On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
I am trying to add another client in my main location and getting the following information: [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net --realm=stl1.example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
[user@freeipa01 ipa]$


[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net --realm=example.net --mkhomedir --enable-dns-updates
Skip infra-test-ipa.example.net: cannot verify if this is an IPA server
Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server
Skip freeipa03.east.example.net: cannot verify if this is an IPA server
Skip freeipa01.east.example.net: cannot verify if this is an IPA server
Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
[user@freeipa01 ~]$

I have checked my /etc/resolv.conf and made sure that they are pointed at the current local FreeIPA nameservers/resolvers.

Here is the output /var/log/ipaclient-install.log

[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False}
2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos
2018-03-06T20:29:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=disabled

2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=3
2018-03-06T20:29:32Z DEBUG stdout=unknown

2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Kerberos realm forced
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG No LDAP server found
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of _kerberos.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG IPA Server not found
2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server
2018-03-06T20:29:44Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
     return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
     cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run
     self.validate()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate
     for _nothing in self._validator():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
     exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception
     self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
     six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
     step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
     step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
     six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
     value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure
     next(validator)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
     exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception
     self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception
     self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
     six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
     super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
     six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
     step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
     step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
     six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
     value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
     for _nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3619, in main
     install_check(self)
  File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2158, in install_check
     allow_empty=False)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 901, in user_input
     ret = input("%s: " % prompt)

2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, exception: KeyboardInterrupt: 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
[user@freeipa01 ~]$

I did have a realm for stl1.example.net but removed that and the DNS zone.  I have other servers that are freeipa01.$location.exmaple.net that joined just fine.

Am I doing something wrong?

Hi Andrew,

first of all, the realm is usually in uppercase. If you are not sure of the realm and domain that you need to provide to the client installer, you can check the values in the file /etc/ipa/default.conf that is stored in the IPA master.

In your case, the client installer is unable to access the ldap servers (port 389), did you check that your firewall is not blocking this port? You can find the list of required ports [1] in Linux Domain Identity, Authentication, and Policy Guide.

HTH,
Flo

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/installing-ipa#prereq-ports

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to