On 03/25/2015 07:46 AM, Yogesh Sharma wrote: > Hi, > > We are getting below error while we are installing IPA Server > (ipa-server-install --no-ntp). > > > ** > *Configuration of client side components failed!* > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > --on-master --unattended --domain sd.int <http://sd.int> --server > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* > > **Logs indicate below errors: > > *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> -ZZ -x -D > cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn > uid=admin,cn=users,cn=accounts,dc=sd,dc=int* > *2015-03-25T06:39:59Z DEBUG stdout=* > *2015-03-25T06:39:59Z DEBUG stderr=* > *2015-03-25T06:39:59Z DEBUG ldappasswd done* > *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master > --unattended --domain sd.int <http://sd.int> --server > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > <http://ldap-inf-stg-sg1-01.sd.int>* > *2015-03-25T06:40:10Z DEBUG stdout=* > *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> is an IPA > Server.* > *This may mean that the remote server is not up or is not reachable due to > network or firewall settings.* > *Please make sure the following ports are opened in the firewall settings:* > * TCP: 80, 88, 389* > * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* > *Also note that following ports are necessary for ipa-client working > properly after enrollment:* > * TCP: 464* > * UDP: 464, 123 (if NTP enabled)* > *Installation failed. Rolling back changes.* > *Unconfigured automount client failed: Command 'ipa-client-automount > --uninstall --debug' returned non-zero exit status 1* > *Removing Kerberos service principals from /etc/krb5.keytab* > *Disabling client Kerberos and LDAP configurations* > *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to > /etc/sssd/sssd.conf.deleted* > *nscd daemon is not installed, skip configuration* > *nslcd daemon is not installed, skip configuration* > *Client uninstall complete.* > > *2015-03-25T06:40:10Z INFO File > "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line > 614, in run_script* > * return_value = main_function()* > > * File "/usr/sbin/ipa-server-install", line 1103, in main* > * sys.exit("Configuration of client side components > failed!\nipa-client-install returned: " + str(e))* > > *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, > exception: SystemExit: Configuration of client side components failed!* > *ipa-client-install returned: Command '/usr/sbin/ipa-client-install > --on-master --unattended --domain sd.int <http://sd.int> --server > ldap-inf-stg-sg1-01.sd.int <http://ldap-inf-stg-sg1-01.sd.int> --realm > SD.INT <http://SD.INT> --hostname ldap-inf-stg-sg1-01.sd.int > <http://ldap-inf-stg-sg1-01.sd.int>' returned non-zero exit status 1* > > ** > > > This server is on AWS and I can confirm that all above ports are opened. > Also as it is installing on same server where IPA Server is being > installed, Port should not be an issue. > > Am I missing anything here.
Please also share ipaclient-install.log, it should show what is the exact problem in the client component installation. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
