Thanks Martin for the help.
*Best Regards,__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Wed, Mar 25, 2015 at 7:07 PM, Martin Kosek <mko...@redhat.com> wrote: > This should be in the official RHEL-7.1/CentOS-7.1 repos. > > Or you can try our upstream CentOS-7 based Copr repo: > > https://copr.fedoraproject.org/coprs/mkosek/freeipa/ > > On 03/25/2015 02:30 PM, Yogesh Sharma wrote: > > Hi Martin, > > > > Finally, the issue has resolved. :) > > > > Is there RPM available to install latest IPA version in CentOS or at > least > > 4.0.2 version. > > > > > > > > > > *Best Regards,__________________________________________* > > > > *Yogesh Sharma* > > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > > <http://www.initd.in>* > > > > RHCE, VCE-CIA, RackSpace Cloud U > > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > > > > > > On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek <mko...@redhat.com> wrote: > > > >> Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: > >> > >> https://fedorahosted.org/freeipa/ticket/4444 > >> > >> Please let us know if the DNS update fixed the error. > >> > >> Martin > >> > >> On 03/25/2015 02:11 PM, Yogesh Sharma wrote: > >>> I think I got the issue. Realm Name Entry in DNS is added in lower case > >>> rather than UPPER. > >>> > >>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT <http://sd.int/> > >>> ,cn=kerberos,dc=sd,dc=int > >>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > >> server=None, > >>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > >>> > >>> Will try changing the Realm and see if it resovled. > >>> > >>> > >>> > >>> > >>> *Best Regards,__________________________________________* > >>> > >>> *Yogesh Sharma* > >>> *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > >>> <http://www.initd.in>* > >>> > >>> RHCE, VCE-CIA, RackSpace Cloud U > >>> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > >>> > >>> > >>> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma <yks0...@gmail.com> > >> wrote: > >>> > >>>> Hi Martin, > >>>> > >>>> Please find the client logs: > >>>> > >>>> > >>>> > >>>> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked > with > >>>> options: {'domain': 'sd.int', 'force': False, > 'krb5_offline_passwords': > >>>> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, > >>>> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': > >> None, > >>>> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, > >>>> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': > >>>> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, > >>>> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, > >>>> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, > >> 'nisdomain': > >>>> None, 'prompt_password': False, 'permit': False, 'debug': False, > >>>> 'preserve_sssd': False, 'uninstall': False} > >>>> 2015-03-25T12:29:49Z DEBUG missing options might be asked for > >>>> interactively later > >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >>>> '/var/lib/ipa-client/sysrestore/sysrestore.index' > >>>> 2015-03-25T12:29:49Z DEBUG Loading StateFile from > >>>> '/var/lib/ipa-client/sysrestore/sysrestore.state' > >>>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > >>>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > >>>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > >>>> ldap-inf-stg-sg1-01.sd.int > >>>> 2015-03-25T12:29:49Z DEBUG Server and domain forced > >>>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ > >> kerberos.sd.int. > >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > >>>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > >>>> udp.sd.int. > >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: > DNSResult::name:_kerberos._ > >>>> udp.sd.int > >> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > >>>> ldap-inf-stg-sg1-01.sd.int.} > >>>> 2015-03-25T12:29:49Z DEBUG [LDAP server check] > >>>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > >>>> (realm sd.int) is an IPA server > >>>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > >>>> ldap-inf-stg-sg1-01.sd.int:389 > >>>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > >>>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is > for > >>>> IPA > >>>> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid > IPA > >>>> context > >>>> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) > in > >>>> dc=sd,dc=int (sub) > >>>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > >>>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > >> server=None, > >>>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > >>>> 2015-03-25T12:29:49Z DEBUG Validated servers: > >>>> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int > >>>> 2015-03-25T12:29:49Z DEBUG IPA Server not found > >>>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery] > >>>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, > >>>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= > >>>> ldap-inf-stg-sg1-01.sd.int > >>>> 2015-03-25T12:29:49Z DEBUG Server and domain forced > >>>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] > >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ > >> kerberos.sd.int. > >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ > >>>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} > >>>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ > >>>> udp.sd.int. > >>>> 2015-03-25T12:29:49Z DEBUG DNS record found: > DNSResult::name:_kerberos._ > >>>> udp.sd.int > >> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: > >>>> ldap-inf-stg-sg1-01.sd.int.