keyutils is already installed but /bin/keyctl was 0 length (!). Anyway I reinstalled keyutils and then ran the ipa-server-install again, and this time it completed without error.
Thanks very much, Martin and Dmitri! thx anthony On Wed, Mar 25, 2015 at 5:34 AM, Martin Kosek <[email protected]> wrote: > On 03/25/2015 04:11 AM, Dmitri Pal wrote: > > On 03/24/2015 09:17 PM, Anthony Lanni wrote: > >> While running ipa-server-install, it's failing out at the end with an > error > >> regarding the client install on the server. This happens regardless of > how I > >> input the options, but here's the latest command: > >> > >> ipa-server-install --setup-dns -N --idstart=1000 -r EXAMPLE.COM > >> <http://EXAMPLE.COM> -n example.com <http://example.com> -p passwd1 -a > >> passwd2 --hostname=ldap-server-01.example.com > >> <http://ldap-server-01.example.com> --forwarder=10.0.1.20 > >> --forwarder=10.0.1.21 --reverse-zone=1.0.10.in-addr.arpa. -d > >> > >> Runs through the entire setup and gives me this: > >> > >> [...] > >> ipa : DEBUG args=/usr/sbin/ipa-client-install --on-master > >> --unattended --domain example.com <http://example.com> --server > >> ldap-server-01.example.com <http://ldap-server-01.example.com> --realm > >> EXAMPLE.COM <http://EXAMPLE.COM> --hostname ldap-server-01.example.com > >> <http://ldap-server-01.example.com> > >> ipa : DEBUG stdout= > >> > >> ipa : DEBUG stderr=Hostname: ldap-server-01.example.com > >> <http://ldap-server-01.example.com> > >> Realm: EXAMPLE.COM <http://EXAMPLE.COM> > >> DNS Domain: example.com <http://example.com> > >> IPA Server: ldap-server-01.example.com < > http://ldap-server-01.example.com> > >> BaseDN: dc=example,dc=com > >> New SSSD config will be created > >> Configured /etc/sssd/sssd.conf > >> Traceback (most recent call last): > >> File "/usr/sbin/ipa-client-install", line 2377, in <module> > >> sys.exit(main()) > >> File "/usr/sbin/ipa-client-install", line 2363, in main > >> rval = install(options, env, fstore, statestore) > >> File "/usr/sbin/ipa-client-install", line 2135, in install > >> delete_persistent_client_session_data(host_principal) > >> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in > >> delete_persistent_client_session_data > >> kernel_keyring.del_key(keyname) > >> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", > line > >> 99, in del_key > >> real_key = get_real_key(key) > >> File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", > line > >> 45, in get_real_key > >> (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, > key], > >> raiseonerr=False) > > > > Is keyctl installed? Can you run it manually? > > Any SELinux denials? > > You are likely hitting > https://fedorahosted.org/freeipa/ticket/3808 > > Please try installing keyutils before running ipa-server-install. It is > fixed > in RHEL-7, I filed us a RHEL-6 ticket, to fix it in this platform also: > https://bugzilla.redhat.com/show_bug.cgi?id=1205660 > > Martin > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
