Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Yogesh Sharma Wed, 25 Mar 2015 05:46:28 -0700

Hi Martin,

Please find the client logs:




2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively
later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z ERROR Failed to verify that ldap-inf-stg-sg1-01.sd.int
is an IPA Server.
2015-03-25T12:29:49Z ERROR This may mean that the remote server is not up
or is not reachable due to network or firewall settings.
2015-03-25T12:29:49Z INFO Please make sure the following ports are opened
in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working
properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as option)
2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes.
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG args=ipa-client-automount --uninstall --debug
2015-03-25T12:29:49Z DEBUG stdout=
2015-03-25T12:29:49Z DEBUG stderr=IPA client is not configured on this
system.


2015-03-25T12:29:49Z ERROR Unconfigured automount client failed: Command
'ipa-client-automount --uninstall --debug' returned non-zero exit status 1
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb -n
IPA CA
2015-03-25T12:29:49Z DEBUG stdout=
2015-03-25T12:29:49Z DEBUG stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found

2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus start
2015-03-25T12:29:49Z DEBUG stdout=Starting system message bus:

2015-03-25T12:29:49Z DEBUG stderr=
2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus status
2015-03-25T12:29:49Z DEBUG stdout=messagebus (pid  1151) is running...

2015-03-25T12:29:49Z DEBUG stderr=
2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger start
2015-03-25T12:29:49Z DEBUG stdout=
2015-03-25T12:29:49Z DEBUG stderr=
2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger status
2015-03-25T12:29:49Z DEBUG stdout=certmonger (pid  13244) is running...

2015-03-25T12:29:49Z DEBUG stderr=
2015-03-25T12:29:57Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb -n
IPA Machine Certificate - ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:57Z DEBUG stdout=
2015-03-25T12:29:57Z DEBUG stderr=certutil: Could not find cert: IPA
Machine Certificate - ldap-inf-stg-sg1-01.sd.int
: PR_FILE_NOT_FOUND_ERROR: File not found

2015-03-25T12:29:57Z DEBUG args=/sbin/service certmonger stop
2015-03-25T12:29:57Z DEBUG stdout=Stopping certmonger:     [  OK  ]

2015-03-25T12:29:57Z DEBUG stderr=
2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig certmonger off
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=
2015-03-25T12:29:59Z INFO Removing Kerberos service principals from
/etc/krb5.keytab
2015-03-25T12:29:59Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab
-r SD.INT
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=Removing principal host/
ldap-inf-stg-sg1-01.sd....@sd.int

2015-03-25T12:29:59Z INFO Disabling client Kerberos and LDAP configurations
2015-03-25T12:29:59Z DEBUG args=/usr/sbin/authconfig --disablekrb5
--disablesssd --update --disablemkhomedir --disableldap --disablesssdauth
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=
2015-03-25T12:29:59Z DEBUG Error while moving /etc/sssd/sssd.conf to
/etc/sssd/sssd.conf.deleted
2015-03-25T12:29:59Z INFO Redundant SSSD configuration file
/etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
2015-03-25T12:29:59Z DEBUG args=/sbin/service sssd stop
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=
2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig sssd off
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=
2015-03-25T12:29:59Z DEBUG args=/sbin/service nscd status
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=nscd: unrecognized service

2015-03-25T12:29:59Z INFO nscd daemon is not installed, skip configuration
2015-03-25T12:29:59Z DEBUG args=/sbin/service nslcd status
2015-03-25T12:29:59Z DEBUG stdout=
2015-03-25T12:29:59Z DEBUG stderr=nslcd: unrecognized service

2015-03-25T12:29:59Z INFO nslcd daemon is not installed, skip configuration
2015-03-25T12:29:59Z INFO Client uninstall complete.





*Best Regards,__________________________________________*

*Yogesh Sharma*
*Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in
<http://www.initd.in>*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>


On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek <mko...@redhat.com> wrote:

> On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
> > Hi,
> >
> > We are getting below error while we are installing IPA Server
> > (ipa-server-install --no-ntp).
> >
> >
> > **
> > *Configuration of client side components failed!*
> > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> > --on-master --unattended --domain sd.int <http://sd.int> --server
> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1*
> >
> > **Logs indicate below errors:
> >
> > *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ -x -D
> > cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
> > uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
> > *2015-03-25T06:39:59Z DEBUG stdout=*
> > *2015-03-25T06:39:59Z DEBUG stderr=*
> > *2015-03-25T06:39:59Z DEBUG ldappasswd done*
> > *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
> > --unattended --domain sd.int <http://sd.int> --server
> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> > <http://ldap-inf-stg-sg1-01.sd.int>*
> > *2015-03-25T06:40:10Z DEBUG stdout=*
> > *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is an IPA
> > Server.*
> > *This may mean that the remote server is not up or is not reachable due
> to
> > network or firewall settings.*
> > *Please make sure the following ports are opened in the firewall
> settings:*
> > *     TCP: 80, 88, 389*
> > *     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
> > *Also note that following ports are necessary for ipa-client working
> > properly after enrollment:*
> > *     TCP: 464*
> > *     UDP: 464, 123 (if NTP enabled)*
> > *Installation failed. Rolling back changes.*
> > *Unconfigured automount client failed: Command 'ipa-client-automount
> > --uninstall --debug' returned non-zero exit status 1*
> > *Removing Kerberos service principals from /etc/krb5.keytab*
> > *Disabling client Kerberos and LDAP configurations*
> > *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> > /etc/sssd/sssd.conf.deleted*
> > *nscd daemon is not installed, skip configuration*
> > *nslcd daemon is not installed, skip configuration*
> > *Client uninstall complete.*
> >
> > *2015-03-25T06:40:10Z INFO   File
> > "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
> line
> > 614, in run_script*
> > *    return_value = main_function()*
> >
> > *  File "/usr/sbin/ipa-server-install", line 1103, in main*
> > *    sys.exit("Configuration of client side components
> > failed!\nipa-client-install returned: " + str(e))*
> >
> > *2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
> > exception: SystemExit: Configuration of client side components failed!*
> > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> > --on-master --unattended --domain sd.int <http://sd.int> --server
> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm
> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int
> > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1*
> >
> > **
> >
> >
> > This server is on AWS and I can confirm that all above ports are opened.
> > Also as it is installing on same server where IPA Server is being
> > installed, Port should not be an issue.
> >
> > Am I missing anything here.
>
> Please also share ipaclient-install.log, it should show what is the exact
> problem in the client component installation.
>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Reply via email to