On 11/30/2017 11:39 AM, Fuji San via FreeIPA-users wrote:
Hello,
I have trouble enrolling a ipa client.
I just installed Fedora 27 and all the packages are up-to-date.
I succeeded to enroll 2 previous F27 clients, but this one is giving me a hard 
time.

Any help would be welcome.

Fuji

------
$ ipa-client-install --enable-dns-updates --mkhomedir --ssh-trust-dns 
--no-nisdomain --server=ipaserver.mydomain --domain=mydomain
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always 
access the discovered server for all operations and will not fail over to other 
servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Client hostname: ipaclient.mydomain
Realm: MYDOMAIN
DNS Domain: mydomain
IPA Server: ipaserver.mydomain
BaseDN: dc=mydomain

Continue to configure the system with these values? [no]: yes
Skipping synchronizing time with NTP server.
User authorized to enroll computers: admin
Password for admin@MYDOMAIN:
Successfully retrieved CA cert
     Subject:     CN=Certificate Authority,O=MYDOMAIN
     Issuer:      CN=Certificate Authority,O=MYDOMAIN
     Valid From:  2015-09-11 08:02:12
     Valid Until: 2035-09-11 08:02:12

Joining realm failed: HTTP POST to URL 'https://ipaserver.mydomain:443/ipa/xml' 
failed.  HTTP response code is 401, not 200

Installation failed. Rolling back changes.
Unconfigured automount client failed: Command 'ipa-client-automount --uninstall 
--debug' returned non-zero exit status 1.
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to 
/etc/sssd/sssd.conf.deleted
Client uninstall complete.
The ipa-client-install command failed. See /var/log/ipaclient-install.log for 
more information
-----




------
2017-11-30T10:11:50Z DEBUG Logging to /var/log/ipaclient-install.log
2017-11-30T10:11:50Z DEBUG ipa-client-install was invoked with arguments [] and 
options: {'unattended': False, 'principal': None, 'prompt_password': False, 
'on_master': False, 'ca_cert_files': None, 'no_ac': False, 'force': False, 
'configure_firefox': False, 'firefox_dir': None, 'keytab': None, 'mkhomedir': 
True, 'force_join': False, 'ntp_servers': None, 'no_ntp': False, 'force_ntpd': 
False, 'nisdomain': None, 'no_nisdomain': True, 'ssh_trust_dns': True, 
'no_ssh': False, 'no_sshd': False, 'no_sudo': False, 'no_dns_sshfp': False, 
'kinit_attempts': None, 'request_cert': False, 'ip_addresses': None, 
'all_ip_addresses': False, 'fixed_primary': False, 'permit': False, 
'enable_dns_updates': True, 'no_krb5_offline_passwords': False, 
'preserve_sssd': False, 'no_sssd': False, 'automount_location': None, 
'domain_name': 'mydomain', 'servers': ['ipaserver.mydomain'], 'realm_name': 
None, 'host_name': None, 'verbose': False, 'quiet': False, 'log_file': None, 
'uninstall': False}
2017-11-30T10:11:50Z DEBUG IPA version 4.6.1-3.fc27
2017-11-30T10:11:50Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-11-30T10:11:50Z DEBUG Starting external process
2017-11-30T10:11:50Z DEBUG args=/usr/sbin/selinuxenabled
2017-11-30T10:11:50Z DEBUG Process finished, return code=1
2017-11-30T10:11:50Z DEBUG stdout=
2017-11-30T10:11:50Z DEBUG stderr=
2017-11-30T10:11:50Z DEBUG Starting external process
2017-11-30T10:11:50Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2017-11-30T10:11:50Z DEBUG Process finished, return code=0
2017-11-30T10:11:50Z DEBUG stdout=enabled

