Re: [Freeipa-users] ipa-client-install errors

Gady Notrica Wed, 20 Apr 2016 10:16:24 -0700

Please find attached the install log

Gady


-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky
Sent: April 20, 2016 1:04 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-client-install errors

On 04/20/2016 06:00 PM, Gady Notrica wrote:
> Hello World,
>
> I am having these errors trying to install ipa-client-install. Every 
> other machine is fine and they IPA servers are functioning perfectly
>
> Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
>
> Kerberos authentication failed: kinit: Improper format of Kerberos 
> configuration file while initializing Kerberos 5 library
>
> Then I have "/Installation failed. Rolling back changes."/
>
> I have tried everything I know with no luck. Any idea on how to FIX 
> this? Below is the full log.
>
> -----------------------------------------------------------
>
> /Continue to configure the system with these values? [no]: yes/
>
> /Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1/
>
> /Skipping synchronizing time with NTP server./
>
> /User authorized to enroll computers: admin/
>
> /Password for ad...@ipa.domain.com:/
>
> /Please make sure the following ports are opened in the firewall 
> settings:/
>
> /     TCP: 80, 88, 389/
>
> /     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)/
>
> /Also note that following ports are necessary for ipa-client working 
> properly after enrollment:/
>
> /     TCP: 464/
>
> /     UDP: 464, 123 (if NTP enabled)/
>
> /Kerberos authentication failed: kinit: Improper format of Kerberos 
> configuration file while initializing Kerberos 5 library/
>
> //
>
> /Installation failed. Rolling back changes./
>
> /Failed to list certificates in /etc/ipa/nssdb: Command 
> ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero 
> exit status 255/
>
> /Disabling client Kerberos and LDAP configurations/
>
> /Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to 
> /etc/sssd/sssd.conf.deleted/
>
> /Restoring client configuration files/
>
> /nscd daemon is not installed, skip configuration/
>
> /nslcd daemon is not installed, skip configuration/
>
> /Client uninstall complete./
>
> /---------------------------------------------------------------/
>
> Gady
>
>
>
We would need to see the whole log, it should be located in 
'/var/log/ipaclient-install.log'

