Florence,Thanks yeah I was able to telnet to port 389.  It was the TTL of the 
DNS records.  It finally flushed and worked.
Cheers! 

    On Tuesday, March 6, 2018 3:34 PM, Florence Blanc-Renaud via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
> I am trying to add another client in my main location and getting the 
> following information:
> [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net 
> --realm=stl1.example.net --mkhomedir --enable-dns-updates
> Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> Provide your IPA server name (ex: ipa.example.com): ^CThe 
> ipa-client-install command failed. See /var/log/ipaclient-install.log 
> for more information
> [user@freeipa01 ipa]$
> 
> 
> [user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net 
> --realm=example.net --mkhomedir --enable-dns-updates
> Skip infra-test-ipa.example.net: cannot verify if this is an IPA server
> Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server
> Skip freeipa03.east.example.net: cannot verify if this is an IPA server
> Skip freeipa01.east.example.net: cannot verify if this is an IPA server
> Provide your IPA server name (ex: ipa.example.com): ^CThe 
> ipa-client-install command failed. See /var/log/ipaclient-install.log 
> for more information
> [user@freeipa01 ~]$
> 
> I have checked my /etc/resolv.conf and made sure that they are pointed 
> at the current local FreeIPA nameservers/resolvers.
> 
> Here is the output /var/log/ipaclient-install.log
> 
> [user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log
> 2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log
> 2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments 
> [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': 
> False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 
> 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 
> 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 
> 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 
> 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 
> 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 
> 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 
> 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 
> 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': 
> None, 'unattended': False, 'quiet': False, 'nisdomain': None, 
> 'prompt_password': False, 'host_name': None, 'permit': False, 
> 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 
> 'log_file': None, 'uninstall': False}
> 2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos
> 2018-03-06T20:29:32Z DEBUG Loading Index file from 
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=1
> 2018-03-06T20:29:32Z DEBUG stdout=
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=1
> 2018-03-06T20:29:32Z DEBUG stdout=disabled
> 
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=3
> 2018-03-06T20:29:32Z DEBUG stdout=unknown
> 
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:37Z DEBUG [IPA Discovery]
> 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with 
> domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
> _ldap._tcp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
> 2018-03-06T20:29:37Z DEBUG Kerberos realm forced
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
> _kerberos._udp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [LDAP server check]
> 2018-03-06T20:29:37Z DEBUG Verifying that 
> infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is 
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
> ldap://infra-test-ipa.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
> 'ldap://infra-test-ipa.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip 
> infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Verifying that 
> infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is 
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
> ldap://infra-test-ipa2.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
> 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip 
> infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; 
> server=None, domain=stl1.example.net, 
> kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net,
>  
> basedn=None
> 2018-03-06T20:29:37Z DEBUG Validated servers:
> 2018-03-06T20:29:37Z DEBUG No LDAP server found
> 2018-03-06T20:29:37Z DEBUG [IPA Discovery]
> 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with 
> domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
> _ldap._tcp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
> 2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of 
> _kerberos.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
> _kerberos._udp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [LDAP server check]
> 2018-03-06T20:29:37Z DEBUG Verifying that 
> infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is 
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
> ldap://infra-test-ipa.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
> 'ldap://infra-test-ipa.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip 
> infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Verifying that 
> infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is 
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
> ldap://infra-test-ipa2.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
> 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip 
> infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; 
> server=None, domain=stl1.example.net, 
> kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net,
>  
> basedn=None
> 2018-03-06T20:29:37Z DEBUG Validated servers:
> 2018-03-06T20:29:37Z DEBUG IPA Server not found
> 2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server
> 2018-03-06T20:29:44Z DEBUG   File 
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in 
> execute
>      return_value = self.run()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", 
> line 333, in run
>      cfgr.run()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 366, in run
>      self.validate()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 375, in validate
>      for _nothing in self._validator():
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 434, in __runner
>      exc_handler(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 458, in _handle_validate_exception
>      self._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 453, in _handle_exception
>      six.reraise(*exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 424, in __runner
>      step()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 421, in <lambda>
>      step = lambda: next(self.__gen)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
> line 81, in run_generator_with_yield_from
>      six.reraise(*exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
> line 59, in run_generator_with_yield_from
>      value = gen.send(prev_value)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 636, in _configure
>      next(validator)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 434, in __runner
>      exc_handler(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 458, in _handle_validate_exception
>      self._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 521, in _handle_exception
>      self.__parent._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 453, in _handle_exception
>      six.reraise(*exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 518, in _handle_exception
>      super(ComponentBase, self)._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 453, in _handle_exception
>      six.reraise(*exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 424, in __runner
>      step()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
> line 421, in <lambda>
>      step = lambda: next(self.__gen)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
> line 81, in run_generator_with_yield_from
>      six.reraise(*exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
> line 59, in run_generator_with_yield_from
>      value = gen.send(prev_value)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", 
> line 63, in _install
>      for _nothing in self._installer(self.parent):
>    File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", 
> line 3619, in main
>      install_check(self)
>    File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", 
> line 2158, in install_check
>      allow_empty=False)
>    File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 
> 901, in user_input
>      ret = input("%s: " % prompt)
> 
> 2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, 
> exception: KeyboardInterrupt:
> 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See 
> /var/log/ipaclient-install.log for more information
> [user@freeipa01 ~]$
> 
> I did have a realm for stl1.example.net but removed that and the DNS 
> zone.  I have other servers that are freeipa01.$location.exmaple.net 
> that joined just fine.
> 
> Am I doing something wrong?
> 
Hi Andrew,

first of all, the realm is usually in uppercase. If you are not sure of 
the realm and domain that you need to provide to the client installer, 
you can check the values in the file /etc/ipa/default.conf that is 
stored in the IPA master.

In your case, the client installer is unable to access the ldap servers 
(port 389), did you check that your firewall is not blocking this port? 
You can find the list of required ports [1] in Linux Domain Identity, 
Authentication, and Policy Guide.

HTH,
Flo

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/installing-ipa#prereq-ports
> 
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to