certmonger.service complete 2021-09-07T11:52:35Z INFO Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub 2021-09-07T11:52:35Z INFO Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub 2021-09-07T11:52:35Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub 2021-09-07T11:52:35Z DEBUG [try 1]: Forwarding 'host_mod' to json server 'https://server.ipa.test/ipa/session/json' 2021-09-07T11:52:35Z DEBUG HTTP connection keep-alive (server.ipa.test) 2021-09-07T11:52:35Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2021-09-07T11:52:35Z DEBUG debug update delete client026.ipa.test. IN SSHFP show send update add client026.ipa.test. 1200 IN SSHFP 3 1 29CBBB8FD104B07179E31C31BEC7CB84136E9D61 update add client026.ipa.test. 1200 IN SSHFP 3 2 4F7322CBADCB820FE574789F66159BDB9A1A10AB4F5536566D0D0A243C9D7D3A update add client026.ipa.test. 1200 IN SSHFP 4 1 59E0CA0859F6B5E75D12316404DE9F9C6E880172 update add client026.ipa.test. 1200 IN SSHFP 4 2 6CA5E4FA29C43AE51E89CCA35C7F0E1A87841A67808DB12BB6D3E1BC49004F9D update add client026.ipa.test. 1200 IN SSHFP 1 1 0B2A16223EC7B8849EE29AC3A965FE0008D9A6A8 update add client026.ipa.test. 1200 IN SSHFP 1 2 BE52DEE1088B40B82EAA4AE495EFF2E7F32653AA172A61F36EEA851FA0951EB2 show send 2021-09-07T11:52:35Z DEBUG Starting external process 2021-09-07T11:52:35Z DEBUG args=['/usr/bin/nsupdate', '-g', '/etc/ipa/.dns_update.txt'] 2021-09-07T11:53:25Z DEBUG Process finished, return code=0 2021-09-07T11:53:25Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: client026.ipa.test. 0 ANY SSHFP Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12450 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;28703190.sig-server.ipa.test. ANY TKEY ;; ADDITIONAL SECTION: 28703190.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015556 1631015556 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IB3GGCAdgwggHUoAMCAQWhChsISVBBLlRFU1SiITAfoAMCAQGh GDAWGwNETlMbD3NlcnZlci5pcGEudGVzdKOCAZwwggGYoAMCARKhAwIB AqKCAYoEggGGqMdcRuSrh91/jhaLUpLJW7qETuWjhlgBmL5XeNm0aO2K iJbIbBAEIYnqNU0tBoaD0TirphO/hk4MYEdGc2dJQGaekcU/L7eRCPY4 3DIxkDSKEZX5Fv/OI6Ybky+TdFypKs+d14l10hjCG0rYKZSRm9azZpzj /2jvQdofr4ndhibkGeHUA5VC5cabv1oTk81osrAz5yUHuHsZb5X8yNVO Fhpa8L+sZ+zx643AzBr/BlaZv8BCNKVmqce8+eBJTAoF8qe+x+C+yO7L D8e8xEuszUHqvhBx1UFbPHTDEhaZRL/mGIUiLzeylwAglTUiNPHKDJak xeoOxfjbEJlZ3klRbmKMhoP5xd4hg75pnK0/DS2qjtwuqOs7xlwZlQbh QCUqhn0Jm9KP/YpMI3C3WijoJYkBHGC+kCTXrNT18UPigvLgUtSxi3s0 GTo7FD/d34G6ryALu1uzRd1u/+TQ7P30Q7yx02ybyn70d8PKuHfle8bk PLAwlOpTCDDUoNDCSCn1/bDU5EhqpIHeMIHboAMCARKigdMEgdBVpYOI gHBp7aZdC6Ty6cuz0ISF4y9BRzK7g8nJFUBsSHtD1M9xe/4HnNdquxsk LNuKxsrw2wckT02cQicWUnW6E4x4HHPfaBnIJ9BTDs0TYh6jvC5fKn1o dt3GHrSdiMKYMqDt+F123X3Y9FyVSboXhAxg7mLO6xTslKZdiHIutpls GgMGMbDqWFXY0M90o1PHBd1xKr511aTxgGPjE6nu0uMd9WXy1KWiIf2I AZIrc/zLkP2EOWAGmNILHk7kWgLyWIpsh1cHMXvxYAj7CNri 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7613 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: client026.ipa.test. 0 ANY SSHFP ;; TSIG PSEUDOSECTION: 28703190.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015577 300 28 BAQE//////8AAAAADcnw3vang+rm3lP+iZr1Dw== 7613 NOERROR 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: client026.ipa.test. 1200 IN SSHFP 3 1 29CBBB8FD104B07179E31C31BEC7CB84136E9D61 client026.ipa.test. 1200 IN SSHFP 3 2 4F7322CBADCB820FE574789F66159BDB9A1A10AB4F5536566D0D0A24 3C9D7D3A client026.ipa.test. 1200 IN SSHFP 4 1 59E0CA0859F6B5E75D12316404DE9F9C6E880172 client026.ipa.test. 1200 IN SSHFP 4 2 6CA5E4FA29C43AE51E89CCA35C7F0E1A87841A67808DB12BB6D3E1BC 49004F9D client026.ipa.test. 1200 IN SSHFP 1 1 0B2A16223EC7B8849EE29AC3A965FE0008D9A6A8 client026.ipa.test. 1200 IN SSHFP 1 2 BE52DEE1088B40B82EAA4AE495EFF2E7F32653AA172A61F36EEA851F A0951EB2 Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4443 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;682583437.sig-server.ipa.test. ANY TKEY ;; ADDITIONAL SECTION: 682583437.