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

# cat /var/log/ipaclient-install.log
2016-04-20T16:04:34Z DEBUG /usr/sbin/ipa-client-install was invoked with 
options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 
'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name': 
None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': 
False, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None, 
'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': 
'cd-s-prd-db1.ipa.domain.com', 'request_cert': False, 'trust_sshfp': False, 
'no_ac': False, 'unattended': None, 'all_ip_addresses': False, 'location': 
None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5, 'dns_updates': 
True, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'firefox_dir': 
None, 'server': None, 'prompt_password': False, 'permit': False, 'debug': 
False, 'preserve_sssd': True, 'mkhomedir': True, 'uninstall': False}
2016-04-20T16:04:34Z DEBUG missing options might be asked for interactively 
later
2016-04-20T16:04:34Z DEBUG IPA version 4.2.0-15.0.1.el7.centos.6.1
2016-04-20T16:04:34Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2016-04-20T16:04:34Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2016-04-20T16:04:34Z DEBUG [IPA Discovery]
2016-04-20T16:04:34Z DEBUG Starting IPA discovery with domain=None, 
servers=None, hostname=cd-s-prd-db1.ipa.domain.com
2016-04-20T16:04:34Z DEBUG Start searching for LDAP SRV record in 
"ipa.domain.com" (domain of the hostname) and its sub-domains
2016-04-20T16:04:34Z DEBUG Search DNS for SRV record of 
_ldap._tcp.ipa.domain.com
2016-04-20T16:04:34Z DEBUG DNS record found: 0 100 389 idmipa1.ipa.domain.com.
2016-04-20T16:04:34Z DEBUG DNS record found: 0 100 389 idmipa2.ipa.domain.com.
2016-04-20T16:04:34Z DEBUG [Kerberos realm search]
2016-04-20T16:04:34Z DEBUG Search DNS for TXT record of _kerberos.ipa.domain.com
2016-04-20T16:04:34Z DEBUG DNS record found: "IPA.domain.com"
2016-04-20T16:04:34Z DEBUG Search DNS for SRV record of 
_kerberos._udp.ipa.domain.com
2016-04-20T16:04:34Z DEBUG DNS record found: 0 100 88 idmipa2.ipa.domain.com.
2016-04-20T16:04:34Z DEBUG DNS record found: 0 100 88 idmipa1.ipa.domain.com.
2016-04-20T16:04:34Z DEBUG [LDAP server check]
2016-04-20T16:04:34Z DEBUG Verifying that idmipa1.ipa.domain.com (realm 
IPA.domain.com) is an IPA server
2016-04-20T16:04:34Z DEBUG Init LDAP connection to: idmipa1.ipa.domain.com
2016-04-20T16:04:35Z DEBUG Search LDAP server for IPA base DN
2016-04-20T16:04:35Z DEBUG Check if naming context 'dc=ipa,dc=domain,dc=com' is 
for IPA
2016-04-20T16:04:35Z DEBUG Naming context 'dc=ipa,dc=domain,dc=com' is a valid 
IPA context
2016-04-20T16:04:35Z DEBUG Search for (objectClass=krbRealmContainer) in 
dc=ipa,dc=domain,dc=com (sub)
2016-04-20T16:04:35Z DEBUG Found: 
cn=IPA.domain.com,cn=kerberos,dc=ipa,dc=domain,dc=com
2016-04-20T16:04:35Z DEBUG Discovery result: Success; 
server=idmipa1.ipa.domain.com, domain=ipa.domain.com, 
kdc=idmipa2.ipa.domain.com,idmipa1.ipa.domain.com, 
basedn=dc=ipa,dc=domain,dc=com
2016-04-20T16:04:35Z DEBUG Validated servers: idmipa1.ipa.domain.com
2016-04-20T16:04:35Z DEBUG will use discovered domain: ipa.domain.com
2016-04-20T16:04:35Z DEBUG Start searching for LDAP SRV record in 
"ipa.domain.com" (Validating DNS Discovery) and its sub-domains
2016-04-20T16:04:35Z DEBUG Search DNS for SRV record of 
_ldap._tcp.ipa.domain.com
2016-04-20T16:04:35Z DEBUG DNS record found: 0 100 389 idmipa2.ipa.domain.com.
2016-04-20T16:04:35Z DEBUG DNS record found: 0 100 389 idmipa1.ipa.domain.com.
2016-04-20T16:04:35Z DEBUG DNS validated, enabling discovery
2016-04-20T16:04:35Z DEBUG will use discovered server: idmipa1.ipa.domain.com
2016-04-20T16:04:35Z INFO Discovery was successful!
2016-04-20T16:04:35Z DEBUG will use discovered realm: IPA.domain.com
2016-04-20T16:04:35Z DEBUG will use discovered basedn: dc=ipa,dc=domain,dc=com
2016-04-20T16:04:35Z INFO Client hostname: cd-s-prd-db1.ipa.domain.com
2016-04-20T16:04:35Z DEBUG Hostname source: Provided as option
2016-04-20T16:04:35Z INFO Realm: IPA.domain.com
2016-04-20T16:04:35Z DEBUG Realm source: Discovered from LDAP DNS records in 
idmipa1.ipa.domain.com
2016-04-20T16:04:35Z INFO DNS Domain: ipa.domain.com
2016-04-20T16:04:35Z DEBUG DNS Domain source: Discovered LDAP SRV records from 
ipa.domain.com (domain of the hostname)
2016-04-20T16:04:35Z INFO IPA Server: idmipa1.ipa.domain.com
2016-04-20T16:04:35Z DEBUG IPA Server source: Discovered from LDAP DNS records 
in idmipa1.ipa.domain.com
2016-04-20T16:04:35Z INFO BaseDN: dc=ipa,dc=domain,dc=com
2016-04-20T16:04:35Z DEBUG BaseDN source: From IPA server 
ldap://idmipa1.ipa.domain.com:389
2016-04-20T16:04:40Z DEBUG Starting external process
2016-04-20T16:04:40Z DEBUG args='/usr/sbin/ipa-rmkeytab' '-k' 
'/etc/krb5.keytab' '-r' 'IPA.domain.com'
2016-04-20T16:04:40Z DEBUG Process finished, return code=1
2016-04-20T16:04:40Z DEBUG stdout=
2016-04-20T16:04:40Z DEBUG stderr=Kerberos context initialization failed

