I think I got the issue. Realm Name Entry in DNS is added in lower case rather than UPPER.
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT <http://sd.int/> ,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int Will try changing the Realm and see if it resovled. *Best Regards,__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma <yks0...@gmail.com> wrote: > Hi Martin, > > Please find the client logs: > > > > 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with > options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': > True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, > 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, > 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, > 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': > False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, > 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, > 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': > None, 'prompt_password': False, 'permit': False, 'debug': False, > 'preserve_sssd': False, 'uninstall': False} > 2015-03-25T12:29:49Z DEBUG missing options might be asked for > interactively later > 2015-03-25T12:29:49Z DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2015-03-25T12:29:49Z DEBUG Loading StateFile from > '/var/lib/ipa-client/sysrestore/sysrestore.state' > 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > ldap-inf-stg-sg1-01.sd.int > 2015-03-25T12:29:49Z DEBUG Server and domain forced > 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. > 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > udp.sd.int. > 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ > udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > ldap-inf-stg-sg1-01.sd.int.} > 2015-03-25T12:29:49Z DEBUG [LDAP server check] > 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > (realm sd.int) is an IPA server > 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > ldap-inf-stg-sg1-01.sd.int:389 > 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for > IPA > 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA > context > 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in > dc=sd,dc=int (sub) > 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, > domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > 2015-03-25T12:29:49Z DEBUG Validated servers: > 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int > 2015-03-25T12:29:49Z DEBUG IPA Server not found > 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > ldap-inf-stg-sg1-01.sd.int > 2015-03-25T12:29:49Z DEBUG Server and domain forced > 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. > 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > udp.sd.int. > 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ > udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > ldap-inf-stg-sg1-01.sd.int.} > 2015-03-25T12:29:49Z DEBUG [LDAP server check] > 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > (realm sd.int) is an IPA server > 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > ldap-inf-stg-sg1-01.sd.int:389 > 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for > IPA > 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA > context > 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in > dc=sd,dc=int (sub) > 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, > domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > 2015-03-25T12:29:49Z DEBUG Validated servers: > 2015-03-25T12:29:49Z ERROR Failed to verify that > ldap-inf-stg-sg1-01.sd.int is an IPA Server. > 2015-03-25T12:29:49Z ERROR This may mean that the remote server is not up > or is not reachable due to network or firewall settings. > 2015-03-25T12:29:49Z INFO Please make sure the following ports are opened > in the firewall settings: > TCP: 80, 88, 389 > UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > Also note that following ports are necessary for ipa-client working > properly after enrollment: > TCP: 464 > UDP: 464, 123 (if NTP enabled) > 2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as > option) > 2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes. > 2015-03-25T12:29:49Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2015-03-25T12:29:49Z DEBUG args=ipa-client-automount --uninstall --debug > 2015-03-25T12:29:49Z DEBUG stdout= > 2015-03-25T12:29:49Z DEBUG stderr=IPA client is not configured on this > system. > > > 2015-03-25T12:29:49Z ERROR Unconfigured automount client failed: Command > 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1 > 2015-03-25T12:29:49Z DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2015-03-25T12:29:49Z DEBUG Loading StateFile from > '/var/lib/ipa-client/sysrestore/sysrestore.state' > 2015-03-25T12:29:49Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb -n > IPA CA > 2015-03-25T12:29:49Z DEBUG stdout= > 2015-03-25T12:29:49Z DEBUG stderr=certutil: Could not find cert: IPA CA > : PR_FILE_NOT_FOUND_ERROR: File not found > > 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus start > 2015-03-25T12:29:49Z DEBUG stdout=Starting system message bus: > > 2015-03-25T12:29:49Z DEBUG stderr= > 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus status > 2015-03-25T12:29:49Z DEBUG stdout=messagebus (pid 1151) is running... > > 2015-03-25T12:29:49Z DEBUG stderr= > 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger start > 2015-03-25T12:29:49Z DEBUG stdout= > 2015-03-25T12:29:49Z DEBUG stderr= > 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger status > 2015-03-25T12:29:49Z DEBUG stdout=certmonger (pid 13244) is running... > > 2015-03-25T12:29:49Z DEBUG stderr= > 2015-03-25T12:29:57Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb -n > IPA Machine Certificate - ldap-inf-stg-sg1-01.sd.int > 2015-03-25T12:29:57Z DEBUG stdout= > 2015-03-25T12:29:57Z DEBUG stderr=certutil: Could not find cert: IPA > Machine Certificate - ldap-inf-stg-sg1-01.sd.int > : PR_FILE_NOT_FOUND_ERROR: File not found > > 2015-03-25T12:29:57Z DEBUG args=/sbin/service certmonger stop > 2015-03-25T12:29:57Z DEBUG stdout=Stopping certmonger: [ OK ] > > 2015-03-25T12:29:57Z DEBUG stderr= > 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig certmonger off > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr= > 2015-03-25T12:29:59Z INFO Removing Kerberos service principals from > /etc/krb5.keytab > 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab > -r SD.INT > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr=Removing principal host/ > ldap-inf-stg-sg1-01.sd....