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015603 1631015603 3 NOERROR 792 YIIDFAYGKwYBBQUCoIIDCDCCAwSgDTALBgkqhkiG9xIBAgKiggLxBIIC 7WCCAukGCSqGSIb3EgECAgEAboIC2DCCAtSgAwIBBaEDAgEOogcDBQAg AAAAo4IB3GGCAdgwggHUoAMCAQWhChsISVBBLlRFU1SiITAfoAMCAQGh GDAWGwNETlMbD3NlcnZlci5pcGEudGVzdKOCAZwwggGYoAMCARKhAwIB AqKCAYoEggGGqMdcRuSrh91/jhaLUpLJW7qETuWjhlgBmL5XeNm0aO2K iJbIbBAEIYnqNU0tBoaD0TirphO/hk4MYEdGc2dJQGaekcU/L7eRCPY4 3DIxkDSKEZX5Fv/OI6Ybky+TdFypKs+d14l10hjCG0rYKZSRm9azZpzj /2jvQdofr4ndhibkGeHUA5VC5cabv1oTk81osrAz5yUHuHsZb5X8yNVO Fhpa8L+sZ+zx643AzBr/BlaZv8BCNKVmqce8+eBJTAoF8qe+x+C+yO7L D8e8xEuszUHqvhBx1UFbPHTDEhaZRL/mGIUiLzeylwAglTUiNPHKDJak xeoOxfjbEJlZ3klRbmKMhoP5xd4hg75pnK0/DS2qjtwuqOs7xlwZlQbh QCUqhn0Jm9KP/YpMI3C3WijoJYkBHGC+kCTXrNT18UPigvLgUtSxi3s0 GTo7FD/d34G6ryALu1uzRd1u/+TQ7P30Q7yx02ybyn70d8PKuHfle8bk PLAwlOpTCDDUoNDCSCn1/bDU5EhqpIHeMIHboAMCARKigdMEgdA+hwnE hLsPZnpj2H77XDsMzhcSIwgHJ6cA63Mufo+er/SqkRDlAJLI6Kz7YRsm hcMqgWP+ql3K8jtvpbPzWzFI/UnvUq0R/0CdzF7lKGAG1ylTd0aTB1xk I/6geday+7qA3dmh9RQu2MZph2NiBXTkCW5TUMrg5MhLWUrEdT+xxPNm ra0v+DTCaicE13/hFBm4ojdpJnjJmnRx5nDwTB/WWjIDjVBeyiLKkIxU xHd4LL/C0oJlfvQL7W7XBHdCG4xEHvaLmeiDEk62mF7hwMM7 0 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 17179 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 6, ADDITIONAL: 1 ;; UPDATE SECTION: client026.ipa.test. 1200 IN SSHFP 3 1 29CBBB8FD104B07179E31C31BEC7CB84136E9D61 client026.ipa.test. 1200 IN SSHFP 3 2 4F7322CBADCB820FE574789F66159BDB9A1A10AB4F5536566D0D0A24 3C9D7D3A client026.ipa.test. 1200 IN SSHFP 4 1 59E0CA0859F6B5E75D12316404DE9F9C6E880172 client026.ipa.test. 1200 IN SSHFP 4 2 6CA5E4FA29C43AE51E89CCA35C7F0E1A87841A67808DB12BB6D3E1BC 49004F9D client026.ipa.test. 1200 IN SSHFP 1 1 0B2A16223EC7B8849EE29AC3A965FE0008D9A6A8 client026.ipa.test. 1200 IN SSHFP 1 2 BE52DEE1088B40B82EAA4AE495EFF2E7F32653AA172A61F36EEA851F A0951EB2 ;; TSIG PSEUDOSECTION: 682583437.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015603 300 28 BAQE//////8AAAAAIakalUdLFUvLY3m61gD2vg== 17179 NOERROR 0 2021-09-07T11:53:25Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44145 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;client026.ipa.test. IN SOA ;; AUTHORITY SECTION: ipa.test. 3600 IN SOA server.ipa.test. hostmaster.ipa.test. 1631015824 3600 900 1209600 3600 Found zone name: ipa.test The master is: server.ipa.test start_gssrequest Found realm from ticket: IPA.TEST send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12450 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;28703190.sig-server.ipa.test. ANY TKEY ;; ANSWER SECTION: 28703190.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015577 1631019177 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvyAwMDHQS3WE3 lbygcPzh7IiKGI7JT6nVC8sdDwWC9LNMM9SkMUfb6yxPgeWexwgTLlH4 DoCqlamub/zPOPEFPNAoYb/b+jGi6o/RVFIfvEGG8mnnhXiVvf2mEgB1 gBPJNB1wgNwx7qHohsxU/mrM 0 ;; TSIG PSEUDOSECTION: 28703190.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015577 300 28 BAQF//////8AAAAADvdG3ZElWl4tyqC8dRKsdg== 12450 NOERROR 0 Sending update to 192.168.121.18#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7613 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ipa.test. IN SOA ;; TSIG PSEUDOSECTION: 28703190.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015603 300 28 BAQF//////8AAAAADvdG3q6t0lkgxuIJgxdx9Q== 7613 NOERROR 0 Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9499 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;client026.ipa.test. IN SOA ;; AUTHORITY SECTION: ipa.test. 3600 IN SOA server.ipa.test. hostmaster.ipa.test. 1631015900 3600 900 1209600 3600 Found zone name: ipa.test The master is: server.ipa.test start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4443 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;682583437.sig-server.ipa.test. ANY TKEY ;; ANSWER SECTION: 682583437.sig-server.ipa.test. 0 ANY TKEY gss-tsig. 1631015603 1631019203 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvAOdsXY22WZlJ 9zok3CNkf3PHSJapTJEV4/5/LSZ50+SbBBtcutH0TNBkhldB+KMQvaEo KHjIpsw6S7ZLIK6Ie7Wd2GKaNmTU2ZnUzBKeY/o7UAERc0novahbXew+ FGN5Md0cwXX8KTjbLKM5Ojvq 0 ;; TSIG PSEUDOSECTION: 682583437.