Hi, I tried letting the client install go and it does eventually finish, however SSSD_NSS queries don't work. See errors below;
---------------------------------------------------------------------- [root@chtvm-centos-6 /]# ipa-client-install Discovery was successful! Hostname: chtvm-centos-6.example.com Realm: example.com DNS Domain: example.com IPA Server: chtvm-389.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Password for ad...@example.com: Enrolled in IPA realm example.com Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm example.com SSSD enabled Kerberos 5 enabled Unable to find 'admin' user with 'getent passwd admin'! Recognized configuration: SSSD NTP enabled Client configuration complete. ------------------------------------------------------------------------------------------------------------------------- File: /var/log/sssd/sssd_nss.log (Wed Nov 30 10:34:16 2011) [sssd[nss]] [nss_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:34:46 2011) [sssd[nss]] [nss_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:35:16 2011) [sssd[nss]] [nss_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:35:46 2011) [sssd[nss]] [nss_dp_reconnect_init] (0): Could not reconnect to example.com provider. ------------------------------------------------------------------------------------------------------------------------- File: /var/log/sssd/sssd_pam.log (Wed Nov 30 10:34:16 2011) [sssd[pam]] [pam_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:34:46 2011) [sssd[pam]] [pam_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:35:16 2011) [sssd[pam]] [pam_dp_reconnect_init] (0): Could not reconnect to example.com provider. (Wed Nov 30 10:35:46 2011) [sssd[pam]] [pam_dp_reconnect_init] (0): Could not reconnect to example.com provider. ------------------------------------------------------------------------------------------------------------------------- Debug Version: File: /var/log/sssd/sssd_nss.log (Wed Nov 30 10:47:09 2011) [sssd[nss]] [sbus_dispatch] (6): SBUS is reconnecting. Deferring. (Wed Nov 30 10:47:10 2011) [sssd[nss]] [sbus_dispatch] (9): dbus conn: 0 (Wed Nov 30 10:47:10 2011) [sssd[nss]] [sbus_dispatch] (6): SBUS is reconnecting. Deferring. (Wed Nov 30 10:47:10 2011) [sssd[nss]] [sbus_reconnect] (3): Making reconnection attempt 3 to [unix:path=/var/lib/sss/pipes/ private/sbus-dp_example.com] (Wed Nov 30 10:47:10 2011) [sssd[nss]] [sbus_reconnect] (1): Failed to open connection: name=org.freedesktop.DBus.Error. NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_example.com: Connection refused (Wed Nov 30 10:47:10 2011) [sssd[nss]] [nss_dp_reconnect_init] (0): Could not reconnect to example.com provider. ------------------------------------------------------------------------------------------------------------------------- "getent passwd admin" returns no result at all. Regards, Craig On Tue, Nov 29, 2011 at 10:01:52AM -0500, Rob Crittenden wrote: > Craig T wrote: > >I can really see how you came to that conclusion, I'm not sure if I'll get > >the luxury of choice, due to the servers in our environment. Centos 6.1 > >could be updated enough, so we might just have to wait for that. > > I would think the version you have would work fine. > > What it is doing is testing to be sure that nss is working as > expected. It can take some time for sssd to come up, connect to the > IPA server, etc, so we loop and try several times (IIRC 5 in your > version) to look up a known remote user (admin). > > If it never does successfully get the admin user you should get an > error that nss_ldap can't be configured (yeah, I know, we're using > sssd. We fixed this). If you aren't getting this message and the > client otherwise seems to be installing ok then things are fine. > > rob > > > > > > >cya > > > >Craig > > > >On Tue, Nov 29, 2011 at 12:23:52PM +0100, Sigbjorn Lie wrote: > >>On Tue, November 29, 2011 01:52, Craig T wrote: > >>>Hi, > >>> > >>> > >>>I was getting a lot of errors with the default ipa-client for Centos 6.0, > >>>so I've upgraded Centos > >>>6 to use the RHEL6.2 RPMS for IPA (now version 2.1.1). I get a lot > >>>further, but seems to stall > >>>right at the end of the ipa-client-install command. > >>> > >>>Current Spec; > >>>Server: > >>>RHEL 6.2 Beta > >>>ipa-admintools-2.1.1-4.el6.x86_64 ipa-client-2.1.1-4.el6.x86_64 > >>>ipa-pki-ca-theme-9.0.3-7.el6.noarch > >>>ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.1-4.el6.x86_64 > >>>ipa-server-2.1.1-4.el6.x86_64 > >>> ipa-server-selinux-2.1.1-4.el6.x86_64 > >>> > >>>Client: > >>>Centos 6.0 x64 > >>>ipa-client-2.1.1-4.el6.x86_64 > >>> > >>> > >>>Just an odd error during the "ipa-client-install" command, the installer > >>>seems to pause on > >>>kerberos; [root@server-centos-6 ~]# ipa-client-install > >>>Discovery was successful! > >>>Hostname: server-centos-6.example.com > >>>Realm: example.com > >>>DNS Domain: example.com > >>>IPA Server: server-389.example.com > >>>BaseDN: dc=example,dc=com > >>> > >>> > >>> > >>>Continue to configure the system with these values? [no]: yes > >>>User authorized to enroll computers: admin > >>>Password for ad...@example.com: > >>> > >>> > >>>Enrolled in IPA realm example.com > >>>Created /etc/ipa/default.conf > >>>Configured /etc/sssd/sssd.conf > >>>Configured /etc/krb5.conf for IPA realm example.com > >>>SSSD enabled > >>>Kerberos 5 enabled > >>> > >>> > >>> > >>>When run in debug mode it shows this; > >>>Kerberos 5 enabled > >>>root : DEBUG args=getent passwd admin root : DEBUG > >>>stdout= root : DEBUG > >>>stderr= root : DEBUG args=getent passwd admin root : > >>>DEBUG stdout= root > >> : > >>>DEBUG stderr= > >>>root : DEBUG args=getent passwd admin root : DEBUG > >>>stdout= root : DEBUG > >>>stderr= root : DEBUG args=getent passwd admin root : > >>>DEBUG stdout= root > >> : > >>>DEBUG stderr= > >>> > >>> > >>> > >>>Advice anyone? > >>> > >>> > >> > >>I found CentOS to be too far behind, so I started using Scientific Linux > >>6.1 with latest packages > >>from RHEL 6.2 beta for clients instead. > >> > >>I found the IPA server was easiest to test using Fedora 15. > >> > >>For production, wait for RHEL 6.2. It's not far away now. :) > >> > >> > >>Regards, > >>Siggi > >> > >> > > > >_______________________________________________ > >Freeipa-users mailing list > >Freeipa-users@redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users