[Freeipa-users] ipa-client-install failure
Dmitri Pal
dpal at redhat.com
Sun Mar 22 19:23:09 UTC 2015
On 03/22/2015 11:24 AM, Roberto Cornacchia wrote:
> Thanks Rob.
>
> Knowing that /etc/nsswitch.conf is created wrongly is a step forward,
> although we don't know why that happens yet.
> I'm not very keen on fixing it post-installation (except if this is
> just to learn more about the issue), even if this seems to solve
> problems. I'm not going to deploy freeIPA for real before I can at
> least run successfully a plain installation.
>
> It seems SELinux can be ruled out as well.
> I switched to permissive mode and tried again, no difference.
>
> And so far I haven't been able to find anything useful in the logs.
>
> What strikes me is that these are really a plain and up to date FC21
> machines, and my deployment was as from the book. The last of the
> settings you'd expect issues from.
>
> Can anyone (user or developer) confirm successful deployment of both
> server and client on up-to-date (updated this week) FC21 systems? I
> know it's maybe a bit far-fetched, but could any of the latest FC
> updates have created the issue?
May be.
To config nsswitch we call authconfig so may be there is something weird
with it, can you check?
>
> Roberto
>
>
> On 21 March 2015 at 17:26, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Roberto Cornacchia wrote:
> > Hi Rob,
> >
> > Yes, sssd is running and this is sssd.conf:
> >
> > [domain/hq.example.com <http://hq.example.com>
> <http://hq.example.com>]
> > debug_level=9
> > cache_credentials = True
> > krb5_store_password_if_offline = True
> > ipa_domain = hq.example.com <http://hq.example.com>
> <http://hq.example.com>
> > id_provider = ipa
> > auth_provider = ipa
> > access_provider = ipa
> > ipa_hostname = meson.hq.example.com <http://meson.hq.example.com>
> > chpass_provider = ipa
> > ipa_server = _srv_, ipa.hq.example.com <http://ipa.hq.example.com>
> > ldap_tls_cacert = /etc/ipa/ca.crt
> > [sssd]
> > services = nss, sudo, pam, ssh
> > config_file_version = 2
> >
> > domains = hq.example.com <http://hq.example.com>
> > [nss]
> > homedir_substring = /home
> > debug_level=9
> >
> > [pam]
> >
> > [sudo]
> >
> > [autofs]
> >
> > [ssh]
> >
> > [pac]
> >
> > [ifp]
>
> Ok, that's good. Maybe authconfig didn't do the right thing. I'd
> add sss
> to these values in /etc/nsswitch.conf, grepp'd from mine:
>
> passwd: files sss
> shadow: files sss
> group: files sss
> services: files sss
> netgroup: files sss
> automount: files sss
> sudoers: sss
>
> You've got quite a mix of odd things happening during install. It
> seems
> like DNS and firewall can be ruled out given that lots of other
> operations are working fine, and you've confirmed that NTP works
> pre-install.
>
> I guess working on a cleanish system, the things I'd look for on both
> client and server are the system logs to see if any errors are being
> thrown to syslog or service-specific logs.
>
> And I'd check for SELinux errors on the client if you're in
> enforcing mode.
>
> rob
>
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150322/336fdd25/attachment.htm>
More information about the Freeipa-users
mailing list