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015603 300 28 BAQF//////8AAAAAPksTOBiGUBZeBJtC3A6sDA== 4443 NOERROR 0 Sending update to 192.168.121.18#53 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 17179 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ipa.test. IN SOA ;; TSIG PSEUDOSECTION: 682583437.sig-server.ipa.test. 0 ANY TSIG gss-tsig. 1631015605 300 28 BAQF//////8AAAAAPksTOcXsaxphWoEQ3EVf3A== 17179 NOERROR 0 2021-09-07T11:53:25Z DEBUG Starting external process 2021-09-07T11:53:25Z DEBUG args=['/bin/systemctl', 'list-unit-files', '--full'] 2021-09-07T11:53:27Z DEBUG Process finished, return code=0 2021-09-07T11:53:27Z DEBUG stdout=UNIT FILE STATE VENDOR PRESET proc-sys-fs-binfmt_misc.automount static - -.mount generated - boot.mount generated - dev-hugepages.mount static - dev-mqueue.mount static - proc-fs-nfsd.mount static - proc-sys-fs-binfmt_misc.mount disabled disabled sys-fs-fuse-connections.mount static - sys-kernel-config.mount static - sys-kernel-debug.mount static - sys-kernel-tracing.mount static - tmp.mount masked disabled var-lib-nfs-rpc_pipefs.mount static - systemd-ask-password-console.path static - systemd-ask-password-wall.path static - session-6.scope transient - arp-ethers.service disabled disabled auditd.service enabled enabled auth-rpcgss-module.service static - autofs.service disabled disabled autovt@.service alias - blk-availability.service disabled disabled certmonger.service disabled disabled chrony-wait.service disabled disabled chronyd.service enabled enabled console-getty.service disabled disabled container-getty@.service static - cpupower.service disabled disabled crond.service enabled enabled dbus-broker.service enabled enabled dbus-org.fedoraproject.FirewallD1.service alias - dbus-org.freedesktop.home1.service alias - dbus-org.freedesktop.hostname1.service alias - dbus-org.freedesktop.locale1.service alias - dbus-org.freedesktop.login1.service alias - dbus-org.freedesktop.nm-dispatcher.service alias - dbus-org.freedesktop.oom1.service alias - dbus-org.freedesktop.portable1.service alias - dbus-org.freedesktop.resolve1.service alias - dbus-org.freedesktop.timedate1.service alias - dbus.service alias - debug-shell.service disabled disabled dirsrv@.service disabled disabled dm-event.service static - dnf-makecache.service static - dracut-cmdline.service static - dracut-initqueue.service static - dracut-mount.service static - dracut-pre-mount.service static - dracut-pre-pivot.service static - dracut-pre-trigger.service static - dracut-pre-udev.service static - dracut-shutdown.service static - emergency.service static - firewalld.service enabled enabled fstrim.service static - getty@.service enabled enabled grub-boot-indeterminate.service static - grub2-systemd-integration.service static - gssproxy.service disabled disabled haveged-switch-root.service disabled disabled haveged.service enabled disabled htcacheclean.service static - httpd-init.service static - httpd.service disabled disabled httpd@.service disabled disabled import-state.service enabled enabled initrd-cleanup.service static - initrd-parse-etc.service static - initrd-switch-root.service static - initrd-udevadm-cleanup-db.service static - ipa-ccache-sweep.service disabled disabled ipa-custodia.service disabled disabled ipa-dnskeysyncd.service disabled disabled ipa-epn.service disabled disabled ipa-healthcheck.service disabled disabled ipa-ods-exporter.service disabled disabled ipa-otpd@.service static - ipa.service disabled disabled kadmin.service disabled disabled kmod-static-nodes.service static - kprop.service disabled disabled krb5kdc.service disabled disabled ldconfig.service static - loadmodules.service disabled disabled logrotate.service static - lvm2-lvmpolld.service static - lvm2-monitor.service enabled enabled lvm2-pvscan@.service static - man-db-cache-update.service static - man-db-restart-cache-update.service disabled disabled memcached.service enabled disabled mlocate-updatedb.service static - modprobe@.service static - named-setup-rndc.service static - named.service disabled disabled NetworkManager-dispatcher.service enabled enabled NetworkManager-wait-online.service enabled enabled NetworkManager.service enabled enabled nfs-blkmap.service disabled disabled nfs-convert.service enabled disabled nfs-idmapd.service static - nfs-mountd.service static - nfs-server.service disabled disabled nfs-utils.service static - nfsdcld.service static - nftables.service disabled disabled nis-domainname.service disabled disabled nmb.service disabled disabled oddjobd.service disabled disabled ods-enforcerd.service disabled disabled ods-signerd.service disabled disabled pam_namespace.service static - pkcsslotd.service