[Freeipa-users] Configuration of client side components failed! on IPA Server

Yogesh Sharma yks0000 at gmail.com
Wed Mar 25 13:43:53 UTC 2015 

Thanks Martin for the help.




*Best Regards,__________________________________________*

*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>


On Wed, Mar 25, 2015 at 7:07 PM, Martin Kosek <mkosek at redhat.com> wrote:

> This should be in the official RHEL-7.1/CentOS-7.1 repos.
>
> Or you can try our upstream CentOS-7 based Copr repo:
>
> https://copr.fedoraproject.org/coprs/mkosek/freeipa/
>
> On 03/25/2015 02:30 PM, Yogesh Sharma wrote:
> > Hi Martin,
> >
> > Finally, the issue has resolved. :)
> >
> > Is there RPM available to install latest IPA version in CentOS or at
> least
> > 4.0.2 version.
> >
> >
> >
> >
> > *Best Regards,__________________________________________*
> >
> > *Yogesh Sharma*
> > *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> > <http://www.initd.in>*
> >
> > RHCE, VCE-CIA, RackSpace Cloud U
> > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
> >
> >
> > On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek <mkosek at redhat.com> wrote:
> >
> >> Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
> >>
> >> https://fedorahosted.org/freeipa/ticket/4444
> >>
> >> Please let us know if the DNS update fixed the error.
> >>
> >> Martin
> >>
> >> On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
> >>> I think I got the issue. Realm Name Entry in DNS is added in lower case
> >>> rather than UPPER.
> >>>
> >>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT <http://sd.int/>
> >>> ,cn=kerberos,dc=sd,dc=int
> >>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> >> server=None,
> >>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >>>
> >>> Will try changing the Realm and see if it resovled.
> >>>
> >>>
> >>>
> >>>
> >>> *Best Regards,__________________________________________*
> >>>
> >>> *Yogesh Sharma*
> >>> *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> >>> <http://www.initd.in>*
> >>>
> >>> RHCE, VCE-CIA, RackSpace Cloud U
> >>> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
> >>>
> >>>
> >>> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma <yks0000 at gmail.com>
> >> wrote:
> >>>
> >>>> Hi Martin,
> >>>>
> >>>> Please find the client logs:
> >>>>
> >>>>
> >>>>
> >>>> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked
> with
> >>>> options: {'domain': 'sd.int', 'force': False,
> 'krb5_offline_passwords':
> >>>> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
> >>>> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
> >> None,
> >>>> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
> >>>> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
> >>>> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
> >>>> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
> >>>> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
> >> 'nisdomain':
> >>>> None, 'prompt_password': False, 'permit': False, 'debug': False,
> >>>> 'preserve_sssd': False, 'uninstall': False}
> >>>> 2015-03-25T12:29:49Z DEBUG missing options might be asked for
> >>>> interactively later
> >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from
> >>>> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> >>>> 2015-03-25T12:29:49Z DEBUG Loading StateFile from
> >>>> '/var/lib/ipa-client/sysrestore/sysrestore.state'
> >>>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> >>>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> >>>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> >>>> ldap-inf-stg-sg1-01.sd.int
> >>>> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> >>>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
> >> kerberos.sd.int.
> >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> >>>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
> >>>> udp.sd.int.
> >>>> 2015-03-25T12:29:49Z DEBUG DNS record found:
> DNSResult::name:_kerberos._
> >>>> udp.sd.int
> >> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
> >>>> ldap-inf-stg-sg1-01.sd.int.}
> >>>> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
> >>>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
> >>>> (realm sd.int) is an IPA server
> >>>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
> >>>> ldap-inf-stg-sg1-01.sd.int:389
> >>>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
> >>>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is
> for
> >>>> IPA
> >>>> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid
> IPA
> >>>> context
> >>>> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer)
> in
> >>>> dc=sd,dc=int (sub)
> >>>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
> >>>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> >> server=None,
> >>>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >>>> 2015-03-25T12:29:49Z DEBUG Validated servers:
> >>>> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
> >>>> 2015-03-25T12:29:49Z DEBUG IPA Server not found
> >>>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> >>>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> >>>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> >>>> ldap-inf-stg-sg1-01.sd.int
> >>>> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> >>>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