2017-11-30T10:11:50Z DEBUG stderr=
2017-11-30T10:11:50Z DEBUG [IPA Discovery]
2017-11-30T10:11:50Z DEBUG Starting IPA discovery with domain=mydomain, 
servers=['ipaserver.mydomain'], hostname=ipaclient.mydomain
2017-11-30T10:11:50Z DEBUG Server and domain forced
2017-11-30T10:11:50Z DEBUG [Kerberos realm search]
2017-11-30T10:11:50Z DEBUG Search DNS for TXT record of _kerberos.mydomain
2017-11-30T10:11:50Z DEBUG DNS record found: "MYDOMAIN"
2017-11-30T10:11:50Z DEBUG [LDAP server check]
2017-11-30T10:11:50Z DEBUG Verifying that ipaserver.mydomain (realm MYDOMAIN) 
is an IPA server
2017-11-30T10:11:50Z DEBUG Init LDAP connection to: 
ldap://ipaserver.mydomain:389
2017-11-30T10:11:50Z DEBUG Search LDAP server for IPA base DN
2017-11-30T10:11:50Z DEBUG Check if naming context 'dc=mydomain' is for IPA
2017-11-30T10:11:50Z DEBUG Naming context 'dc=mydomain' is a valid IPA context
2017-11-30T10:11:50Z DEBUG Search for (objectClass=krbRealmContainer) in 
dc=mydomain (sub)
2017-11-30T10:11:50Z DEBUG Found: cn=MYDOMAIN,cn=kerberos,dc=mydomain
2017-11-30T10:11:50Z DEBUG Discovery result: Success; 
server=ipaserver.mydomain, domain=mydomain, kdc=ipaserver.mydomain, 
basedn=dc=mydomain
2017-11-30T10:11:50Z DEBUG Validated servers: ipaserver.mydomain
2017-11-30T10:11:50Z DEBUG will use discovered domain: mydomain
2017-11-30T10:11:50Z DEBUG Using servers from command line, disabling DNS 
discovery
2017-11-30T10:11:50Z DEBUG will use provided server: ipaserver.mydomain
2017-11-30T10:11:50Z INFO Autodiscovery of servers for failover cannot work 
with this configuration.
2017-11-30T10:11:50Z INFO If you proceed with the installation, services will 
be configured to always access the discovered server for all mydomaintions and 
will not fail over to other servers in case of failure.
2017-11-30T10:11:53Z DEBUG will use discovered realm: MYDOMAIN
2017-11-30T10:11:53Z DEBUG will use discovered basedn: dc=mydomain
2017-11-30T10:11:53Z INFO Client hostname: ipaclient.mydomain
2017-11-30T10:11:53Z DEBUG Hostname source: Machine's FQDN
2017-11-30T10:11:53Z INFO Realm: MYDOMAIN
2017-11-30T10:11:53Z DEBUG Realm source: Discovered from LDAP DNS records in 
ipaserver.mydomain
2017-11-30T10:11:53Z INFO DNS Domain: mydomain
2017-11-30T10:11:53Z DEBUG DNS Domain source: Forced
2017-11-30T10:11:53Z INFO IPA Server: ipaserver.mydomain
2017-11-30T10:11:53Z DEBUG IPA Server source: Provided as option
2017-11-30T10:11:53Z INFO BaseDN: dc=mydomain
2017-11-30T10:11:53Z DEBUG BaseDN source: From IPA server 
ldap://ipaserver.mydomain:389
2017-11-30T10:11:55Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-11-30T10:11:55Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:11:55Z DEBUG Starting external process
2017-11-30T10:11:55Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r 
MYDOMAIN
2017-11-30T10:11:55Z DEBUG Process finished, return code=3
2017-11-30T10:11:55Z DEBUG stdout=
2017-11-30T10:11:55Z DEBUG stderr=Failed to open keytab '/etc/krb5.keytab': No 
such file or directory

2017-11-30T10:11:55Z INFO Skipping synchronizing time with NTP server.
2017-11-30T10:11:58Z DEBUG will use principal provided as option: admin
2017-11-30T10:11:58Z DEBUG Starting external process
2017-11-30T10:11:58Z DEBUG args=keyctl get_persistent @s 0
2017-11-30T10:11:58Z DEBUG Process finished, return code=0
2017-11-30T10:11:58Z DEBUG stdout=227339787

