[Freeipa-users] Configuration of client side components failed! on IPA Server
Martin Kosek
mkosek at redhat.com
Wed Mar 25 12:40:44 UTC 2015
On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
> Hi,
>
> We are getting below error while we are installing IPA Server
> (ipa-server-install --no-ntp).
>
>
> **
> *Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int <http://sd.int> --server
> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1*
>
> **Logs indicate below errors:
>
> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ -x -D
> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
> *2015-03-25T06:39:59Z DEBUG stdout=*
> *2015-03-25T06:39:59Z DEBUG stderr=*
> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
> --unattended --domain sd.int <http://sd.int> --server
> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> <http://ldap-inf-stg-sg1-01.sd.int>*
> *2015-03-25T06:40:10Z DEBUG stdout=*
> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is an IPA
> Server.*
> *This may mean that the remote server is not up or is not reachable due to
> network or firewall settings.*
> *Please make sure the following ports are opened in the firewall settings:*
> * TCP: 80, 88, 389*
> * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
> *Also note that following ports are necessary for ipa-client working
> properly after enrollment:*
> * TCP: 464*
> * UDP: 464, 123 (if NTP enabled)*
> *Installation failed. Rolling back changes.*
> *Unconfigured automount client failed: Command 'ipa-client-automount
> --uninstall --debug' returned non-zero exit status 1*
> *Removing Kerberos service principals from /etc/krb5.keytab*
> *Disabling client Kerberos and LDAP configurations*
> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted*
> *nscd daemon is not installed, skip configuration*
> *nslcd daemon is not installed, skip configuration*
> *Client uninstall complete.*
>
> *2015-03-25T06:40:10Z INFO File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
> 614, in run_script*
> * return_value = main_function()*
>
> * File "/usr/sbin/ipa-server-install", line 1103, in main*
> * sys.exit("Configuration of client side components
> failed!\nipa-client-install returned: " + str(e))*
>
> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
> exception: SystemExit: Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int <http://sd.int> --server
> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1*
>
> **
>
>
> This server is on AWS and I can confirm that all above ports are opened.
> Also as it is installing on same server where IPA Server is being
> installed, Port should not be an issue.
>
> Am I missing anything here.
Please also share ipaclient-install.log, it should show what is the exact
problem in the client component installation.
More information about the Freeipa-users
mailing list