> >> kerberos.sd.int.
> >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> >>>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
> >>>> udp.sd.int.
> >>>> 2015-03-25T12:29:49Z DEBUG DNS record found:
> DNSResult::name:_kerberos._
> >>>> udp.sd.int
> >> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
> >>>> ldap-inf-stg-sg1-01.sd.int.}
> >>>> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
> >>>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
> >>>> (realm sd.int) is an IPA server
> >>>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
> >>>> ldap-inf-stg-sg1-01.sd.int:389
> >>>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
> >>>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is
> for
> >>>> IPA
> >>>> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid
> IPA
> >>>> context
> >>>> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer)
> in
> >>>> dc=sd,dc=int (sub)
> >>>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
> >>>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> >> server=None,
> >>>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >>>> 2015-03-25T12:29:49Z DEBUG Validated servers:
> >>>> 2015-03-25T12:29:49Z ERROR Failed to verify that
> >>>> ldap-inf-stg-sg1-01.sd.int is an IPA Server.
> >>>> 2015-03-25T12:29:49Z ERROR This may mean that the remote server is not
> >> up
> >>>> or is not reachable due to network or firewall settings.
> >>>> 2015-03-25T12:29:49Z INFO Please make sure the following ports are
> >> opened
> >>>> in the firewall settings:
> >>>>      TCP: 80, 88, 389
> >>>>      UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> >>>> Also note that following ports are necessary for ipa-client working
> >>>> properly after enrollment:
> >>>>      TCP: 464
> >>>>      UDP: 464, 123 (if NTP enabled)
> >>>> 2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as
> >>>> option)
> >>>> 2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes.
> >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from
> >>>> '/var/lib/ipa/sysrestore/sysrestore.index'
> >>>> 2015-03-25T12:29:49Z DEBUG args=ipa-client-automount --uninstall
> --debug
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=IPA client is not configured on this
> >>>> system.
> >>>>
> >>>>
> >>>> 2015-03-25T12:29:49Z ERROR Unconfigured automount client failed:
> Command
> >>>> 'ipa-client-automount --uninstall --debug' returned non-zero exit
> >> status 1
> >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from
> >>>> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> >>>> 2015-03-25T12:29:49Z DEBUG Loading StateFile from
> >>>> '/var/lib/ipa-client/sysrestore/sysrestore.state'
> >>>> 2015-03-25T12:29:49Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb
> >> -n
> >>>> IPA CA
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=certutil: Could not find cert: IPA
> CA
> >>>> : PR_FILE_NOT_FOUND_ERROR: File not found
> >>>>
> >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus start
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=Starting system message bus:
> >>>>
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=
> >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus status
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=messagebus (pid  1151) is running...
> >>>>
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=
> >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger start
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=
> >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger status
> >>>> 2015-03-25T12:29:49Z DEBUG stdout=certmonger (pid  13244) is
> running...
> >>>>
> >>>> 2015-03-25T12:29:49Z DEBUG stderr=
> >>>> 2015-03-25T12:29:57Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb
> >> -n
> >>>> IPA Machine Certificate - ldap-inf-stg-sg1-01.sd.int
> >>>> 2015-03-25T12:29:57Z DEBUG stdout=
> >>>> 2015-03-25T12:29:57Z DEBUG stderr=certutil: Could not find cert: IPA
> >>>> Machine Certificate - ldap-inf-stg-sg1-01.sd.int
> >>>> : PR_FILE_NOT_FOUND_ERROR: File not found
> >>>>
> >>>> 2015-03-25T12:29:57Z DEBUG args=/sbin/service certmonger stop
> >>>> 2015-03-25T12:29:57Z DEBUG stdout=Stopping certmonger:     [  OK  ]
> >>>>
> >>>> 2015-03-25T12:29:57Z DEBUG stderr=
> >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig certmonger off
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=
> >>>> 2015-03-25T12:29:59Z INFO Removing Kerberos service principals from
> >>>> /etc/krb5.keytab
> >>>> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/ipa-rmkeytab -k
> >> /etc/krb5.keytab
> >>>> -r SD.INT
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=Removing principal host/
> >>>> ldap-inf-stg-sg1-01.sd.int at SD.INT
> >>>>
> >>>> 2015-03-25T12:29:59Z INFO Disabling client Kerberos and LDAP
> >> configurations
> >>>> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/authconfig --disablekrb5
> >>>> --disablesssd --update --disablemkhomedir --disableldap
> >> --disablesssdauth
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=
> >>>> 2015-03-25T12:29:59Z DEBUG Error while moving /etc/sssd/sssd.conf to
> >>>> /etc/sssd/sssd.conf.deleted
> >>>> 2015-03-25T12:29:59Z INFO Redundant SSSD configuration file
> >>>> /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