disabled disabled pki-tomcatd-nuxwdog@.service disabled disabled pki-tomcatd@.service disabled disabled polkit.service static - qemu-guest-agent.service enabled enabled quotaon.service static - rc-local.service static - rdisc.service disabled disabled rescue.service static - rpc-gssd.service static - rpc-statd-notify.service static - rpc-statd.service static - rpcbind.service disabled disabled rpmdb-rebuild.service enabled enabled selinux-autorelabel-mark.service enabled enabled selinux-autorelabel.service static - selinux-check-proper-disable.service disabled disabled serial-getty@.service disabled disabled smb.service disabled disabled sshd-keygen@.service disabled disabled sshd.service enabled enabled sshd@.service static - sssd-autofs.service indirect disabled sssd-ifp.service static - sssd-kcm.service indirect disabled sssd-nss.service indirect disabled sssd-pac.service indirect disabled sssd-pam.service indirect disabled sssd-ssh.service indirect disabled sssd-sudo.service indirect disabled sssd.service enabled enabled sysstat-collect.service static - sysstat-summary.service static - sysstat.service enabled enabled system-update-cleanup.service static - systemd-ask-password-console.service static - systemd-ask-password-wall.service static - systemd-backlight@.service static - systemd-binfmt.service static - systemd-bless-boot.service static - systemd-boot-check-no-failures.service disabled disabled systemd-boot-system-token.service static - systemd-coredump@.service static - systemd-exit.service static - systemd-firstboot.service static - systemd-fsck-root.service static - systemd-fsck@.service static - systemd-halt.service static - systemd-hibernate-resume@.service static - systemd-hibernate.service static - systemd-homed-activate.service enabled disabled systemd-homed.service enabled enabled systemd-hostnamed.service static - systemd-hwdb-update.service static - systemd-hybrid-sleep.service static - systemd-initctl.service static - systemd-journal-catalog-update.service static - systemd-journal-flush.service static - systemd-journald.service static - systemd-journald@.service static - systemd-kexec.service static - systemd-localed.service static - systemd-logind.service static - systemd-machine-id-commit.service static - systemd-modules-load.service static - systemd-network-generator.service disabled disabled systemd-networkd-wait-online.service disabled disabled systemd-networkd.service disabled disabled systemd-oomd.service enabled enabled systemd-portabled.service static - systemd-poweroff.service static - systemd-pstore.service disabled enabled systemd-quotacheck.service static - systemd-random-seed.service static - systemd-reboot.service static - systemd-remount-fs.service enabled-runtime disabled systemd-repart.service static - systemd-resolved.service enabled enabled systemd-rfkill.service static - systemd-suspend-then-hibernate.service static - systemd-suspend.service static - systemd-sysctl.service static - systemd-sysext.service disabled disabled systemd-sysusers.service static - systemd-time-wait-sync.service disabled disabled systemd-timedated.service static - systemd-timesyncd.service disabled disabled systemd-tmpfiles-clean.service static - systemd-tmpfiles-setup-dev.service static - systemd-tmpfiles-setup.service static - systemd-udev-settle.service static - systemd-udev-trigger.service static - systemd-udevd.service static - systemd-update-done.service static - systemd-update-utmp-runlevel.service static - systemd-update-utmp.service static - systemd-user-sessions.service static - systemd-userdbd.service indirect disabled systemd-vconsole-setup.service static - systemd-volatile-root.service static - systemd-zram-setup@.service static - tcsd.service disabled disabled tomcat.service disabled disabled tomcat@.service disabled disabled tuned.service enabled disabled unbound-anchor.service static - user-runtime-dir@.service static - user@.service static - winbind.service disabled disabled system-systemd\x2dcryptsetup.slice static - user.slice static - dbus.socket enabled enabled dm-event.socket enabled enabled httpd.socket disabled disabled ipa-ods-exporter.socket disabled disabled ipa-otpd.socket disabled disabled lvm2-lvmpolld.socket