[Freeipa-users] Problem installing client on server

Rob Crittenden rcritten at redhat.com
Fri Nov 4 13:52:32 UTC 2011 

tomasz.napierala at allegro.pl wrote:
> Hi,
>
> We are (again) evaluationg FreeIPA 2.x and I run into troubles installing client on ipa server. It happend before on other server, but I thought it might be due to the fact, that FreeIPA was installed and uninstalled there for several times. This time it's a fresh install.
> [root at ipa20-test ~]# rpm -qa |grep freeipa
> freeipa-client-2.1.3-2.fc15.x86_64
> freeipa-admintools-2.1.3-2.fc15.x86_64
> freeipa-server-selinux-2.1.3-2.fc15.x86_64
> freeipa-python-2.1.3-2.fc15.x86_64
> freeipa-server-2.1.3-2.fc15.x86_64
>
> Last lines form output:
> done configuring dirsrv.
> Restarting the directory server
> Restarting the KDC
> Restarting the web server
> Sample zone file for bind has been created in /tmp/sample.zone.iQ1QBH.db
> Configuration of client side components failed!
> ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain dc2 --server ipa20-test.dc2 --realm GATECH --hostname ipa20-test.dc2' returned non-zero exit status 1
>
> Launching it agian:
> [root at ipa20-test ~]# /usr/sbin/ipa-client-install --on-master --unattended --domain dc2 --server ipa20-test.dc2 --realm GATECH --hostname ipa20-test.dc2
> Failed to verify that ipa20-test.dc2 is an IPA Server.
> This may mean that the remote server is not up or is not reachable
> due to network or firewall settings.
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
>
> ipaclient-install..og:
> 2011-11-04 14:11:18,799 DEBUG Init ldap with: ldap://ipa20-test.dc2:389
> 2011-11-04 14:11:18,812 DEBUG Search LDAP server for IPA base DN
> 2011-11-04 14:11:18,814 DEBUG Check if naming context 'dc=gatech' is for IPA
> 2011-11-04 14:11:18,815 DEBUG Naming context 'dc=gatech' is a valid IPA context
> 2011-11-04 14:11:18,815 DEBUG Search for (objectClass=krbRealmContainer) in dc=gatech(sub)
> 2011-11-04 14:11:18,816 DEBUG Found: [('cn=GATECH,cn=kerberos,dc=gatech', {'krbSubTrees': ['dc=gatech'], 'cn': ['GATECH'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})]
> 2011-11-04 14:11:18,817 DEBUG will use domain: dc2
>
> 2011-11-04 14:11:18,817 DEBUG will use server: ipa20-test.dc2
>
> Anyone have a clue what might be the reason?
>
> Regards,	

Can you provide more context from the client install log (or the whole log)?

rob

More information about the Freeipa-users mailing list