Hi Martin, Finally, the issue has resolved. :)
Is there RPM available to install latest IPA version in CentOS or at least 4.0.2 version. *Best Regards,__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek <mko...@redhat.com> wrote: > Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: > > https://fedorahosted.org/freeipa/ticket/4444 > > Please let us know if the DNS update fixed the error. > > Martin > > On 03/25/2015 02:11 PM, Yogesh Sharma wrote: > > I think I got the issue. Realm Name Entry in DNS is added in lower case > > rather than UPPER. > > > > 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT <http://sd.int/> > > ,cn=kerberos,dc=sd,dc=int > > 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > server=None, > > domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > > > > Will try changing the Realm and see if it resovled. > > > > > > > > > > *Best Regards,__________________________________________* > > > > *Yogesh Sharma* > > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > > <http://www.initd.in>* > > > > RHCE, VCE-CIA, RackSpace Cloud U > > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > > > > > > On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma <yks0...@gmail.com> > wrote: > > > >> Hi Martin, > >> > >> Please find the client logs: > >> > >> > >> > >> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with > >> options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': > >> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, > >> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': > None, > >> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, > >> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': > >> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, > >> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, > >> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, > 'nisdomain': > >> None, 'prompt_password': False, 'permit': False, 'debug': False, > >> 'preserve_sssd': False, 'uninstall': False} > >> 2015-03-25T12:29:49Z DEBUG missing options might be asked for > >> interactively later > >> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >> '/var/lib/ipa-client/sysrestore/sysrestore.index' > >> 2015-03-25T12:29:49Z DEBUG Loading StateFile from > >> '/var/lib/ipa-client/sysrestore/sysrestore.state' > >> 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > >> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > >> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > >> ldap-inf-stg-sg1-01.sd.int > >> 2015-03-25T12:29:49Z DEBUG Server and domain forced > >> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > >> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ > kerberos.sd.int. > >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > >> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > >> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > >> udp.sd.int. > >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ > >> udp.sd.int > .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > >> ldap-inf-stg-sg1-01.sd.int.} > >> 2015-03-25T12:29:49Z DEBUG [LDAP server check] > >> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > >> (realm sd.int) is an IPA server > >> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > >> ldap-inf-stg-sg1-01.sd.int:389 > >> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > >> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for > >> IPA > >> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA > >> context > >> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in > >> dc=sd,dc=int (sub) > >> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > >> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > server=None, > >> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > >> 2015-03-25T12:29:49Z DEBUG Validated servers: > >> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int > >> 2015-03-25T12:29:49Z DEBUG IPA Server not found > >> 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > >> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > >> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > >> ldap-inf-stg-sg1-01.sd.int > >> 2015-03-25T12:29:49Z DEBUG Server and domain forced > >> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > >> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ > kerberos.sd.int. > >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > >> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > >> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > >> udp.sd.int. > >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ > >> udp.sd.int > .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > >> ldap-inf-stg-sg1-01.sd.int.