[Freeipa-users] Configuration of client side components failed!
So i have been looking around for a solution for this issue for a few days now and have had no luck. I know in older versions of freeipa this was a issue but i think i should be using the most updated version. (Please note that my company's name is withheld) During the ipa-server-install it fails with: Restarting the web server Configuration of client side components failed! ipa-client-install returned: Command ''/usr/sbin/ipa-client-install' '--on-master' '--unattended' '--domain' 'withheld.com' '--server' '###-#-centos7.withheld.com' '--realm' 'withheld.COM' '--hostname' '-#-centos7.withheld.com'' returned non-zero exit status 1 here is the yum ipa-server package i am using: # yum info ipa-server Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile * base: mirrors.usinternet.com * extras: mirror.oss.ou.edu * updates: mirrors.gigenet.com Installed Packages Name: ipa-server Arch: x86_64 Version : 4.1.0 Release : 18.el7.centos.3 Size: 4.2 M Repo: installed From repo : updates Summary : The IPA authentication server URL : http://www.freeipa.org/ License : GPLv3+ Description : IPA is an integrated solution to provide centrally managed Identity (machine, : user, virtual machines, groups, authentication credentials), Policy : (configuration settings, access control information) and Audit (events, : logs, analysis thereof). If you are installing an IPA server you need : to install this package (in other words, most people should NOT install : this package). here is the yum ipa-client package i am using: # yum info ipa-client Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile * base: mirrors.usinternet.com * extras: mirror.oss.ou.edu * updates: mirrors.gigenet.com Installed Packages Name: ipa-client Arch: x86_64 Version : 4.1.0 Release : 18.el7.centos.3 Size: 440 k Repo: installed From repo : updates Summary : IPA authentication for use on clients URL : http://www.freeipa.org/ License : GPLv3+ Description : IPA is an integrated solution to provide centrally managed Identity (machine, : user, virtual machines, groups, authentication credentials), Policy : (configuration settings, access control information) and Audit (events, : logs, analysis thereof). If your network uses IPA for authentication, : this package should be installed on every client machine. here is the /var/log/ipaserver-install.log: 2015-05-08T17:47:16Z DEBUG stderr=Using existing certificate '/etc/ipa/ca.crt'. Hostname: ###--centos7.withheld.com Realm: withheld.COM DNS Domain: withheld.com IPA Server: -#-centos7.withheld.com BaseDN: dc=,dc= Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://-#-centos7.withheld.com/ipa/json Forwarding 'ping' to json server 'https:// ###-#-centos7.withheld.com/ipa/json' Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 2925, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 2906, in main rval = install(options, env, fstore, statestore) File /usr/sbin/ipa-client-install, line 2609, in install api.Backend.rpcclient.forward('ping') File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 883, in forward return self._call_command(command, params) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 860, in _call_command return command(*params) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 1011, in _call return self.__request(name, args) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 980, in __request verbose=self.__verbose = 3, File /usr/lib64/python2.7/xmlrpclib.py, line 1228, in request h = self.make_connection(host) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 484, in make_connection if self._connection and host == self._connection[0]: AttributeError: KerbTransport instance has no attribute '_connection' 2015-05-08T17:47:16Z DEBUG File /usr/lib/python2.7/site-packages/ipaserver/install/installutils.py, line 646, in run_script return_value = main_function() File /usr/sbin/ipa-server-install, line 1292, in main sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e)) please let me know of any thing i can give to help fix the issue Thanks Jacob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed!