2017-11-30T10:11:58Z DEBUG stderr=
2017-11-30T10:11:58Z DEBUG Enabling persistent keyring CCACHE
2017-11-30T10:11:58Z DEBUG Writing Kerberos configuration to /tmp/tmp5wx608ci:
2017-11-30T10:11:58Z DEBUG #File modified by ipa-client-install

includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
   default_realm = MYDOMAIN
   dns_lookup_realm = false
   dns_lookup_kdc = false
   rdns = false
   dns_canonicalize_hostname = false
   ticket_lifetime = 24h
   forwardable = true
   udp_preference_limit = 0
   default_ccache_name = KEYRING:persistent:%{uid}


[realms]
   MYDOMAIN = {
     kdc = ipaserver.mydomain:88
     master_kdc = ipaserver.mydomain:88
     admin_server = ipaserver.mydomain:749
     kpasswd_server = ipaserver.mydomain:464
     default_domain = mydomain
     pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
     pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem

   }


[domain_realm]
   .mydomain = MYDOMAIN
   mydomain = MYDOMAIN
   ipaclient.mydomain = MYDOMAIN



2017-11-30T10:12:03Z DEBUG Initializing principal admin@MYDOMAIN using password
2017-11-30T10:12:03Z DEBUG Starting external process
2017-11-30T10:12:03Z DEBUG args=/usr/bin/kinit admin@MYDOMAIN -c 
/tmp/krbcct8vze36h/ccache
2017-11-30T10:12:03Z DEBUG Process finished, return code=0
2017-11-30T10:12:03Z DEBUG stdout=Password for admin@MYDOMAIN:

2017-11-30T10:12:03Z DEBUG stderr=
2017-11-30T10:12:03Z DEBUG trying to retrieve CA cert via LDAP from 
ipaserver.mydomain
2017-11-30T10:12:03Z DEBUG retrieving schema for SchemaCache 
url=ldap://ipaserver.mydomain:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 
0x7f20e73c5b70>
2017-11-30T10:12:03Z INFO Successfully retrieved CA cert
     Subject:     CN=Certificate Authority,O=MYDOMAIN
     Issuer:      CN=Certificate Authority,O=MYDOMAIN
     Valid From:  2015-09-11 08:02:12
     Valid Until: 2035-09-11 08:02:12

2017-11-30T10:12:03Z DEBUG Starting external process
2017-11-30T10:12:03Z DEBUG args=/usr/sbin/ipa-join -s ipaserver.mydomain -b 
dc=mydomain -h ipaclient.mydomain
2017-11-30T10:12:03Z DEBUG Process finished, return code=17
2017-11-30T10:12:03Z DEBUG stdout=
2017-11-30T10:12:03Z DEBUG stderr=HTTP POST to URL 
'https://ipaserver.mydomain:443/ipa/xml' failed.  HTTP response code is 401, 
not 200

2017-11-30T10:12:03Z ERROR Joining realm failed: HTTP POST to URL 
'https://ipaserver.mydomain:443/ipa/xml' failed.  HTTP response code is 401, 
not 200

2017-11-30T10:12:03Z ERROR Installation failed. Rolling back changes.
2017-11-30T10:12:03Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-11-30T10:12:03Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:03Z DEBUG Starting external process
2017-11-30T10:12:03Z DEBUG args=ipa-client-automount --uninstall --debug
2017-11-30T10:12:04Z DEBUG Process finished, return code=1
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=IPA client is not configured on this system

2017-11-30T10:12:04Z ERROR Unconfigured automount client failed: Command 
'ipa-client-automount --uninstall --debug' returned non-zero exit status 1.
2017-11-30T10:12:04Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-11-30T10:12:04Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n Local 
IPA host -a -f /etc/ipa/nssdb/pwdfile.txt
2017-11-30T10:12:04Z DEBUG Process finished, return code=255
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=certutil: function failed: 
SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, 
unsupported format.