2016-04-20T16:04:40Z ERROR Error trying to clean keytab: /usr/sbin/ipa-rmkeytab 
returned 1
2016-04-20T16:04:40Z DEBUG Starting external process
2016-04-20T16:04:40Z DEBUG args='/bin/hostname' 'cd-s-prd-db1.ipa.domain.com'
2016-04-20T16:04:40Z DEBUG Process finished, return code=0
2016-04-20T16:04:40Z DEBUG stdout=
2016-04-20T16:04:40Z DEBUG stderr=
2016-04-20T16:04:40Z DEBUG Backing up system configuration file '/etc/hostname'
2016-04-20T16:04:40Z DEBUG Saving Index File to 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2016-04-20T16:04:40Z DEBUG Starting external process
2016-04-20T16:04:40Z DEBUG args='/usr/sbin/selinuxenabled'
2016-04-20T16:04:40Z DEBUG Process finished, return code=0
2016-04-20T16:04:40Z DEBUG stdout=
2016-04-20T16:04:40Z DEBUG stderr=
2016-04-20T16:04:40Z DEBUG Starting external process
2016-04-20T16:04:40Z DEBUG args='/sbin/restorecon' '/etc/hostname'
2016-04-20T16:04:40Z DEBUG Process finished, return code=0
2016-04-20T16:04:40Z DEBUG stdout=
2016-04-20T16:04:40Z DEBUG stderr=
2016-04-20T16:04:40Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2016-04-20T16:04:40Z DEBUG Saving StateFile to 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2016-04-20T16:04:40Z INFO Skipping synchronizing time with NTP server.
2016-04-20T16:04:58Z DEBUG importing all plugin modules in ipalib.plugins...
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.aci
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.automember
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.automount
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.baseldap
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.baseuser
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.batch
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.caacl
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.cert
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.certprofile
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.config
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.delegation
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.dns
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.domainlevel
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.group
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.hbacrule
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.hbactest
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.host
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.hostgroup
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.idrange
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.idviews
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.internal
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.kerberos
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.migration
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.misc
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.netgroup
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.otpconfig
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.otptoken
2016-04-20T16:04:58Z DEBUG importing plugin module 
ipalib.plugins.otptoken_yubikey
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.passwd
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.permission
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.ping
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.pkinit
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.privilege
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2016-04-20T16:04:58Z DEBUG Starting external process
2016-04-20T16:04:58Z DEBUG args='klist' '-V'
2016-04-20T16:04:58Z DEBUG Process finished, return code=0
2016-04-20T16:04:58Z DEBUG stdout=Kerberos 5 version 1.13.2

2016-04-20T16:04:58Z DEBUG stderr=
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.realmdomains
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.role
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.rpcclient
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.selfservice
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.server
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.service
2016-04-20T16:04:58Z DEBUG importing plugin module 
ipalib.plugins.servicedelegation
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.session
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.stageuser
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.sudocmd
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.sudorule
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.topology
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.trust
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.user
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.vault
2016-04-20T16:04:58Z DEBUG importing plugin module ipalib.plugins.virtual

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-client-install errors

Reply via email to