} > >>>> 2015-03-25T12:29:49Z DEBUG [LDAP server check] > >>>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int > >>>> (realm sd.int) is an IPA server > >>>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// > >>>> ldap-inf-stg-sg1-01.sd.int:389 > >>>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN > >>>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is > for > >>>> IPA > >>>> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid > IPA > >>>> context > >>>> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) > in > >>>> dc=sd,dc=int (sub) > >>>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int > >>>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; > >> server=None, > >>>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int > >>>> 2015-03-25T12:29:49Z DEBUG Validated servers: > >>>> 2015-03-25T12:29:49Z ERROR Failed to verify that > >>>> ldap-inf-stg-sg1-01.sd.int is an IPA Server. > >>>> 2015-03-25T12:29:49Z ERROR This may mean that the remote server is not > >> up > >>>> or is not reachable due to network or firewall settings. > >>>> 2015-03-25T12:29:49Z INFO Please make sure the following ports are > >> opened > >>>> in the firewall settings: > >>>> TCP: 80, 88, 389 > >>>> UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > >>>> Also note that following ports are necessary for ipa-client working > >>>> properly after enrollment: > >>>> TCP: 464 > >>>> UDP: 464, 123 (if NTP enabled) > >>>> 2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as > >>>> option) > >>>> 2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes. > >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >>>> '/var/lib/ipa/sysrestore/sysrestore.index' > >>>> 2015-03-25T12:29:49Z DEBUG args=ipa-client-automount --uninstall > --debug > >>>> 2015-03-25T12:29:49Z DEBUG stdout= > >>>> 2015-03-25T12:29:49Z DEBUG stderr=IPA client is not configured on this > >>>> system. > >>>> > >>>> > >>>> 2015-03-25T12:29:49Z ERROR Unconfigured automount client failed: > Command > >>>> 'ipa-client-automount --uninstall --debug' returned non-zero exit > >> status 1 > >>>> 2015-03-25T12:29:49Z DEBUG Loading Index file from > >>>> '/var/lib/ipa-client/sysrestore/sysrestore.index' > >>>> 2015-03-25T12:29:49Z DEBUG Loading StateFile from > >>>> '/var/lib/ipa-client/sysrestore/sysrestore.state' > >>>> 2015-03-25T12:29:49Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb > >> -n > >>>> IPA CA > >>>> 2015-03-25T12:29:49Z DEBUG stdout= > >>>> 2015-03-25T12:29:49Z DEBUG stderr=certutil: Could not find cert: IPA > CA > >>>> : PR_FILE_NOT_FOUND_ERROR: File not found > >>>> > >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus start > >>>> 2015-03-25T12:29:49Z DEBUG stdout=Starting system message bus: > >>>> > >>>> 2015-03-25T12:29:49Z DEBUG stderr= > >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service messagebus status > >>>> 2015-03-25T12:29:49Z DEBUG stdout=messagebus (pid 1151) is running... > >>>> > >>>> 2015-03-25T12:29:49Z DEBUG stderr= > >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger start > >>>> 2015-03-25T12:29:49Z DEBUG stdout= > >>>> 2015-03-25T12:29:49Z DEBUG stderr= > >>>> 2015-03-25T12:29:49Z DEBUG args=/sbin/service certmonger status > >>>> 2015-03-25T12:29:49Z DEBUG stdout=certmonger (pid 13244) is > running... > >>>> > >>>> 2015-03-25T12:29:49Z DEBUG stderr= > >>>> 2015-03-25T12:29:57Z DEBUG args=/usr/bin/certutil -L -d /etc/pki/nssdb > >> -n > >>>> IPA Machine Certificate - ldap-inf-stg-sg1-01.sd.int > >>>> 2015-03-25T12:29:57Z DEBUG stdout= > >>>> 2015-03-25T12:29:57Z DEBUG stderr=certutil: Could not find cert: IPA > >>>> Machine Certificate - ldap-inf-stg-sg1-01.sd.int > >>>> : PR_FILE_NOT_FOUND_ERROR: File not found > >>>> > >>>> 2015-03-25T12:29:57Z DEBUG args=/sbin/service certmonger stop > >>>> 2015-03-25T12:29:57Z DEBUG stdout=Stopping certmonger: [ OK ] > >>>> > >>>> 2015-03-25T12:29:57Z DEBUG stderr= > >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig certmonger off > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr= > >>>> 2015-03-25T12:29:59Z INFO Removing Kerberos service principals from > >>>> /etc/krb5.keytab > >>>> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/ipa-rmkeytab -k > >> /etc/krb5.keytab > >>>> -r SD.INT > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr=Removing principal host/ > >>>> ldap-inf-stg-sg1-01.sd....