2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/usr/bin/certutil -d /etc/pki/nssdb -L -n IPA 
Machine Certificate - ipaclient.mydomain -a -f /etc/pki/nssdb/pwdfile.txt
2017-11-30T10:12:04Z DEBUG Process finished, return code=255
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=certutil: Could not find cert: IPA Machine 
Certificate - ipaclient.mydomain
: PR_FILE_NOT_FOUND_ERROR: File not found

2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/bin/systemctl start certmonger.service
2017-11-30T10:12:04Z DEBUG Process finished, return code=0
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=
2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/bin/systemctl is-active certmonger.service
2017-11-30T10:12:04Z DEBUG Process finished, return code=0
2017-11-30T10:12:04Z DEBUG stdout=active

2017-11-30T10:12:04Z DEBUG stderr=
2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/bin/systemctl stop certmonger.service
2017-11-30T10:12:04Z DEBUG Process finished, return code=0
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=
2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/bin/systemctl disable certmonger.service
2017-11-30T10:12:04Z DEBUG Process finished, return code=0
2017-11-30T10:12:04Z DEBUG stdout=
2017-11-30T10:12:04Z DEBUG stderr=
2017-11-30T10:12:04Z INFO Disabling client Kerberos and LDAP configurations
2017-11-30T10:12:04Z DEBUG Starting external process
2017-11-30T10:12:04Z DEBUG args=/usr/sbin/authconfig --disableldap 
--disablekrb5 --disablesssdauth --disablemkhomedir --update
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=
2017-11-30T10:12:05Z DEBUG stderr=
2017-11-30T10:12:05Z DEBUG Error while moving /etc/sssd/sssd.conf to 
/etc/sssd/sssd.conf.deleted
2017-11-30T10:12:05Z INFO Redundant SSSD configuration file /etc/sssd/sssd.conf 
was moved to /etc/sssd/sssd.conf.deleted
2017-11-30T10:12:05Z DEBUG Starting external process
2017-11-30T10:12:05Z DEBUG args=/bin/systemctl stop sssd.service
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=
2017-11-30T10:12:05Z DEBUG stderr=
2017-11-30T10:12:05Z DEBUG Starting external process
2017-11-30T10:12:05Z DEBUG args=/bin/systemctl disable sssd.service
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=
2017-11-30T10:12:05Z DEBUG stderr=Removed 
/etc/systemd/system/multi-user.target.wants/sssd.service.