On 05/08/2015 02:06 PM, Linux Shell wrote: So i have been looking around for a solution for this issue for a few days now and have had no luck. I know in older versions of freeipa this was a issue but i think i should be using the most updated version. (Please note that my company's name is withheld) During the ipa-server-install it fails with: Restarting the web server Configuration of client side components failed! ipa-client-install returned: Command ''/usr/sbin/ipa-client-install' '--on-master' '--unattended' '--domain' 'withheld.com' '--server' '###-#-centos7.withheld.com' '--realm' 'withheld.COM' '--hostname' '-#-centos7.withheld.com'' returned non-zero exit status 1 here is the yum ipa-server package i am using: # yum info ipa-server Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile * base: mirrors.usinternet.com http://mirrors.usinternet.com * extras: mirror.oss.ou.edu http://mirror.oss.ou.edu * updates: mirrors.gigenet.com http://mirrors.gigenet.com Installed Packages Name: ipa-server Arch: x86_64 Version : 4.1.0 Release : 18.el7.centos.3 Size: 4.2 M Repo: installed From repo : updates Summary : The IPA authentication server URL : http://www.freeipa.org/ License : GPLv3+ Description : IPA is an integrated solution to provide centrally managed Identity (machine, : user, virtual machines, groups, authentication credentials), Policy : (configuration settings, access control information) and Audit (events, : logs, analysis thereof). If you are installing an IPA server you need : to install this package (in other words, most people should NOT install : this package). here is the yum ipa-client package i am using: # yum info ipa-client Loaded plugins: fastestmirror, rhnplugin This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile * base: mirrors.usinternet.com http://mirrors.usinternet.com * extras: mirror.oss.ou.edu http://mirror.oss.ou.edu * updates: mirrors.gigenet.com http://mirrors.gigenet.com Installed Packages Name: ipa-client Arch: x86_64 Version : 4.1.0 Release : 18.el7.centos.3 Size: 440 k Repo: installed From repo : updates Summary : IPA authentication for use on clients URL : http://www.freeipa.org/ License : GPLv3+ Description : IPA is an integrated solution to provide centrally managed Identity (machine, : user, virtual machines, groups, authentication credentials), Policy : (configuration settings, access control information) and Audit (events, : logs, analysis thereof). If your network uses IPA for authentication, : this package should be installed on every client machine. here is the /var/log/ipaserver-install.log: 2015-05-08T17:47:16Z DEBUG stderr=Using existing certificate '/etc/ipa/ca.crt'. Hostname: ###--centos7.withheld.com Realm: withheld.COM DNS Domain: withheld.com IPA Server: -#-centos7.withheld.com BaseDN: dc=,dc= Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://-#-centos7.withheld.com/ipa/json Forwarding 'ping' to json server 'https://###-#-centos7.withheld.com/ipa/json' Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 2925, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 2906, in main rval = install(options, env, fstore, statestore) File /usr/sbin/ipa-client-install, line 2609, in install api.Backend.rpcclient.forward('ping') File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 883, in forward return self._call_command(command, params) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 860, in _call_command return command(*params) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 1011, in _call return self.__request(name, args) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 980, in __request verbose=self.__verbose = 3, File /usr/lib64/python2.7/xmlrpclib.py, line 1228, in request h = self.make_connection(host) File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 484, in make_connection if self._connection and host == self._connection[0]: AttributeError: KerbTransport instance has no attribute '_connection' I would assume that this is an attempt to do some kerberos call that failed. On server that most likely means that KDC was not started for some reason. And it in turn might not start for different reasons. Please check the troubleshooting page. http://www.freeipa.org/page/Troubleshooting Things to think about: - DNS configuration - Is hostname correct and properly resolvable - Is time correct (time zone?) - Are there any
[Freeipa-users] Configuration of client side components failed! on IPA Server
Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). ** *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* **Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* ** This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. *Best Regards,__* *Yogesh Sharma* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. *Best Regards,__* *Yogesh Sharma* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Any suggestion Please. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma yks0...@gmail.com wrote: While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: https://fedorahosted.org/freeipa/ticket/ Please let us know if the DNS update fixed the error. Martin On 03/25/2015 02:11 PM, Yogesh Sharma wrote: I think I got the issue. Realm Name Entry in DNS is added in lower case rather than UPPER. 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/ ,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int Will try changing the Realm and see if it resovled. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi Martin, Please find the client logs: 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively later 2015-03-25T12:29:49Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-03-25T12:29:49Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int 2015-03-25T12:29:49Z DEBUG IPA Server not found 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
