<html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 03/24/2015 09:17 PM, Anthony Lanni wrote:<br> </div> <blockquote cite="mid:CAFWwCxx-_w+pV0qDYWDWsLwB+rdYfPOKyg5WMQ_ZVsV7QpJmBQ@mail.gmail.com" type="cite"> <div dir="ltr">While running ipa-server-install, it's failing out at the end with an error regarding the client install on the server. This happens regardless of how I input the options, but here's the latest command: <div><br> <div>ipa-server-install --setup-dns -N --idstart=1000 -r <a moz-do-not-send="true" href="http://EXAMPLE.COM">EXAMPLE.COM</a> -n <a moz-do-not-send="true" href="http://example.com">example.com</a> -p passwd1 -a passwd2 --hostname=<a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a> --forwarder=10.0.1.20 --forwarder=10.0.1.21 --reverse-zone=1.0.10.in-addr.arpa. -d<br> </div> <div><br> </div> <div>Runs through the entire setup and gives me this:</div> <div><br> </div> <div>[...]</div> <div> <div>ipa : DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain <a moz-do-not-send="true" href="http://example.com">example.com</a> --server <a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a> --realm <a moz-do-not-send="true" href="http://EXAMPLE.COM">EXAMPLE.COM</a> --hostname <a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div> <div>ipa : DEBUG stdout=</div> <div><br> </div> <div>ipa : DEBUG stderr=Hostname: <a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div> <div>Realm: <a moz-do-not-send="true" href="http://EXAMPLE.COM">EXAMPLE.COM</a></div> <div>DNS Domain: <a moz-do-not-send="true" href="http://example.com">example.com</a></div> <div>IPA Server: <a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a></div> <div>BaseDN: dc=example,dc=com</div> <div>New SSSD config will be created</div> <div>Configured /etc/sssd/sssd.conf</div> <div>Traceback (most recent call last):</div> <div> File "/usr/sbin/ipa-client-install", line 2377, in <module></div> <div> sys.exit(main())</div> <div> File "/usr/sbin/ipa-client-install", line 2363, in main</div> <div> rval = install(options, env, fstore, statestore)</div> <div> File "/usr/sbin/ipa-client-install", line 2135, in install</div> <div> delete_persistent_client_session_data(host_principal)</div> <div> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in delete_persistent_client_session_data</div> <div> kernel_keyring.del_key(keyname)</div> <div> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 99, in del_key</div> <div> real_key = get_real_key(key)</div> <div> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 45, in get_real_key</div> <div> (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key], raiseonerr=False)</div> </div> </div> </div> </blockquote> <br> Is keyctl installed? Can you run it manually?<br> Any SELinux denials?<br> <br> <blockquote cite="mid:CAFWwCxx-_w+pV0qDYWDWsLwB+rdYfPOKyg5WMQ_ZVsV7QpJmBQ@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div> File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295, in run</div> <div> close_fds=True, env=env, cwd=cwd)</div> <div> File "/usr/lib64/python2.6/subprocess.py", line 642, in __init__</div> <div> errread, errwrite)</div> <div> File "/usr/lib64/python2.6/subprocess.py", line 1234, in _execute_child</div> <div> raise child_exception</div> <div>OSError: [Errno 8] Exec format error</div> <div><br> </div> <div>ipa : INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script</div> <div> return_value = main_function()</div> <div><br> </div> <div> File "/usr/sbin/ipa-server-install", line 1103, in main</div> <div> sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e))</div> <div><br> </div> <div>ipa : INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!</div> <div>ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain <a moz-do-not-send="true" href="http://example.com">example.com</a> --server <a moz-do-not-send="true" href="http://ldap-server-01.example.com">ldap-server-01.example.com</a> --realm <a moz-do-not-send="true" href="http://EXAMPLE.COM">EXAMPLE.COM</a> --hostname <a moz-do-not-send="true" href="http://ldap-server-01.advdc.com">ldap-server-01.advdc.com</a>' returned non-zero exit status 1</div> <div><br> </div> </div> <div><br> </div> <div>Same details (without the debug messages, of course) in /var/log/ipaserver-install.log. From ipaclient-install.log:</div> <div>[...]</div> <div> <div>2015-03-24T23:15:26Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf'</div> <div>2015-03-24T23:15:26Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist</div> <div>2015-03-24T23:15:26Z INFO New SSSD config will be created</div> <div>2015-03-24T23:15:26Z INFO Configured /etc/sssd/sssd.conf</div> <div>2015-03-24T23:15:26Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt</div> <div>2015-03-24T23:15:26Z DEBUG stdout=</div> <div>2015-03-24T23:15:26Z DEBUG stderr=</div> <div>2015-03-24T23:15:26Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/<a moz-do-not-send="true" href="mailto:ldap-server-01.example.com@EXAMPLE.COM">ldap-server-01.example.com@EXAMPLE.COM</a></div> <div>2015-03-24T23:15:26Z DEBUG stdout=</div> <div>2015-03-24T23:15:26Z DEBUG stderr=</div> </div> <div><br> </div> <div>I'm running on CENTOS 6.5, freeipa 3.0.0.37</div> <div><br> </div> <div> <div>#> ipactl status</div> <div>Directory Service: RUNNING</div> <div>KDC Service: RUNNING</div> <div>KPASSWD Service: RUNNING</div> <div>DNS Service: RUNNING</div> <div>MEMCACHE Service: RUNNING</div> <div>HTTP Service: RUNNING</div> <div>CA Service: RUNNING</div> </div> <div><br> </div> <div>I noticed that there's no host certificate for the server when I look at the host details in the web interface.</div> <div><br clear="all"> <div> <div class="gmail_signature"> <div dir="ltr"> <div>thx<br> </div> anthony<br> </div> </div> </div> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </body> </html>