> >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service sssd stop
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=
> >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig sssd off
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=
> >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nscd status
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=nscd: unrecognized service
> >>>>
> >>>> 2015-03-25T12:29:59Z INFO nscd daemon is not installed, skip
> >> configuration
> >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nslcd status
> >>>> 2015-03-25T12:29:59Z DEBUG stdout=
> >>>> 2015-03-25T12:29:59Z DEBUG stderr=nslcd: unrecognized service
> >>>>
> >>>> 2015-03-25T12:29:59Z INFO nslcd daemon is not installed, skip
> >> configuration
> >>>> 2015-03-25T12:29:59Z INFO Client uninstall complete.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> *Best Regards,__________________________________________*
> >>>>
> >>>> *Yogesh Sharma*
> >>>> *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> >>>> <http://www.initd.in>*
> >>>>
> >>>> RHCE, VCE-CIA, RackSpace Cloud U
> >>>> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
> >>>>
> >>>>
> >>>> On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek <mkosek at redhat.com>
> >> wrote:
> >>>>
> >>>>> On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> We are getting below error while we are installing IPA Server
> >>>>>> (ipa-server-install --no-ntp).
> >>>>>>
> >>>>>>
> >>>>>> **
> >>>>>> *Configuration of client side components failed!*
> >>>>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> >>>>>> --on-master --unattended --domain sd.int <http://sd.int> --server
> >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int>
> >> --realm
> >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status
> 1*
> >>>>>>
> >>>>>> **Logs indicate below errors:
> >>>>>>
> >>>>>> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
> >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ
> -x
> >>>>> -D
> >>>>>> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T
> >> /var/lib/ipa/tmp0iYpzn
> >>>>>> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
> >>>>>> *2015-03-25T06:39:59Z DEBUG stdout=*
> >>>>>> *2015-03-25T06:39:59Z DEBUG stderr=*
> >>>>>> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
> >>>>>> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install
> >>>>> --on-master
> >>>>>> --unattended --domain sd.int <http://sd.int> --server
> >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int>
> >> --realm
> >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>*
> >>>>>> *2015-03-25T06:40:10Z DEBUG stdout=*
> >>>>>> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
> >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is
> an
> >>>>> IPA
> >>>>>> Server.*
> >>>>>> *This may mean that the remote server is not up or is not reachable
> >> due
> >>>>> to
> >>>>>> network or firewall settings.*
> >>>>>> *Please make sure the following ports are opened in the firewall
> >>>>> settings:*
> >>>>>> *     TCP: 80, 88, 389*
> >>>>>> *     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
> >>>>>> *Also note that following ports are necessary for ipa-client working
> >>>>>> properly after enrollment:*
> >>>>>> *     TCP: 464*
> >>>>>> *     UDP: 464, 123 (if NTP enabled)*
> >>>>>> *Installation failed. Rolling back changes.*
> >>>>>> *Unconfigured automount client failed: Command 'ipa-client-automount
> >>>>>> --uninstall --debug' returned non-zero exit status 1*
> >>>>>> *Removing Kerberos service principals from /etc/krb5.keytab*
> >>>>>> *Disabling client Kerberos and LDAP configurations*
> >>>>>> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> >>>>>> /etc/sssd/sssd.conf.deleted*
> >>>>>> *nscd daemon is not installed, skip configuration*
> >>>>>> *nslcd daemon is not installed, skip configuration*
> >>>>>> *Client uninstall complete.*
> >>>>>>
> >>>>>> *2015-03-25T06:40:10Z INFO   File
> >>>>>>
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
> >>>>> line
> >>>>>> 614, in run_script*
> >>>>>> *    return_value = main_function()*
> >>>>>>
> >>>>>> *  File "/usr/sbin/ipa-server-install", line 1103, in main*
> >>>>>> *    sys.exit("Configuration of client side components
> >>>>>> failed!\nipa-client-install returned: " + str(e))*
> >>>>>>
> >>>>>> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
> >>>>>> exception: SystemExit: Configuration of client side components
> >> failed!*
> >>>>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> >>>>>> --on-master --unattended --domain sd.int <http://sd.int> --server
> >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int>
> >> --realm
> >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status
> 1*
> >>>>>>
> >>>>>> **
> >>>>>>
> >>>>>>
> >>>>>> This server is on AWS and I can confirm that all above ports are
> >> opened.
> >>>>>> Also as it is installing on same server where IPA Server is being
> >>>>>> installed, Port should not be an issue.
> >>>>>>
> >>>>>> Am I missing anything here.
> >>>>>
> >>>>> Please also share ipaclient-install.log, it should show what is the
> >> exact
> >>>>> problem in the client component installation.
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150325/63a440ce/attachment.htm>

More information about the Freeipa-users mailing list