@sd.int > >>>> > >>>> 2015-03-25T12:29:59Z INFO Disabling client Kerberos and LDAP > >> configurations > >>>> 2015-03-25T12:29:59Z DEBUG args=/usr/sbin/authconfig --disablekrb5 > >>>> --disablesssd --update --disablemkhomedir --disableldap > >> --disablesssdauth > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr= > >>>> 2015-03-25T12:29:59Z DEBUG Error while moving /etc/sssd/sssd.conf to > >>>> /etc/sssd/sssd.conf.deleted > >>>> 2015-03-25T12:29:59Z INFO Redundant SSSD configuration file > >>>> /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted > >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service sssd stop > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr= > >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/chkconfig sssd off > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr= > >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nscd status > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr=nscd: unrecognized service > >>>> > >>>> 2015-03-25T12:29:59Z INFO nscd daemon is not installed, skip > >> configuration > >>>> 2015-03-25T12:29:59Z DEBUG args=/sbin/service nslcd status > >>>> 2015-03-25T12:29:59Z DEBUG stdout= > >>>> 2015-03-25T12:29:59Z DEBUG stderr=nslcd: unrecognized service > >>>> > >>>> 2015-03-25T12:29:59Z INFO nslcd daemon is not installed, skip > >> configuration > >>>> 2015-03-25T12:29:59Z INFO Client uninstall complete. > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> *Best Regards,__________________________________________* > >>>> > >>>> *Yogesh Sharma* > >>>> *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > >>>> <http://www.initd.in>* > >>>> > >>>> RHCE, VCE-CIA, RackSpace Cloud U > >>>> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > >>>> > >>>> > >>>> On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek <mko...@redhat.com> > >> wrote: > >>>> > >>>>> On 03/25/2015 07:46 AM, Yogesh Sharma wrote: > >>>>>> Hi, > >>>>>> > >>>>>> We are getting below error while we are installing IPA Server > >>>>>> (ipa-server-install --no-ntp). > >>>>>> > >>>>>> > >>>>>> ** > >>>>>> *Configuration of client side components failed!* > >>>>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > >>>>>> --on-master --unattended --domain sd.int <http://sd.int> --server > >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > >> --realm > >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status > 1* > >>>>>> > >>>>>> **Logs indicate below errors: > >>>>>> > >>>>>> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h > >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ > -x > >>>>> -D > >>>>>> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T > >> /var/lib/ipa/tmp0iYpzn > >>>>>> uid=admin,cn=users,cn=accounts,dc=sd,dc=int* > >>>>>> *2015-03-25T06:39:59Z DEBUG stdout=* > >>>>>> *2015-03-25T06:39:59Z DEBUG stderr=* > >>>>>> *2015-03-25T06:39:59Z DEBUG ldappasswd done* > >>>>>> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install > >>>>> --on-master > >>>>>> --unattended --domain sd.int <http://sd.int> --server > >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > >> --realm > >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>* > >>>>>> *2015-03-25T06:40:10Z DEBUG stdout=* > >>>>>> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that > >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is > an > >>>>> IPA > >>>>>> Server.* > >>>>>> *This may mean that the remote server is not up or is not reachable > >> due > >>>>> to > >>>>>> network or firewall settings.* > >>>>>> *Please make sure the following ports are opened in the firewall > >>>>> settings:* > >>>>>> * TCP: 80, 88, 389* > >>>>>> * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* > >>>>>> *Also note that following ports are necessary for ipa-client working > >>>>>> properly after enrollment:* > >>>>>> * TCP: 464* > >>>>>> * UDP: 464, 123 (if NTP enabled)* > >>>>>> *Installation failed. Rolling back changes.* > >>>>>> *Unconfigured automount client failed: Command 'ipa-client-automount > >>>>>> --uninstall --debug' returned non-zero exit status 1* > >>>>>> *Removing Kerberos service principals from /etc/krb5.keytab* > >>>>>> *Disabling client Kerberos and LDAP configurations* > >>>>>> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to > >>>>>> /etc/sssd/sssd.conf.deleted* > >>>>>> *nscd daemon is not installed, skip configuration* > >>>>>> *nslcd daemon is not installed, skip configuration* > >>>>>> *Client uninstall complete.* > >>>>>> > >>>>>> *2015-03-25T06:40:10Z INFO File > >>>>>> > "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", > >>>>> line > >>>>>> 614, in run_script* > >>>>>> * return_value = main_function()* > >>>>>> > >>>>>> * File "/usr/sbin/ipa-server-install", line 1103, in main* > >>>>>> * sys.exit("Configuration of client side components > >>>>>> failed!\nipa-client-install returned: " + str(e))* > >>>>>> > >>>>>> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, > >>>>>> exception: SystemExit: Configuration of client side components > >> failed!* > >>>>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > >>>>>> --on-master --unattended --domain sd.int <http://sd.int> --server > >>>>>> ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> > >> --realm > >>>>>> SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > >>>>>> <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status > 1* > >>>>>> > >>>>>> ** > >>>>>> > >>>>>> > >>>>>> This server is on AWS and I can confirm that all above ports are > >> opened. > >>>>>> Also as it is installing on same server where IPA Server is being > >>>>>> installed, Port should not be an issue. > >>>>>> > >>>>>> Am I missing anything here. > >>>>> > >>>>> Please also share ipaclient-install.log, it should show what is the > >> exact > >>>>> problem in the client component installation. > >>>>> > >>>>> > >>>> > >>> > >> > >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project