This should be in the official RHEL-7.1/CentOS-7.1 repos. Or you can try our upstream CentOS-7 based Copr repo: https://copr.fedoraproject.org/coprs/mkosek/freeipa/ On 03/25/2015 02:30 PM, Yogesh Sharma wrote: Hi Martin, Finally, the issue has resolved. :) Is there RPM available to install latest IPA version in CentOS or at least 4.0.2 version. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote: Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: https://fedorahosted.org/freeipa/ticket/ Please let us know if the DNS update fixed the error. Martin On 03/25/2015 02:11 PM, Yogesh Sharma wrote: I think I got the issue. Realm Name Entry in DNS is added in lower case rather than UPPER. 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/ ,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int Will try changing the Realm and see if it resovled. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi Martin, Please find the client logs: 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively later 2015-03-25T12:29:49Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-03-25T12:29:49Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int 2015-03-25T12:29:49Z DEBUG IPA Server not found 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Hi Martin, Finally, the issue has resolved. :) Is there RPM available to install latest IPA version in CentOS or at least 4.0.2 version. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote: Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: https://fedorahosted.org/freeipa/ticket/ Please let us know if the DNS update fixed the error. Martin On 03/25/2015 02:11 PM, Yogesh Sharma wrote: I think I got the issue. Realm Name Entry in DNS is added in lower case rather than UPPER. 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/ ,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int Will try changing the Realm and see if it resovled. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi Martin, Please find the client logs: 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively later 2015-03-25T12:29:49Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-03-25T12:29:49Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int 2015-03-25T12:29:49Z DEBUG IPA Server not found 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Thanks Martin for the help. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 7:07 PM, Martin Kosek mko...@redhat.com wrote: This should be in the official RHEL-7.1/CentOS-7.1 repos. Or you can try our upstream CentOS-7 based Copr repo: https://copr.fedoraproject.org/coprs/mkosek/freeipa/ On 03/25/2015 02:30 PM, Yogesh Sharma wrote: Hi Martin, Finally, the issue has resolved. :) Is there RPM available to install latest IPA version in CentOS or at least 4.0.2 version. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote: Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket: https://fedorahosted.org/freeipa/ticket/ Please let us know if the DNS update fixed the error. Martin On 03/25/2015 02:11 PM, Yogesh Sharma wrote: I think I got the issue. Realm Name Entry in DNS is added in lower case rather than UPPER. 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/ ,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int Will try changing the Realm and see if it resovled. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi Martin, Please find the client logs: 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively later 2015-03-25T12:29:49Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-03-25T12:29:49Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname= ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _ kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int .,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int 2015-03-25T12:29:49Z DEBUG IPA Server not found 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
On 03/25/2015 07:46 AM, Yogesh Sharma wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). ** *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* **Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* ** This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. Please also share ipaclient-install.log, it should show what is the exact problem in the client component installation. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
I have tried on multiple Platform. Setup the nisdomain and it is resolving, though it is getting the same error. Any help would be helpful. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 3:42 PM, Yogesh Sharma yks0...@gmail.com wrote: Any suggestion Please. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma yks0...@gmail.com wrote: While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Hi Martin, Please find the client logs: 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None, 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False, 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively later 2015-03-25T12:29:49Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2015-03-25T12:29:49Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int 2015-03-25T12:29:49Z DEBUG IPA Server not found 2015-03-25T12:29:49Z DEBUG [IPA Discovery] 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int, servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int 2015-03-25T12:29:49Z DEBUG Server and domain forced 2015-03-25T12:29:49Z DEBUG [Kerberos realm search] 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_ kerberos.sd.int.,type:16,class:1,rdata={data:sd.int} 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._ udp.sd.int. 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._ udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server: ldap-inf-stg-sg1-01.sd.int.} 2015-03-25T12:29:49Z DEBUG [LDAP server check] 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm sd.int) is an IPA server 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap:// ldap-inf-stg-sg1-01.sd.int:389 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA context 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in dc=sd,dc=int (sub) 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None, domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int 2015-03-25T12:29:49Z DEBUG Validated servers: 2015-03-25T12:29:49Z ERROR Failed to verify that ldap-inf-stg-sg1-01.sd.int is an IPA Server. 2015-03-25T12:29:49Z ERROR This may mean that the remote server is not up or is not reachable due to network or firewall settings. 2015-03-25T12:29:49Z INFO Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) 2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as option) 2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes. 2015-03-25T12:29:49Z DEBUG Loading