[Freeipa-users] Configuration of client side components failed!

Fri May 8 20:00:20 UTC 2015

On 05/08/2015 02:06 PM, Linux Shell wrote:
> So i have been looking around for a solution for this issue for a few 
> days now and have had no luck. I know in older versions of freeipa 
> this was a issue but i think i should be using the most updated version.
>
> (Please note that my company's name is withheld)
>
> During the ipa-server-install it fails with:
>
> Restarting the web server
> Configuration of client side components failed!
> ipa-client-install returned: Command ''/usr/sbin/ipa-client-install' 
> '--on-master' '--unattended' '--domain' '<withheld>.com' '--server' 
> '###-#####-centos7.<withheld>.com' '--realm' '<withheld>.COM' 
> '--hostname' '####-#####-centos7.<withheld>.com'' returned non-zero 
> exit status 1
>
> here is the yum ipa-server package i am using:
>
> # yum info ipa-server
> Loaded plugins: fastestmirror, rhnplugin
> This system is receiving updates from RHN Classic or Red Hat Satellite.
> Loading mirror speeds from cached hostfile
>  * base: mirrors.usinternet.com <http://mirrors.usinternet.com>
>  * extras: mirror.oss.ou.edu <http://mirror.oss.ou.edu>
>  * updates: mirrors.gigenet.com <http://mirrors.gigenet.com>
> Installed Packages
> Name        : ipa-server
> Arch        : x86_64
> Version     : 4.1.0
> Release     : 18.el7.centos.3
> Size        : 4.2 M
> Repo        : installed
> From repo   : updates
> Summary     : The IPA authentication server
> URL         : http://www.freeipa.org/
> License     : GPLv3+
> Description : IPA is an integrated solution to provide centrally 
> managed Identity (machine,
>             : user, virtual machines, groups, authentication 
> credentials), Policy
>             : (configuration settings, access control information) and 
> Audit (events,
>             : logs, analysis thereof). If you are installing an IPA 
> server you need
>             : to install this package (in other words, most people 
> should NOT install
>             : this package).
>
>
> here is the yum ipa-client package i am using:
>
> # yum info ipa-client
> Loaded plugins: fastestmirror, rhnplugin
> This system is receiving updates from RHN Classic or Red Hat Satellite.
> Loading mirror speeds from cached hostfile
>  * base: mirrors.usinternet.com <http://mirrors.usinternet.com>
>  * extras: mirror.oss.ou.edu <http://mirror.oss.ou.edu>
>  * updates: mirrors.gigenet.com <http://mirrors.gigenet.com>
> Installed Packages
> Name        : ipa-client
> Arch        : x86_64
> Version     : 4.1.0
> Release     : 18.el7.centos.3
> Size        : 440 k
> Repo        : installed
> From repo   : updates
> Summary     : IPA authentication for use on clients
> URL         : http://www.freeipa.org/
> License     : GPLv3+
> Description : IPA is an integrated solution to provide centrally 
> managed Identity (machine,
>             : user, virtual machines, groups, authentication 
> credentials), Policy
>             : (configuration settings, access control information) and 
> Audit (events,
>             : logs, analysis thereof). If your network uses IPA for 
> authentication,
>             : this package should be installed on every client machine.
>
> here is the /var/log/ipaserver-install.log:
>
> 2015-05-08T17:47:16Z DEBUG stderr=Using existing certificate 
> '/etc/ipa/ca.crt'.
> Hostname: ###-####-centos7.<withheld>.com
> Realm: <withheld>.COM
> DNS Domain: <withheld>.com
> IPA Server: ####-#####-centos7.<withheld>.com
> BaseDN: dc=####,dc=####
> Configured sudoers in /etc/nsswitch.conf
> Configured /etc/sssd/sssd.conf
> trying https://####-#####-centos7.<withheld>.com/ipa/json
> Forwarding 'ping' to json server 
> 'https://###-#####-centos7.<withheld>.com/ipa/json'
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 2925, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 2906, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 2609, in install
>     api.Backend.rpcclient.forward('ping')
>   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 883, in 
> forward
>     return self._call_command(command, params)
>   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 860, in 
> _call_command
>     return command(*params)
>   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1011, in 
> _call
>     return self.__request(name, args)
>   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 980, in 
> __request
>     verbose=self.__verbose >= 3,
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1228, in request
>     h = self.make_connection(host)
>   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 484, in 
> make_connection
>     if self._connection and host == self._connection[0]:
> AttributeError: KerbTransport instance has no attribute '_connection'

I would assume that this is an attempt to do some kerberos call that failed.
On server that most likely means that KDC was not started for some 
reason. And it in turn might not start for different reasons.
Please check the troubleshooting page.
http://www.freeipa.org/page/Troubleshooting

Things to think about:
- DNS configuration
- Is hostname correct and properly resolvable
- Is time correct (time zone?)
- Are there any SELinux denials?

>
> 2015-05-08T17:47:16Z DEBUG   File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
> line 646, in run_script
>     return_value = main_function()
>
>   File "/usr/sbin/ipa-server-install", line 1292, in main
>     sys.exit("Configuration of client side components 
> failed!\nipa-client-install returned: " + str(e))
>
> please let me know of any thing i can give to help fix the issue
> Thanks
> Jacob
>
>

-- 
Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150508/c6208cb3/attachment.htm>