2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z DEBUG Starting external process
2017-11-30T10:12:05Z DEBUG args=/bin/systemctl disable fedora-domainname.service
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=
2017-11-30T10:12:05Z DEBUG stderr=
2017-11-30T10:12:05Z DEBUG Starting external process
2017-11-30T10:12:05Z DEBUG args=/bin/systemctl list-unit-files --full
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=UNIT FILE                                   
STATE
proc-sys-fs-binfmt_misc.automount           static
-.mount                                     generated
boot.mount                                  generated
dev-hugepages.mount                         static
dev-mqueue.mount                            static
home.mount                                  generated
proc-fs-nfsd.mount                          static
proc-sys-fs-binfmt_misc.mount               static
sys-fs-fuse-connections.mount               static
sys-kernel-config.mount                     static
sys-kernel-debug.mount                      static
tmp.mount                                   static
var-lib-nfs-rpc_pipefs.mount                static
cups.path                                   enabled
systemd-ask-password-console.path           static
systemd-ask-password-plymouth.path          static
systemd-ask-password-wall.path              static
session-2.scope                             transient
abrt-ccpp.service                           disabled
abrt-journal-core.service                   enabled
abrt-oops.service                           enabled
abrt-pstoreoops.service                     disabled
abrt-vmcore.service                         enabled
abrt-xorg.service                           enabled
abrtd.service                               enabled
accounts-daemon.service                     enabled
alsa-restore.service                        static
alsa-state.service                          static
anaconda-direct.service                     static
anaconda-nm-config.service                  static
anaconda-noshell.service                    static
anaconda-pre.service                        static
anaconda-shell@.service                     static
anaconda-sshd.service                       static
anaconda-tmux@.service                      static
anaconda.service                            static
arp-ethers.service                          disabled
auditd.service                              enabled
auth-rpcgss-module.service                  static
autofs.service                              disabled
autovt@.service                             enabled
avahi-daemon.service                        enabled
blk-availability.service                    disabled
bluetooth.service                           enabled
brltty.service                              disabled
btattach-bcm@.service                       static
canberra-system-bootup.service              disabled
canberra-system-shutdown-reboot.service     disabled
canberra-system-shutdown.service            disabled
certmonger.service                          disabled
chrony-dnssrv@.service                      static
chrony-wait.service                         disabled
chronyd.service                             enabled
clean-mount-point@.service                  static
colord.service                              static
configure-printer@.service                  static
console-getty.service                       disabled
container-getty@.service                    static
crond.service                               enabled
cups-browsed.service                        disabled
cups.service                                disabled
dbus-org.bluez.service                      enabled
dbus-org.fedoraproject.FirewallD1.service   enabled
dbus-org.freedesktop.Avahi.service          enabled
dbus-org.freedesktop.hostname1.service      static
dbus-org.freedesktop.locale1.service        static
dbus-org.freedesktop.login1.service         static
dbus-org.freedesktop.ModemManager1.service  enabled
dbus-org.freedesktop.network1.service       enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service  enabled
dbus-org.freedesktop.resolve1.service       enabled
dbus-org.freedesktop.timedate1.service      enabled
dbus.service                                static
dbxtool.service                             enabled
debug-shell.service                         disabled
display-manager.service                     enabled
dm-event.service                            disabled
dmraid-activation.service                   enabled
dnf-makecache.service                       static
dnfdaemon.service                           static
dnsmasq.service                             disabled
dracut-cmdline.service                      static
dracut-initqueue.service                    static
dracut-mount.service                        static
dracut-pre-mount.service                    static
dracut-pre-pivot.service                    static
dracut-pre-trigger.service                  static
dracut-pre-udev.service                     static
dracut-shutdown.service                     static
ebtables.service                            disabled
emergency.service                           static
fcoe.service                                disabled
fedora-domainname.service                   disabled
fedora-import-state.service                 enabled
fedora-loadmodules.service                  disabled
fedora-readonly.service                     enabled
firewalld.service                           enabled
fprintd.service                             static
fstrim.service                              static
geoclue.service                             static
getty@.service                              enabled
gssproxy.service                            disabled
halt-local.service                          static
hypervfcopyd.service                        static
hypervkvpd.service                          static
hypervvssd.service                          static
initial-setup-reconfiguration.service       disabled
initial-setup.service                       disabled
initrd-cleanup.service                      static
initrd-parse-etc.service                    static
initrd-switch-root.service                  static
initrd-udevadm-cleanup-db.service           static
instperf.service                            static
iodine-client.service                       disabled
ipsec.service                               disabled
irqbalance.service                          enabled
iscsi-shutdown.service                      static
iscsi.service                               enabled
iscsid.service                              disabled
iscsiuio.service                            disabled
kdump.service                               disabled
kmod-static-nodes.service                   static
ldconfig.service                            static
lightdm.service                             enabled
livesys-late.service                        generated
livesys.service                             generated
lldpad.service                              disabled
lvm2-lvmetad.service                        disabled
lvm2-lvmpolld.service                       disabled
lvm2-monitor.service                        enabled
lvm2-pvscan@.service                        static
mcelog.service                              enabled
mdadm-grow-continue@.service                static
mdadm-last-resort@.service                  static
mdmon@.service                              static
mdmonitor.service                           enabled
messagebus.service                          static
mlocate-updatedb.service                    static
ModemManager.service                        enabled
multipathd.service                          enabled
netconsole.service                          generated
network.service                             generated
NetworkManager-dispatcher.service           enabled
NetworkManager-wait-online.service          enabled
NetworkManager.service                      enabled
nfs-blkmap.service                          disabled
nfs-config.service                          static
nfs-idmap.service                           static
nfs-idmapd.service                          static
nfs-lock.service                            static
nfs-mountd.service                          static
nfs-secure.service                          static
nfs-server.service                          disabled
nfs-utils.service                           static
nfs.service                                 disabled
nscd.service                                enabled
nslcd.service                               enabled
ntpd.service                                disabled
oddjobd.service                             disabled
openvpn-client@.service                     disabled
openvpn-server@.service                     disabled
plymouth-halt.service                       static
plymouth-kexec.service                      static
plymouth-poweroff.service                   static
plymouth-quit-wait.service                  static
plymouth-quit.service                       static
plymouth-read-write.service                 static
plymouth-reboot.service                     static
plymouth-start.service                      static
plymouth-switch-root.service                static
polkit.service                              static
powerline.service                           disabled
pppoe-server.service                        disabled
psacct.service                              disabled
qemu-guest-agent.service                    static
quotaon.service                             static
rc-local.service                            static
rdisc.service                               disabled
realmd.service                              static
rescue.service                              static
rngd.service                                enabled
rpc-gssd.service                            static
rpc-statd-notify.service                    static
rpc-statd.service                           static
rpcbind.service                             disabled
rsyslog.service                             enabled