} > >> 2015-03-25T12:29:49Z DEBUG [LDAP server check] > >> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > >> (realm sd.int) is an IPA server > >> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > >> ldap-inf-stg-sg1-01.sd.int:389 > >> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > >> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for > >> IPA > >> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA > >> context > >> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in > >> dc=sd,dc=int (sub) > >> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > >> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > server=None, > >> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > >> 2015-03-25T12:29:49Z DEBUG Validated servers: > >> 2015-03-25T12:29:49Z ERROR Failed to verify that > >> ldap-inf-stg-sg1-01.sd.int is an IPA Server. > >> 2015-03-25T12:29:49Z ERROR This may mean that the remote server is not > up > >> or is not reachable due to network or firewall settings. > >> 2015-03-25T12:29:49Z INFO Please make sure the following ports are > opened > >> in the firewall settings: > >> TCP: 80, 88, 389 > >> UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > >> Also note that following ports are necessary for ipa-client working > >> properly after enrollment: > >> TCP: 464 > >> UDP: 464, 123 (if NTP enabled) > >> 2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as > >> option) > >> 2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes. > >> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >> '/var/lib/ipa/sysrestore/sysrestore.index' > >> 2015-03-25T12:29:49Z DEBUG args=ipa-client-automount --uninstall --debug > >> 2015-03-25T12:29:49Z DEBUG stdout= > >> 2015-03-25T12:29:49Z DEBUG stderr=IPA client is not configured on this > >> system. > >> > >> > >> 2015-03-25T12:29:49Z ERROR Unconfigured automount client failed: Command > >> 'ipa-client-automount --uninstall --debug' returned non-zero exit > status 1 > >> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >> '/var/lib/ipa-client/sysrestore/sysrestore.index' > >> 2015-03-25T12:29:49Z DEBUG Loading StateFile from > >> '/var/lib/ipa-client/sysrestore/sysrestore.state' > >> 2015-03-25T12:29:49Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb > -n > >> IPA CA > >> 2015-03-25T12:29:49Z DEBUG stdout= > >> 2015-03-25T12:29:49Z DEBUG stderr=certutil: Could not find cert: IPA CA > >> : PR_FILE_NOT_FOUND_ERROR: File not found > >> > >> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus start > >> 2015-03-25T12:29:49Z DEBUG stdout=Starting system message bus: > >> > >> 2015-03-25T12:29:49Z DEBUG stderr= > >> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus status > >> 2015-03-25T12:29:49Z DEBUG stdout=messagebus (pid 1151) is running... > >> > >> 2015-03-25T12:29:49Z DEBUG stderr= > >> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger start > >> 2015-03-25T12:29:49Z DEBUG stdout= > >> 2015-03-25T12:29:49Z DEBUG stderr= > >> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger status > >> 2015-03-25T12:29:49Z DEBUG stdout=certmonger (pid 13244) is running... > >> > >> 2015-03-25T12:29:49Z DEBUG stderr= > >> 2015-03-25T12:29:57Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb > -n > >> IPA Machine Certificate - ldap-inf-stg-sg1-01.sd.int > >> 2015-03-25T12:29:57Z DEBUG stdout= > >> 2015-03-25T12:29:57Z DEBUG stderr=certutil: Could not find cert: IPA > >> Machine Certificate - ldap-inf-stg-sg1-01.sd.int > >> : PR_FILE_NOT_FOUND_ERROR: File not found > >> > >> 2015-03-25T12:29:57Z DEBUG args=/sbin/service certmonger stop > >> 2015-03-25T12:29:57Z DEBUG stdout=Stopping certmonger: [ OK ] > >> > >> 2015-03-25T12:29:57Z DEBUG stderr= > >> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig certmonger off > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr= > >> 2015-03-25T12:29:59Z INFO Removing Kerberos service principals from > >> /etc/krb5.keytab > >> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/ipa-rmkeytab -k > /etc/krb5.keytab > >> -r SD.INT > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr=Removing principal host/ > >> ldap-inf-stg-sg1-01.sd....@sd.int > >> > >> 2015-03-25T12:29:59Z INFO Disabling client Kerberos and LDAP > configurations > >> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/authconfig --disablekrb5 > >> --disablesssd --update --disablemkhomedir --disableldap > --disablesssdauth > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr= > >> 2015-03-25T12:29:59Z DEBUG Error while moving /etc/sssd/sssd.conf to > >> /etc/sssd/sssd.conf.deleted > >> 2015-03-25T12:29:59Z INFO Redundant SSSD configuration file > >> /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted > >> 2015-03-25T12:29:59Z DEBUG args=/sbin/service sssd stop > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr= > >> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig sssd off > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr= > >> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nscd status > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr=nscd: unrecognized service > >> > >> 2015-03-25T12:29:59Z INFO nscd daemon is not installed, skip > configuration > >> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nslcd status > >> 2015-03-25T12:29:59Z DEBUG stdout= > >> 2015-03-25T12:29:59Z DEBUG stderr=nslcd: unrecognized service > >> > >> 2015-03-25T12:29:59Z INFO nslcd daemon is not installed, skip > configuration > >> 2015-03-25T12:29:59Z INFO Client uninstall complete. > >> > >> > >> > >> > >> > >> *Best Regards,__________________________________________* > >> > >> *Yogesh Sharma* > >> *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > >> <http://www.initd.in>* > >> > >> RHCE, VCE-CIA, RackSpace Cloud U > >> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > >> > >> > >> On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek <mko...@redhat.com> > wrote: > >> > >>> On 03/25/2015 07:46 AM, Yogesh Sharma wrote: > >>>> Hi, > >>>> > >>>> We are getting below error while we are installing IPA Server > >>>> (ipa-server-install --no-ntp). > >>>> > >>>> > >>>> ** > >>>> *Configuration of client side components failed!* > >>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > >>>> --on-master --unattended --domain sd.int <http://sd.int> --server > >>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > --realm > >>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* > >>>> > >>>> **Logs indicate below errors: > >>>> > >>>> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h > >>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ -x > >>> -D > >>>> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T > /var/lib/ipa/tmp0iYpzn > >>>> uid=admin,cn=users,cn=accounts,dc=sd,dc=int* > >>>> *2015-03-25T06:39:59Z DEBUG stdout=* > >>>> *2015-03-25T06:39:59Z DEBUG stderr=* > >>>> *2015-03-25T06:39:59Z DEBUG ldappasswd done* > >>>> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install > >>> --on-master > >>>> --unattended --domain sd.int <http://sd.int> --server > >>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > --realm > >>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>> <http://ldap-inf-stg-sg1-01.sd.int>* > >>>> *2015-03-25T06:40:10Z DEBUG stdout=* > >>>> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that > >>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is an > >>> IPA > >>>> Server.* > >>>> *This may mean that the remote server is not up or is not reachable > due > >>> to > >>>> network or firewall settings.* > >>>> *Please make sure the following ports are opened in the firewall > >>> settings:* > >>>> * TCP: 80, 88, 389* > >>>> * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* > >>>> *Also note that following ports are necessary for ipa-client working > >>>> properly after enrollment:* > >>>> * TCP: 464* > >>>> * UDP: 464, 123 (if NTP enabled)* > >>>> *Installation failed. Rolling back changes.* > >>>> *Unconfigured automount client failed: Command 'ipa-client-automount > >>>> --uninstall --debug' returned non-zero exit status 1* > >>>> *Removing Kerberos service principals from /etc/krb5.keytab* > >>>> *Disabling client Kerberos and LDAP configurations* > >>>> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to > >>>> /etc/sssd/sssd.conf.deleted* > >>>> *nscd daemon is not installed, skip configuration* > >>>> *nslcd daemon is not installed, skip configuration* > >>>> *Client uninstall complete.* > >>>> > >>>> *2015-03-25T06:40:10Z INFO File > >>>> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", > >>> line > >>>> 614, in run_script* > >>>> * return_value = main_function()* > >>>> > >>>> * File "/usr/sbin/ipa-server-install", line 1103, in main* > >>>> * sys.exit("Configuration of client side components > >>>> failed!\nipa-client-install returned: " + str(e))* > >>>> > >>>> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, > >>>> exception: SystemExit: Configuration of client side components > failed!* > >>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > >>>> --on-master --unattended --domain sd.int <http://sd.int> --server > >>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > --realm > >>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* > >>>> > >>>> ** > >>>> > >>>> > >>>> This server is on AWS and I can confirm that all above ports are > opened. > >>>> Also as it is installing on same server where IPA Server is being > >>>> installed, Port should not be an issue. > >>>> > >>>> Am I missing anything here. > >>> > >>> Please also share ipaclient-install.log, it should show what is the > exact > >>> problem in the client component installation. > >>> > >>> > >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