enabled enabled rpcbind.socket disabled disabled sshd.socket disabled disabled sssd-autofs.socket disabled disabled sssd-kcm.socket enabled enabled sssd-nss.socket disabled disabled sssd-pac.socket disabled disabled sssd-pam-priv.socket disabled disabled sssd-pam.socket disabled disabled sssd-ssh.socket disabled disabled sssd-sudo.socket disabled disabled syslog.socket static - systemd-coredump.socket static - systemd-initctl.socket static - systemd-journald-audit.socket static - systemd-journald-dev-log.socket static - systemd-journald-varlink@.socket static - systemd-journald.socket static - systemd-journald@.socket static - systemd-networkd.socket disabled disabled systemd-rfkill.socket static - systemd-udevd-control.socket static - systemd-udevd-kernel.socket static - systemd-userdbd.socket enabled enabled dev-mapper-fedora\x2dswap.swap generated - dev-zram0.swap generated - basic.target static - blockdev@.target static - bluetooth.target static - boot-complete.target static - cryptsetup-pre.target static - cryptsetup.target static - ctrl-alt-del.target alias - default.target alias - dirsrv.target disabled disabled emergency.target static - exit.target disabled disabled final.target static - first-boot-complete.target static - getty-pre.target static - getty.target static - graphical.target static - halt.target disabled disabled hibernate.target static - hybrid-sleep.target static - initrd-fs.target static - initrd-root-device.target static - initrd-root-fs.target static - initrd-switch-root.target static - initrd.target static - kexec.target disabled disabled local-fs-pre.target static - local-fs.target static - multi-user.target indirect disabled network-online.target static - network-pre.target static - network.target static - nfs-client.target enabled disabled nss-lookup.target static - nss-user-lookup.target static - paths.target static - pki-tomcatd-nuxwdog.target disabled disabled pki-tomcatd.target disabled disabled poweroff.target disabled disabled printer.target static - reboot.target enabled enabled remote-cryptsetup.target disabled enabled remote-fs-pre.target static - remote-fs.target disabled enabled remote-veritysetup.target disabled disabled rescue.target static - rpc_pipefs.target static - rpcbind.target static - runlevel0.target alias - runlevel1.target alias - runlevel2.target alias - runlevel3.target alias - runlevel4.target alias - runlevel5.target alias - runlevel6.target alias - selinux-autorelabel.target static - shutdown.target static - sigpwr.target static - sleep.target static - slices.target static - smartcard.target static - sockets.target static - sound.target static - sshd-keygen.target static - suspend-then-hibernate.target static - suspend.target static - swap.target static - sysinit.target static - system-update-pre.target static - system-update.target static - time-set.target static - time-sync.target static - timers.target static - umount.target static - usb-gadget.target static - veritysetup-pre.target static - veritysetup.target static - dnf-makecache.timer enabled enabled fstrim.timer enabled enabled ipa-ccache-sweep.timer disabled disabled ipa-epn.timer disabled disabled ipa-healthcheck.timer disabled disabled logrotate.timer enabled enabled mlocate-updatedb.timer enabled enabled sysstat-collect.timer enabled enabled sysstat-summary.timer enabled enabled systemd-tmpfiles-clean.timer static - unbound-anchor.timer enabled enabled 342 unit files listed. 2021-09-07T11:53:27Z DEBUG stderr= 2021-09-07T11:53:27Z DEBUG Starting external process 2021-09-07T11:53:27Z DEBUG args=['/bin/systemctl', 'list-unit-files', '--full'] 2021-09-07T11:53:44Z DEBUG Process finished, return code=0 2021-09-07T11:53:44Z DEBUG stdout=UNIT FILE STATE VENDOR PRESET proc-sys-fs-binfmt_misc.automount static - -.mount generated - boot.mount generated - dev-hugepages.mount static - dev-mqueue.mount static - proc-fs-nfsd.mount static - proc-sys-fs-binfmt_misc.mount disabled disabled sys-fs-fuse-connections.mount static - sys-kernel-config.mount static - sys-kernel-debug.mount static - sys-kernel-tracing.mount static - tmp.mount masked disabled var-lib-nfs-rpc_pipefs.mount static - systemd-ask-password-console.path static - systemd-ask-password-wall.path