rtkit-daemon.service                        enabled
selinux-autorelabel-mark.service            static
selinux-autorelabel.service                 static
serial-getty@.service                       disabled
smartd.service                              enabled
speech-dispatcherd.service                  disabled
spice-vdagentd.service                      enabled
sshd-keygen@.service                        disabled
sshd.service                                enabled
sshd@.service                               static
sssd-autofs.service                         indirect
sssd-kcm.service                            indirect
sssd-nss.service                            indirect
sssd-pac.service                            indirect
sssd-pam.service                            indirect
sssd-secrets.service                        indirect
sssd-ssh.service                            indirect
sssd-sudo.service                           indirect
sssd.service                                disabled
syslog.service                              enabled
system-update-cleanup.service               static
systemd-ask-password-console.service        static
systemd-ask-password-plymouth.service       static
systemd-ask-password-wall.service           static
systemd-backlight@.service                  static
systemd-binfmt.service                      static
systemd-bootchart.service                   disabled
systemd-coredump@.service                   static
systemd-exit.service                        static
systemd-firstboot.service                   static
systemd-fsck-root.service                   enabled-runtime
systemd-fsck@.service                       static
systemd-halt.service                        static
systemd-hibernate-resume@.service           static
systemd-hibernate.service                   static
systemd-hostnamed.service                   static
systemd-hwdb-update.service                 static
systemd-hybrid-sleep.service                static
systemd-initctl.service                     static
systemd-journal-catalog-update.service      static
systemd-journal-flush.service               static
systemd-journald.service                    static
systemd-kexec.service                       static
systemd-localed.service                     static
systemd-logind.service                      static
systemd-machine-id-commit.service           static
systemd-modules-load.service                static
systemd-networkd-wait-online.service        disabled
systemd-networkd.service                    enabled
systemd-poweroff.service                    static
systemd-quotacheck.service                  static
systemd-random-seed.service                 static
systemd-reboot.service                      static
systemd-remount-fs.service                  static
systemd-resolved.service                    enabled
systemd-rfkill.service                      static
systemd-suspend.service                     static
systemd-sysctl.service                      static
systemd-sysusers.service                    static
systemd-timedated.service                   masked
systemd-timesyncd.service                   disabled
systemd-tmpfiles-clean.service              static
systemd-tmpfiles-setup-dev.service          static
systemd-tmpfiles-setup.service              static
systemd-udev-settle.service                 static
systemd-udev-trigger.service                static
systemd-udevd.service                       static
systemd-update-done.service                 static
systemd-update-utmp-runlevel.service        static
systemd-update-utmp.service                 static
systemd-user-sessions.service               static
systemd-vconsole-setup.service              static
systemd-volatile-root.service               static
tcsd.service                                disabled
teamd@.service                              static
timedatex.service                           enabled
udisks2.service                             enabled
unbound-anchor.service                      static
upower.service                              disabled
usb_modeswitch@.service                     static
usbmuxd.service                             static
user@.service                               static
vboxadd-service.service                     enabled
vboxadd.service                             enabled
vgauthd.service                             enabled
vmtoolsd.service                            enabled
wacom-inputattach@.service                  static
wpa_supplicant.service                      disabled
xl2tpd.service                              disabled
zram.service                                static
system.slice                                static
user-0.slice                                transient
user.slice                                  static
avahi-daemon.socket                         enabled
cups.socket                                 enabled
dbus.socket                                 static
dm-event.socket                             enabled
iscsid.socket                               enabled
iscsiuio.socket                             enabled
lldpad.socket                               disabled
lvm2-lvmetad.socket                         enabled
lvm2-lvmpolld.socket                        enabled
multipathd.socket                           static
nscd.socket                                 enabled
rpcbind.socket                              disabled
sshd.socket                                 disabled
sssd-autofs.socket                          disabled
sssd-kcm.socket                             enabled
sssd-nss.socket                             disabled
sssd-pac.socket                             disabled
sssd-pam-priv.socket                        disabled
sssd-pam.socket                             disabled
sssd-secrets.socket                         enabled
sssd-ssh.socket                             disabled
sssd-sudo.socket                            disabled
syslog.socket                               static
systemd-coredump.socket                     static
systemd-initctl.socket                      static
systemd-journald-audit.socket               static
systemd-journald-dev-log.socket             static
systemd-journald.socket                     static
systemd-networkd.socket                     disabled
systemd-rfkill.socket                       static
systemd-udevd-control.socket                static
systemd-udevd-kernel.socket                 static
dev-mapper-fedora00\x2dswap.swap            generated
anaconda.target                             static
basic.target                                static
bluetooth.target                            static
cryptsetup-pre.target                       static
cryptsetup.target                           static
ctrl-alt-del.target                         disabled
default.target                              enabled
emergency.target                            static
exit.target                                 disabled
final.target                                static
getty.target                                static
graphical.target                            enabled
halt.target                                 disabled
hibernate.target                            static
hybrid-sleep.target                         static
initrd-fs.target                            static
initrd-root-device.target                   static
initrd-root-fs.target                       static
initrd-switch-root.target                   static
initrd.target                               static
kexec.target                                disabled
local-fs-pre.target                         static
local-fs.target                             static
multi-user.target                           static
network-online.target                       static
network-pre.target                          static
network.target                              static
nfs-client.target                           enabled
nss-lookup.target                           static
nss-user-lookup.target                      static
paths.target                                static
poweroff.target                             disabled
printer.target                              static
reboot.target                               disabled
remote-cryptsetup.target                    disabled
remote-fs-pre.target                        static
remote-fs.target                            enabled
rescue.target                               disabled
rpc_pipefs.target                           static
rpcbind.target                              static
runlevel0.target                            disabled
runlevel1.target                            disabled
runlevel2.target                            static
runlevel3.target                            static
runlevel4.target                            static
runlevel5.target                            enabled
runlevel6.target                            disabled
selinux-autorelabel.target                  static
shutdown.target                             static
sigpwr.target                               static
sleep.target                                static
slices.target                               static
smartcard.target                            static
sockets.target                              static
sound.target                                static
spice-vdagentd.target                       static
sshd-keygen.target                          static
suspend.target                              static
swap.target                                 static
sysinit.target                              static
system-update.target                        static
time-sync.target                            static
timers.target                               static
umount.target                               static
chrony-dnssrv@.timer                        disabled
dnf-makecache.timer                         enabled
fstrim.timer                                disabled
mdadm-last-resort@.timer                    static
mlocate-updatedb.timer                      enabled
systemd-tmpfiles-clean.timer                static
unbound-anchor.timer                        enabled

