<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 03/24/2015 09:17 PM, Anthony Lanni
wrote:<br>
</div>
<blockquote
cite="mid:CAFWwCxx-_w+pV0qDYWDWsLwB+rdYfPOKyg5WMQ_ZVsV7QpJmBQ@mail.gmail.com"
type="cite">
<div dir="ltr">While running ipa-server-install, it's failing out
at the end with an error regarding the client install on the
server. This happens regardless of how I input the options, but
here's the latest command:
<div><br>
<div>ipa-server-install --setup-dns -N --idstart=1000 -r <a
moz-do-not-send="true" href="http://EXAMPLE.COM">EXAMPLE.COM</a>
-n <a moz-do-not-send="true" href="http://example.com">example.com</a>
-p passwd1 -a passwd2 --hostname=<a moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a>
--forwarder=10.0.1.20 --forwarder=10.0.1.21
--reverse-zone=1.0.10.in-addr.arpa. -d<br>
</div>
<div><br>
</div>
<div>Runs through the entire setup and gives me this:</div>
<div><br>
</div>
<div>[...]</div>
<div>
<div>ipa : DEBUG
args=/usr/sbin/ipa-client-install --on-master
--unattended --domain <a moz-do-not-send="true"
href="http://example.com">example.com</a> --server <a
moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a>
--realm <a moz-do-not-send="true"
href="http://EXAMPLE.COM">EXAMPLE.COM</a> --hostname <a
moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div>
<div>ipa : DEBUG stdout=</div>
<div><br>
</div>
<div>ipa : DEBUG stderr=Hostname: <a
moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div>
<div>Realm: <a moz-do-not-send="true"
href="http://EXAMPLE.COM">EXAMPLE.COM</a></div>
<div>DNS Domain: <a moz-do-not-send="true"
href="http://example.com">example.com</a></div>
<div>IPA Server: <a moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div>
<div>BaseDN: dc=example,dc=com</div>
<div>New SSSD config will be created</div>
<div>Configured /etc/sssd/sssd.conf</div>
<div>Traceback (most recent call last):</div>
<div> File "/usr/sbin/ipa-client-install", line 2377, in
<module></div>
<div> sys.exit(main())</div>
<div> File "/usr/sbin/ipa-client-install", line 2363, in
main</div>
<div> rval = install(options, env, fstore, statestore)</div>
<div> File "/usr/sbin/ipa-client-install", line 2135, in
install</div>
<div>
delete_persistent_client_session_data(host_principal)</div>
<div> File
"/usr/lib/python2.6/site-packages/ipalib/rpc.py", line
124, in delete_persistent_client_session_data</div>
<div> kernel_keyring.del_key(keyname)</div>
<div> File
"/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py",
line 99, in del_key</div>
<div> real_key = get_real_key(key)</div>
<div> File
"/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py",
line 45, in get_real_key</div>
<div> (stdout, stderr, rc) = run(['keyctl', 'search',
KEYRING, KEYTYPE, key], raiseonerr=False)</div>
</div>
</div>
</div>
</blockquote>
<br>
Is keyctl installed? Can you run it manually?<br>
Any SELinux denials?<br>
<br>
<blockquote
cite="mid:CAFWwCxx-_w+pV0qDYWDWsLwB+rdYfPOKyg5WMQ_ZVsV7QpJmBQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div> File
"/usr/lib/python2.6/site-packages/ipapython/ipautil.py",
line 295, in run</div>
<div> close_fds=True, env=env, cwd=cwd)</div>
<div> File "/usr/lib64/python2.6/subprocess.py", line 642,
in __init__</div>
<div> errread, errwrite)</div>
<div> File "/usr/lib64/python2.6/subprocess.py", line 1234,
in _execute_child</div>
<div> raise child_exception</div>
<div>OSError: [Errno 8] Exec format error</div>
<div><br>
</div>
<div>ipa : INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script</div>
<div> return_value = main_function()</div>
<div><br>
</div>
<div> File "/usr/sbin/ipa-server-install", line 1103, in
main</div>
<div> sys.exit("Configuration of client side components
failed!\nipa-client-install returned: " + str(e))</div>
<div><br>
</div>
<div>ipa : INFO The ipa-server-install command
failed, exception: SystemExit: Configuration of client
side components failed!</div>
<div>ipa-client-install returned: Command
'/usr/sbin/ipa-client-install --on-master --unattended
--domain <a moz-do-not-send="true"
href="http://example.com">example.com</a> --server <a
moz-do-not-send="true"
href="http://ldap-server-01.example.com">ldap-server-01.example.com</a>
--realm <a moz-do-not-send="true"
href="http://EXAMPLE.COM">EXAMPLE.COM</a> --hostname <a
moz-do-not-send="true"
href="http://ldap-server-01.advdc.com">ldap-server-01.advdc.com</a>'
returned non-zero exit status 1</div>
<div><br>
</div>
</div>
<div><br>
</div>
<div>Same details (without the debug messages, of course) in
/var/log/ipaserver-install.log. From ipaclient-install.log:</div>
<div>[...]</div>
<div>
<div>2015-03-24T23:15:26Z DEBUG Backing up system
configuration file '/etc/sssd/sssd.conf'</div>
<div>2015-03-24T23:15:26Z DEBUG -> Not backing up -
'/etc/sssd/sssd.conf' doesn't exist</div>
<div>2015-03-24T23:15:26Z INFO New SSSD config will be
created</div>
<div>2015-03-24T23:15:26Z INFO Configured
/etc/sssd/sssd.conf</div>
<div>2015-03-24T23:15:26Z DEBUG args=/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt</div>
<div>2015-03-24T23:15:26Z DEBUG stdout=</div>
<div>2015-03-24T23:15:26Z DEBUG stderr=</div>
<div>2015-03-24T23:15:26Z DEBUG args=/usr/bin/kinit -k -t
/etc/krb5.keytab host/<a moz-do-not-send="true"
href="mailto:ldap-server-01.example.com@EXAMPLE.COM">ldap-server-01.example.com@EXAMPLE.COM</a></div>
<div>2015-03-24T23:15:26Z DEBUG stdout=</div>
<div>2015-03-24T23:15:26Z DEBUG stderr=</div>
</div>
<div><br>
</div>
<div>I'm running on CENTOS 6.5, freeipa 3.0.0.37</div>
<div><br>
</div>
<div>
<div>#> ipactl status</div>
<div>Directory Service: RUNNING</div>
<div>KDC Service: RUNNING</div>
<div>KPASSWD Service: RUNNING</div>
<div>DNS Service: RUNNING</div>
<div>MEMCACHE Service: RUNNING</div>
<div>HTTP Service: RUNNING</div>
<div>CA Service: RUNNING</div>
</div>
<div><br>
</div>
<div>I noticed that there's no host certificate for the server
when I look at the host details in the web interface.</div>
<div><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>thx<br>
</div>
anthony<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>