static - session-6.scope transient - arp-ethers.service disabled disabled auditd.service enabled enabled auth-rpcgss-module.service static - autofs.service disabled disabled autovt@.service alias - blk-availability.service disabled disabled certmonger.service disabled disabled chrony-wait.service disabled disabled chronyd.service enabled enabled console-getty.service disabled disabled container-getty@.service static - cpupower.service disabled disabled crond.service enabled enabled dbus-broker.service enabled enabled dbus-org.fedoraproject.FirewallD1.service alias - dbus-org.freedesktop.home1.service alias - dbus-org.freedesktop.hostname1.service alias - dbus-org.freedesktop.locale1.service alias - dbus-org.freedesktop.login1.service alias - dbus-org.freedesktop.nm-dispatcher.service alias - dbus-org.freedesktop.oom1.service alias - dbus-org.freedesktop.portable1.service alias - dbus-org.freedesktop.resolve1.service alias - dbus-org.freedesktop.timedate1.service alias - dbus.service alias - debug-shell.service disabled disabled dirsrv@.service disabled disabled dm-event.service static - dnf-makecache.service static - dracut-cmdline.service static - dracut-initqueue.service static - dracut-mount.service static - dracut-pre-mount.service static - dracut-pre-pivot.service static - dracut-pre-trigger.service static - dracut-pre-udev.service static - dracut-shutdown.service static - emergency.service static - firewalld.service enabled enabled fstrim.service static - getty@.service enabled enabled grub-boot-indeterminate.service static - grub2-systemd-integration.service static - gssproxy.service disabled disabled haveged-switch-root.service disabled disabled haveged.service enabled disabled htcacheclean.service static - httpd-init.service static - httpd.service disabled disabled httpd@.service disabled disabled import-state.service enabled enabled initrd-cleanup.service static - initrd-parse-etc.service static - initrd-switch-root.service static - initrd-udevadm-cleanup-db.service static - ipa-ccache-sweep.service disabled disabled ipa-custodia.service disabled disabled ipa-dnskeysyncd.service disabled disabled ipa-epn.service disabled disabled ipa-healthcheck.service disabled disabled ipa-ods-exporter.service disabled disabled ipa-otpd@.service static - ipa.service disabled disabled kadmin.service disabled disabled kmod-static-nodes.service static - kprop.service disabled disabled krb5kdc.service disabled disabled ldconfig.service static - loadmodules.service disabled disabled logrotate.service static - lvm2-lvmpolld.service static - lvm2-monitor.service enabled enabled lvm2-pvscan@.service static - man-db-cache-update.service static - man-db-restart-cache-update.service disabled disabled memcached.service enabled disabled mlocate-updatedb.service static - modprobe@.service static - named-setup-rndc.service static - named.service disabled disabled NetworkManager-dispatcher.service enabled enabled NetworkManager-wait-online.service enabled enabled NetworkManager.service enabled enabled nfs-blkmap.service disabled disabled nfs-convert.service enabled disabled nfs-idmapd.service static - nfs-mountd.service static - nfs-server.service disabled disabled nfs-utils.service static - nfsdcld.service static - nftables.service disabled disabled nis-domainname.service disabled disabled nmb.service disabled disabled oddjobd.service disabled disabled ods-enforcerd.service disabled disabled ods-signerd.service disabled disabled pam_namespace.service static - pkcsslotd.service disabled disabled pki-tomcatd-nuxwdog@.service disabled disabled pki-tomcatd@.service disabled disabled polkit.service static - qemu-guest-agent.service enabled enabled quotaon.service static - rc-local.service static - rdisc.service disabled disabled rescue.service static - rpc-gssd.service static - rpc-statd-notify.service static - rpc-statd.service static - rpcbind.service disabled disabled rpmdb-rebuild.service enabled enabled selinux-autorelabel-mark.service enabled enabled selinux-autorelabel.service static - selinux-check-proper-disable.service disabled disabled serial-getty@.service disabled disabled smb.service disabled disabled sshd-keygen@.service disabled disabled sshd.service enabled enabled sshd@.service