384 unit files listed.

2017-11-30T10:12:05Z DEBUG stderr=
2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z DEBUG Starting external process
2017-11-30T10:12:05Z DEBUG args=/bin/systemctl list-unit-files --full
2017-11-30T10:12:05Z DEBUG Process finished, return code=0
2017-11-30T10:12:05Z DEBUG stdout=UNIT FILE                                   
STATE
proc-sys-fs-binfmt_misc.automount           static
-.mount                                     generated
boot.mount                                  generated
dev-hugepages.mount                         static
dev-mqueue.mount                            static
home.mount                                  generated
proc-fs-nfsd.mount                          static
proc-sys-fs-binfmt_misc.mount               static
sys-fs-fuse-connections.mount               static
sys-kernel-config.mount                     static
sys-kernel-debug.mount                      static
tmp.mount                                   static
var-lib-nfs-rpc_pipefs.mount                static
cups.path                                   enabled
systemd-ask-password-console.path           static
systemd-ask-password-plymouth.path          static
systemd-ask-password-wall.path              static
session-2.scope                             transient
abrt-ccpp.service                           disabled
abrt-journal-core.service                   enabled
abrt-oops.service                           enabled
abrt-pstoreoops.service                     disabled
abrt-vmcore.service                         enabled
abrt-xorg.service                           enabled
abrtd.service                               enabled
accounts-daemon.service                     enabled
alsa-restore.service                        static
alsa-state.service                          static
anaconda-direct.service                     static
anaconda-nm-config.service                  static
anaconda-noshell.service                    static
anaconda-pre.service                        static
anaconda-shell@.service                     static
anaconda-sshd.service                       static
anaconda-tmux@.service                      static
anaconda.service                            static
arp-ethers.service                          disabled
auditd.service                              enabled
auth-rpcgss-module.service                  static
autofs.service                              disabled
autovt@.service                             enabled
avahi-daemon.service                        enabled
blk-availability.service                    disabled
[...]
384 unit files listed.

