So I am trying to get Foreman to work with FreeIPA to join the realm on provisioning. I have smart proxy running and it registers the server in FreeIPA but it doesn’t complete enrollment. I do see an error in the IPA logs that seems to indicate its not getting the correct one time password as shown below.
019-06-05T08:00:33Z DEBUG Starting external process 2019-06-05T08:00:33Z DEBUG args=/usr/sbin/ipa-join -s ipa01.phantomnet.lan -b dc=phantomnet,dc=lan -h centos-test.phantomnet.lan -w XXXXXXXX 2019-06-05T08:00:34Z DEBUG Process finished, return code=15 2019-06-05T08:00:34Z DEBUG stdout= 2019-06-05T08:00:34Z DEBUG stderr=Incorrect password.
So I am not clear on why this is happening as I followed the instructions on the Foreman site and the keytab was generated. However I do see this on the provisioned servers logs.
2019-06-05T08:00:33Z DEBUG Starting external process 2019-06-05T08:00:33Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r PHANTOMNET.LAN 2019-06-05T08:00:33Z DEBUG Process finished, return code=3 2019-06-05T08:00:33Z DEBUG stdout= 2019-06-05T08:00:33Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No such file or directory
I am expecting that once a server is provisioned it should be enrolled in FreeIPA as well but I am not seeing that. Only the host entry itself.
Foreman and Proxy versions:
Anybody come across this? or have an idea what I might be missing?
I can provide more logs if necessary but I am not sure where else to look to determine what I am missing from the configuration