[Freeipa-users] Configuration of client side components failed!
So i have been looking around for a solution for this issue for a few days
now and have had no luck. I know in older versions of freeipa this was a
issue but i think i should be using the most updated version.
(Please note that my company's name is withheld)
During the ipa-server-install it fails with:
Restarting the web server
Configuration of client side components failed!
ipa-client-install returned: Command ''/usr/sbin/ipa-client-install'
'--on-master' '--unattended' '--domain' 'withheld.com' '--server'
'###-#-centos7.withheld.com' '--realm' 'withheld.COM' '--hostname'
'-#-centos7.withheld.com'' returned non-zero exit status 1
here is the yum ipa-server package i am using:
# yum info ipa-server
Loaded plugins: fastestmirror, rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
Loading mirror speeds from cached hostfile
* base: mirrors.usinternet.com
* extras: mirror.oss.ou.edu
* updates: mirrors.gigenet.com
Installed Packages
Name: ipa-server
Arch: x86_64
Version : 4.1.0
Release : 18.el7.centos.3
Size: 4.2 M
Repo: installed
From repo : updates
Summary : The IPA authentication server
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication credentials),
Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA server
you need
: to install this package (in other words, most people should
NOT install
: this package).
here is the yum ipa-client package i am using:
# yum info ipa-client
Loaded plugins: fastestmirror, rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
Loading mirror speeds from cached hostfile
* base: mirrors.usinternet.com
* extras: mirror.oss.ou.edu
* updates: mirrors.gigenet.com
Installed Packages
Name: ipa-client
Arch: x86_64
Version : 4.1.0
Release : 18.el7.centos.3
Size: 440 k
Repo: installed
From repo : updates
Summary : IPA authentication for use on clients
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication credentials),
Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If your network uses IPA for
authentication,
: this package should be installed on every client machine.
here is the /var/log/ipaserver-install.log:
2015-05-08T17:47:16Z DEBUG stderr=Using existing certificate
'/etc/ipa/ca.crt'.
Hostname: ###--centos7.withheld.com
Realm: withheld.COM
DNS Domain: withheld.com
IPA Server: -#-centos7.withheld.com
BaseDN: dc=,dc=
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://-#-centos7.withheld.com/ipa/json
Forwarding 'ping' to json server 'https://
###-#-centos7.withheld.com/ipa/json'
Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2925, in module
sys.exit(main())
File /usr/sbin/ipa-client-install, line 2906, in main
rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2609, in install
api.Backend.rpcclient.forward('ping')
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 883, in
forward
return self._call_command(command, params)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 860, in
_call_command
return command(*params)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 1011, in _call
return self.__request(name, args)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 980, in
__request
verbose=self.__verbose = 3,
File /usr/lib64/python2.7/xmlrpclib.py, line 1228, in request
h = self.make_connection(host)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 484, in
make_connection
if self._connection and host == self._connection[0]:
AttributeError: KerbTransport instance has no attribute '_connection'
2015-05-08T17:47:16Z DEBUG File
/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py, line
646, in run_script
return_value = main_function()
File /usr/sbin/ipa-server-install, line 1292, in main
sys.exit(Configuration of client side components
failed!\nipa-client-install returned: + str(e))
please let me know of any thing i can give to help fix the issue
Thanks
Jacob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed!
On 05/08/2015 02:06 PM, Linux Shell wrote:
So i have been looking around for a solution for this issue for a few
days now and have had no luck. I know in older versions of freeipa
this was a issue but i think i should be using the most updated version.
(Please note that my company's name is withheld)
During the ipa-server-install it fails with:
Restarting the web server
Configuration of client side components failed!
ipa-client-install returned: Command ''/usr/sbin/ipa-client-install'
'--on-master' '--unattended' '--domain' 'withheld.com' '--server'
'###-#-centos7.withheld.com' '--realm' 'withheld.COM'
'--hostname' '-#-centos7.withheld.com'' returned non-zero
exit status 1
here is the yum ipa-server package i am using:
# yum info ipa-server
Loaded plugins: fastestmirror, rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
Loading mirror speeds from cached hostfile
* base: mirrors.usinternet.com http://mirrors.usinternet.com
* extras: mirror.oss.ou.edu http://mirror.oss.ou.edu
* updates: mirrors.gigenet.com http://mirrors.gigenet.com
Installed Packages
Name: ipa-server
Arch: x86_64
Version : 4.1.0
Release : 18.el7.centos.3
Size: 4.2 M
Repo: installed
From repo : updates
Summary : The IPA authentication server
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally
managed Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA
server you need
: to install this package (in other words, most people
should NOT install
: this package).
here is the yum ipa-client package i am using:
# yum info ipa-client
Loaded plugins: fastestmirror, rhnplugin
This system is receiving updates from RHN Classic or Red Hat Satellite.