static - sssd-autofs.service indirect disabled sssd-ifp.service static - sssd-kcm.service indirect disabled sssd-nss.service indirect disabled sssd-pac.service indirect disabled sssd-pam.service indirect disabled sssd-ssh.service indirect disabled sssd-sudo.service indirect disabled sssd.service enabled enabled sysstat-collect.service static - sysstat-summary.service static - sysstat.service enabled enabled system-update-cleanup.service static - systemd-ask-password-console.service static - systemd-ask-password-wall.service static - systemd-backlight@.service static - systemd-binfmt.service static - systemd-bless-boot.service static - systemd-boot-check-no-failures.service disabled disabled systemd-boot-system-token.service static - systemd-coredump@.service static - systemd-exit.service static - systemd-firstboot.service static - systemd-fsck-root.service static - systemd-fsck@.service static - systemd-halt.service static - systemd-hibernate-resume@.service static - systemd-hibernate.service static - systemd-homed-activate.service enabled disabled systemd-homed.service enabled enabled systemd-hostnamed.service static - systemd-hwdb-update.service static - systemd-hybrid-sleep.service static - systemd-initctl.service static - systemd-journal-catalog-update.service static - systemd-journal-flush.service static - systemd-journald.service static - systemd-journald@.service static - systemd-kexec.service static - systemd-localed.service static - systemd-logind.service static - systemd-machine-id-commit.service static - systemd-modules-load.service static - systemd-network-generator.service disabled disabled systemd-networkd-wait-online.service disabled disabled systemd-networkd.service disabled disabled systemd-oomd.service enabled enabled systemd-portabled.service static - systemd-poweroff.service static - systemd-pstore.service disabled enabled systemd-quotacheck.service static - systemd-random-seed.service static - systemd-reboot.service static - systemd-remount-fs.service enabled-runtime disabled systemd-repart.service static - systemd-resolved.service enabled enabled systemd-rfkill.service static - systemd-suspend-then-hibernate.service static - systemd-suspend.service static - systemd-sysctl.service static - systemd-sysext.service disabled disabled systemd-sysusers.service static - systemd-time-wait-sync.service disabled disabled systemd-timedated.service static - systemd-timesyncd.service disabled disabled systemd-tmpfiles-clean.service static - systemd-tmpfiles-setup-dev.service static - systemd-tmpfiles-setup.service static - systemd-udev-settle.service static - systemd-udev-trigger.service static - systemd-udevd.service static - systemd-update-done.service static - systemd-update-utmp-runlevel.service static - systemd-update-utmp.service static - systemd-user-sessions.service static - systemd-userdbd.service indirect disabled systemd-vconsole-setup.service static - systemd-volatile-root.service static - systemd-zram-setup@.service static - tcsd.service disabled disabled tomcat.service disabled disabled tomcat@.service disabled disabled tuned.service enabled disabled unbound-anchor.service static - user-runtime-dir@.service static - user@.service static - winbind.service disabled disabled system-systemd\x2dcryptsetup.slice static - user.slice static - dbus.socket enabled enabled dm-event.socket enabled enabled httpd.socket disabled disabled ipa-ods-exporter.socket disabled disabled ipa-otpd.socket disabled disabled lvm2-lvmpolld.socket enabled enabled rpcbind.socket disabled disabled sshd.socket disabled disabled sssd-autofs.socket disabled disabled sssd-kcm.socket enabled enabled sssd-nss.socket disabled disabled sssd-pac.socket disabled disabled sssd-pam-priv.socket disabled disabled sssd-pam.socket disabled disabled sssd-ssh.socket disabled disabled sssd-sudo.socket disabled disabled syslog.socket static - systemd-coredump.socket static - systemd-initctl.socket static - systemd-journald-audit.socket static - systemd-journald-dev-log.socket static - systemd-journald-varlink@.socket static - systemd-journald.socket static - systemd-journald@.socket static - systemd-networkd.socket disabled disabled systemd-rfkill.socket static - systemd-udevd-control.socket