2017-11-30T10:12:05Z DEBUG stderr=
2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2017-11-30T10:12:05Z INFO Client uninstall complete.
2017-11-30T10:12:05Z DEBUG   File 
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 174, in execute
     return_value = self.run()
   File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 336, 
in run
     cfgr.run()
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 364, 
in run
     self.execute()
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 388, 
in execute
     for _nothing in self._executor():
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 430, 
in __runner
     exc_handler(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 459, 
in _handle_execute_exception
     self._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, 
in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 420, 
in __runner
     step()
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 417, in 
<lambda>
     step = lambda: next(self.__gen)
   File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 654, 
in _configure
     next(executor)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 430, 
in __runner
     exc_handler(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 459, 
in _handle_execute_exception
     self._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 517, 
in _handle_exception
     self.__parent._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, 
in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 654, 
in _configure
     next(executor)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 430, 
in __runner
     exc_handler(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 459, 
in _handle_execute_exception
     self._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 517, 
in _handle_exception
     self.__parent._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, 
in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 514, 
in _handle_exception
     super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 449, 
in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 420, 
in __runner
     step()
   File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 417, in 
<lambda>
     step = lambda: next(self.__gen)
   File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, 
in run_generator_with_yield_from
     six.reraise(*exc_info)
   File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
     raise value
   File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, 
in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 
66, in _install
     for _nothing in self._installer(self.parent):
   File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 
3624, in main
     install(self)
   File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 
2346, in install
     _install(options)
   File "/usr/lib/python3.6/site-packages/ipaclient/install/client.py", line 
2568, in _install
     raise ScriptError(rval=CLIENT_INSTALL_ERROR)

2017-11-30T10:12:05Z DEBUG The ipa-client-install command failed, exception: 
ScriptError:
2017-11-30T10:12:05Z ERROR The ipa-client-install command failed. See 
/var/log/ipaclient-install.log for more information
(END)
---------
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Hi,

1/ did you sanitize your logs and replace your real domain name with "mydomain"? If you are really using "mydomain" then this may be an issue as FreeIPA does not support single-level domain names (this requirement is enforced by the server installer since a recent bugfix [1]).

2/ the error happens during a call to ipa-join. The interesting logs will be on the server in /var/logs/httpd/error_logs. You can retry ipa-client-install after enabling debug logs on the server:
- create a file /etc/ipa/server.conf with the following content
[global]
debug=True
- restart httpd service with systemctl restart httpd

The logs will be around the lines containing
[date] [:error] [pid xx] ipa: DEBUG: raw: join(u'client.domain.com', nshardwareplatform=u'x86_64', nsosversion=u'3.10.0-693.5.2.el7.x86_64', version=u'2.51')
...

Flo

[1] https://pagure.io/freeipa/issue/7207
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to