@sd.int > > 2015-03-25T12:29:59Z INFO Disabling client Kerberos and LDAP configurations > 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/authconfig --disablekrb5 > --disablesssd --update --disablemkhomedir --disableldap --disablesssdauth > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr= > 2015-03-25T12:29:59Z DEBUG Error while moving /etc/sssd/sssd.conf to > /etc/sssd/sssd.conf.deleted > 2015-03-25T12:29:59Z INFO Redundant SSSD configuration file > /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted > 2015-03-25T12:29:59Z DEBUG args=/sbin/service sssd stop > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr= > 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig sssd off > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr= > 2015-03-25T12:29:59Z DEBUG args=/sbin/service nscd status > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr=nscd: unrecognized service > > 2015-03-25T12:29:59Z INFO nscd daemon is not installed, skip configuration > 2015-03-25T12:29:59Z DEBUG args=/sbin/service nslcd status > 2015-03-25T12:29:59Z DEBUG stdout= > 2015-03-25T12:29:59Z DEBUG stderr=nslcd: unrecognized service > > 2015-03-25T12:29:59Z INFO nslcd daemon is not installed, skip configuration > 2015-03-25T12:29:59Z INFO Client uninstall complete. > > > > > > *Best Regards,__________________________________________* > > *Yogesh Sharma* > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > <http://www.initd.in>* > > RHCE, VCE-CIA, RackSpace Cloud U > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > > > On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek <mko...@redhat.com> wrote: > >> On 03/25/2015 07:46 AM, Yogesh Sharma wrote: >> > Hi, >> > >> > We are getting below error while we are installing IPA Server >> > (ipa-server-install --no-ntp). >> > >> > >> > ** >> > *Configuration of client side components failed!* >> > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install >> > --on-master --unattended --domain sd.int <http://sd.int> --server >> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm >> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int >> > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* >> > >> > **Logs indicate below errors: >> > >> > *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h >> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ -x >> -D >> > cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn >> > uid=admin,cn=users,cn=accounts,dc=sd,dc=int* >> > *2015-03-25T06:39:59Z DEBUG stdout=* >> > *2015-03-25T06:39:59Z DEBUG stderr=* >> > *2015-03-25T06:39:59Z DEBUG ldappasswd done* >> > *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install >> --on-master >> > --unattended --domain sd.int <http://sd.int> --server >> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm >> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int >> > <http://ldap-inf-stg-sg1-01.sd.int>* >> > *2015-03-25T06:40:10Z DEBUG stdout=* >> > *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that >> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is an >> IPA >> > Server.* >> > *This may mean that the remote server is not up or is not reachable due >> to >> > network or firewall settings.* >> > *Please make sure the following ports are opened in the firewall >> settings:* >> > * TCP: 80, 88, 389* >> > * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* >> > *Also note that following ports are necessary for ipa-client working >> > properly after enrollment:* >> > * TCP: 464* >> > * UDP: 464, 123 (if NTP enabled)* >> > *Installation failed. Rolling back changes.* >> > *Unconfigured automount client failed: Command 'ipa-client-automount >> > --uninstall --debug' returned non-zero exit status 1* >> > *Removing Kerberos service principals from /etc/krb5.keytab* >> > *Disabling client Kerberos and LDAP configurations* >> > *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to >> > /etc/sssd/sssd.conf.deleted* >> > *nscd daemon is not installed, skip configuration* >> > *nslcd daemon is not installed, skip configuration* >> > *Client uninstall complete.* >> > >> > *2015-03-25T06:40:10Z INFO File >> > "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", >> line >> > 614, in run_script* >> > * return_value = main_function()* >> > >> > * File "/usr/sbin/ipa-server-install", line 1103, in main* >> > * sys.exit("Configuration of client side components >> > failed!\nipa-client-install returned: " + str(e))* >> > >> > *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, >> > exception: SystemExit: Configuration of client side components failed!* >> > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install >> > --on-master --unattended --domain sd.int <http://sd.int> --server >> > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm >> > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int >> > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* >> > >> > ** >> > >> > >> > This server is on AWS and I can confirm that all above ports are opened. >> > Also as it is installing on same server where IPA Server is being >> > installed, Port should not be an issue. >> > >> > Am I missing anything here. >> >> Please also share ipaclient-install.log, it should show what is the exact >> problem in the client component installation. >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project