[Freeipa-users] ipa-client-install failing on new ipa-server
Anthony Lanni
anthony at advertise.com
Wed Mar 25 01:17:46 UTC 2015
While running ipa-server-install, it's failing out at the end with an error
regarding the client install on the server. This happens regardless of how
I input the options, but here's the latest command:
ipa-server-install --setup-dns -N --idstart=1000 -r EXAMPLE.COM -n
example.com -p passwd1 -a passwd2 --hostname=ldap-server-01.example.com
--forwarder=10.0.1.20 --forwarder=10.0.1.21
--reverse-zone=1.0.10.in-addr.arpa. -d
Runs through the entire setup and gives me this:
[...]
ipa : DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain example.com --server ldap-server-01.example.com
--realm EXAMPLE.COM --hostname ldap-server-01.example.com
ipa : DEBUG stdout=
ipa : DEBUG stderr=Hostname: ldap-server-01.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ldap-server-01.example.com
BaseDN: dc=example,dc=com
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 2377, in <module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 2363, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 2135, in install
delete_persistent_client_session_data(host_principal)
File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in
delete_persistent_client_session_data
kernel_keyring.del_key(keyname)
File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line
99, in del_key
real_key = get_real_key(key)
File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line
45, in get_real_key
(stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key],
raiseonerr=False)
File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295,
in run
close_fds=True, env=env, cwd=cwd)
File "/usr/lib64/python2.6/subprocess.py", line 642, in __init__
errread, errwrite)
File "/usr/lib64/python2.6/subprocess.py", line 1234, in _execute_child
raise child_exception
OSError: [Errno 8] Exec format error
ipa : INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 1103, in main
sys.exit("Configuration of client side components
failed!\nipa-client-install returned: " + str(e))
ipa : INFO The ipa-server-install command failed, exception:
SystemExit: Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain example.com --server
ldap-server-01.example.com --realm EXAMPLE.COM --hostname
ldap-server-01.advdc.com' returned non-zero exit status 1
Same details (without the debug messages, of course) in
/var/log/ipaserver-install.log. From ipaclient-install.log:
[...]
2015-03-24T23:15:26Z DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2015-03-24T23:15:26Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf'
doesn't exist
2015-03-24T23:15:26Z INFO New SSSD config will be created
2015-03-24T23:15:26Z INFO Configured /etc/sssd/sssd.conf
2015-03-24T23:15:26Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n
IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2015-03-24T23:15:26Z DEBUG stdout=
2015-03-24T23:15:26Z DEBUG stderr=
2015-03-24T23:15:26Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/
ldap-server-01.example.com at EXAMPLE.COM
2015-03-24T23:15:26Z DEBUG stdout=
2015-03-24T23:15:26Z DEBUG stderr=
I'm running on CENTOS 6.5, freeipa 3.0.0.37
#> ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
I noticed that there's no host certificate for the server when I look at
the host details in the web interface.
thx
anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150324/4317528a/attachment.htm>
More information about the Freeipa-users
mailing list