static - systemd-udevd-kernel.socket static - systemd-userdbd.socket enabled enabled dev-mapper-fedora\x2dswap.swap generated - dev-zram0.swap generated - basic.target static - blockdev@.target static - bluetooth.target static - boot-complete.target static - cryptsetup-pre.target static - cryptsetup.target static - ctrl-alt-del.target alias - default.target alias - dirsrv.target disabled disabled emergency.target static - exit.target disabled disabled final.target static - first-boot-complete.target static - getty-pre.target static - getty.target static - graphical.target static - halt.target disabled disabled hibernate.target static - hybrid-sleep.target static - initrd-fs.target static - initrd-root-device.target static - initrd-root-fs.target static - initrd-switch-root.target static - initrd.target static - kexec.target disabled disabled local-fs-pre.target static - local-fs.target static - multi-user.target indirect disabled network-online.target static - network-pre.target static - network.target static - nfs-client.target enabled disabled nss-lookup.target static - nss-user-lookup.target static - paths.target static - pki-tomcatd-nuxwdog.target disabled disabled pki-tomcatd.target disabled disabled poweroff.target disabled disabled printer.target static - reboot.target enabled enabled remote-cryptsetup.target disabled enabled remote-fs-pre.target static - remote-fs.target disabled enabled remote-veritysetup.target disabled disabled rescue.target static - rpc_pipefs.target static - rpcbind.target static - runlevel0.target alias - runlevel1.target alias - runlevel2.target alias - runlevel3.target alias - runlevel4.target alias - runlevel5.target alias - runlevel6.target alias - selinux-autorelabel.target static - shutdown.target static - sigpwr.target static - sleep.target static - slices.target static - smartcard.target static - sockets.target static - sound.target static - sshd-keygen.target static - suspend-then-hibernate.target static - suspend.target static - swap.target static - sysinit.target static - system-update-pre.target static - system-update.target static - time-set.target static - time-sync.target static - timers.target static - umount.target static - usb-gadget.target static - veritysetup-pre.target static - veritysetup.target static - dnf-makecache.timer enabled enabled fstrim.timer enabled enabled ipa-ccache-sweep.timer disabled disabled ipa-epn.timer disabled disabled ipa-healthcheck.timer disabled disabled logrotate.timer enabled enabled mlocate-updatedb.timer enabled enabled sysstat-collect.timer enabled enabled sysstat-summary.timer enabled enabled systemd-tmpfiles-clean.timer static - unbound-anchor.timer enabled enabled 342 unit files listed. 2021-09-07T11:53:44Z DEBUG stderr= 2021-09-07T11:53:44Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:53:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2021-09-07T11:53:44Z DEBUG Starting external process 2021-09-07T11:53:44Z DEBUG args=['/usr/bin/authselect', 'select', 'sssd', 'with-sudo', '--force', '--backup=pre_ipaclient_20210907115344'] 2021-09-07T11:53:44Z DEBUG Process finished, return code=0 2021-09-07T11:53:44Z DEBUG stdout=Backup stored at /var/lib/authselect/backups/pre_ipaclient_20210907115344 Profile "sssd" was selected. The following nsswitch maps are overwritten by the profile: - passwd - group - netgroup - automount - services - sudoers Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. 2021-09-07T11:53:44Z DEBUG stderr= 2021-09-07T11:53:44Z INFO SSSD enabled 2021-09-07T11:53:44Z DEBUG Starting external process 2021-09-07T11:53:44Z DEBUG args=['/bin/systemctl', 'restart', 'sssd.service'] 2021-09-07T11:54:17Z DEBUG Process finished, return code=0 2021-09-07T11:54:17Z DEBUG stdout= 2021-09-07T11:54:17Z DEBUG stderr= 2021-09-07T11:54:17Z DEBUG Starting external process 2021-09-07T11:54:17Z DEBUG args=['/bin/systemctl', 'is-active', 'sssd.service'] 2021-09-07T11:54:17Z DEBUG Process finished, return code=0 2021-09-07T11:54:17Z DEBUG stdout=active 2021-09-07T11:54:17Z DEBUG stderr= 2021-09-07T11:54:17Z DEBUG Restart of sssd.service complete 2021-09-07T11:54:17Z DEBUG Starting external process 2021-09-07T11:54:17Z DEBUG args=['/bin/systemctl', 'enable', 'sssd.service']