[Freeipa-users] ipa-client-install failing on new ipa-server
Martin Kosek
mkosek at redhat.com
Wed Mar 25 12:34:58 UTC 2015
On 03/25/2015 04:11 AM, Dmitri Pal wrote:
> On 03/24/2015 09:17 PM, Anthony Lanni wrote:
>> While running ipa-server-install, it's failing out at the end with an error
>> regarding the client install on the server. This happens regardless of how I
>> input the options, but here's the latest command:
>>
>> ipa-server-install --setup-dns -N --idstart=1000 -r EXAMPLE.COM
>> <http://EXAMPLE.COM> -n example.com <http://example.com> -p passwd1 -a
>> passwd2 --hostname=ldap-server-01.example.com
>> <http://ldap-server-01.example.com> --forwarder=10.0.1.20
>> --forwarder=10.0.1.21 --reverse-zone=1.0.10.in-addr.arpa. -d
>>
>> Runs through the entire setup and gives me this:
>>
>> [...]
>> ipa : DEBUG args=/usr/sbin/ipa-client-install --on-master
>> --unattended --domain example.com <http://example.com> --server
>> ldap-server-01.example.com <http://ldap-server-01.example.com> --realm
>> EXAMPLE.COM <http://EXAMPLE.COM> --hostname ldap-server-01.example.com
>> <http://ldap-server-01.example.com>
>> ipa : DEBUG stdout=
>>
>> ipa : DEBUG stderr=Hostname: ldap-server-01.example.com
>> <http://ldap-server-01.example.com>
>> Realm: EXAMPLE.COM <http://EXAMPLE.COM>
>> DNS Domain: example.com <http://example.com>
>> IPA Server: ldap-server-01.example.com <http://ldap-server-01.example.com>
>> BaseDN: dc=example,dc=com
>> New SSSD config will be created
>> Configured /etc/sssd/sssd.conf
>> Traceback (most recent call last):
>> File "/usr/sbin/ipa-client-install", line 2377, in <module>
>> sys.exit(main())
>> File "/usr/sbin/ipa-client-install", line 2363, in main
>> rval = install(options, env, fstore, statestore)
>> File "/usr/sbin/ipa-client-install", line 2135, in install
>> delete_persistent_client_session_data(host_principal)
>> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in
>> delete_persistent_client_session_data
>> kernel_keyring.del_key(keyname)
>> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line
>> 99, in del_key
>> real_key = get_real_key(key)
>> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line
>> 45, in get_real_key
>> (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key],
>> raiseonerr=False)
>
> Is keyctl installed? Can you run it manually?
> Any SELinux denials?
You are likely hitting
https://fedorahosted.org/freeipa/ticket/3808
Please try installing keyutils before running ipa-server-install. It is fixed
in RHEL-7, I filed us a RHEL-6 ticket, to fix it in this platform also:
https://bugzilla.redhat.com/show_bug.cgi?id=1205660
Martin
More information about the Freeipa-users
mailing list