Loading mirror speeds from cached hostfile
* base: mirrors.usinternet.com http://mirrors.usinternet.com
* extras: mirror.oss.ou.edu http://mirror.oss.ou.edu
* updates: mirrors.gigenet.com http://mirrors.gigenet.com
Installed Packages
Name: ipa-client
Arch: x86_64
Version : 4.1.0
Release : 18.el7.centos.3
Size: 440 k
Repo: installed
From repo : updates
Summary : IPA authentication for use on clients
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally
managed Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If your network uses IPA for
authentication,
: this package should be installed on every client machine.
here is the /var/log/ipaserver-install.log:
2015-05-08T17:47:16Z DEBUG stderr=Using existing certificate
'/etc/ipa/ca.crt'.
Hostname: ###--centos7.withheld.com
Realm: withheld.COM
DNS Domain: withheld.com
IPA Server: -#-centos7.withheld.com
BaseDN: dc=,dc=
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://-#-centos7.withheld.com/ipa/json
Forwarding 'ping' to json server
'https://###-#-centos7.withheld.com/ipa/json'
Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2925, in module
sys.exit(main())
File /usr/sbin/ipa-client-install, line 2906, in main
rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2609, in install
api.Backend.rpcclient.forward('ping')
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 883, in
forward
return self._call_command(command, params)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 860, in
_call_command
return command(*params)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 1011, in
_call
return self.__request(name, args)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 980, in
__request
verbose=self.__verbose = 3,
File /usr/lib64/python2.7/xmlrpclib.py, line 1228, in request
h = self.make_connection(host)
File /usr/lib/python2.7/site-packages/ipalib/rpc.py, line 484, in
make_connection
if self._connection and host == self._connection[0]:
AttributeError: KerbTransport instance has no attribute '_connection'
I would assume that this is an attempt to do some kerberos call that failed.
On server that most likely means that KDC was not started for some
reason. And it in turn might not start for different reasons.
Please check the troubleshooting page.
http://www.freeipa.org/page/Troubleshooting
Things to think about:
- DNS configuration
- Is hostname correct and properly resolvable
- Is time correct (time zone?)
- Are there any
[Freeipa-users] Configuration of client side components failed! on IPA Server
Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). ** *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* **Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* ** This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. *Best Regards,__* *Yogesh Sharma* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. *Best Regards,__* *Yogesh Sharma* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Any suggestion Please. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma yks0...@gmail.com wrote: While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
https://fedorahosted.org/freeipa/ticket/
Please let us know if the DNS update fixed the error.
Martin
On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
I think I got the issue. Realm Name Entry in DNS is added in lower case
rather than UPPER.
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/
,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
Will try changing the Realm and see if it resovled.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com wrote:
Hi Martin,
Please find the client logs:
2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for
interactively later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
(realm sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
(realm sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
This should be in the official RHEL-7.1/CentOS-7.1 repos.
Or you can try our upstream CentOS-7 based Copr repo:
https://copr.fedoraproject.org/coprs/mkosek/freeipa/
On 03/25/2015 02:30 PM, Yogesh Sharma wrote:
Hi Martin,
Finally, the issue has resolved. :)
Is there RPM available to install latest IPA version in CentOS or at least
4.0.2 version.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote:
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
https://fedorahosted.org/freeipa/ticket/
Please let us know if the DNS update fixed the error.
Martin
On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
I think I got the issue. Realm Name Entry in DNS is added in lower case
rather than UPPER.
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/
,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
Will try changing the Realm and see if it resovled.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com
wrote:
Hi Martin,
Please find the client logs:
2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for
interactively later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int
.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
(realm sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Hi Martin,
Finally, the issue has resolved. :)
Is there RPM available to install latest IPA version in CentOS or at least
4.0.2 version.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote:
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
https://fedorahosted.org/freeipa/ticket/
Please let us know if the DNS update fixed the error.
Martin
On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
I think I got the issue. Realm Name Entry in DNS is added in lower case
rather than UPPER.
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/
,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
Will try changing the Realm and see if it resovled.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com
wrote:
Hi Martin,
Please find the client logs:
2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for
interactively later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int
.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
(realm sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Thanks Martin for the help.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 7:07 PM, Martin Kosek mko...@redhat.com wrote:
This should be in the official RHEL-7.1/CentOS-7.1 repos.
Or you can try our upstream CentOS-7 based Copr repo:
https://copr.fedoraproject.org/coprs/mkosek/freeipa/
On 03/25/2015 02:30 PM, Yogesh Sharma wrote:
Hi Martin,
Finally, the issue has resolved. :)
Is there RPM available to install latest IPA version in CentOS or at
least
4.0.2 version.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote:
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
https://fedorahosted.org/freeipa/ticket/
Please let us know if the DNS update fixed the error.
Martin
On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
I think I got the issue. Realm Name Entry in DNS is added in lower case
rather than UPPER.
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT http://sd.int/
,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
Will try changing the Realm and see if it resovled.
*Best Regards,__*
*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma yks0...@gmail.com
wrote:
Hi Martin,
Please find the client logs:
2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked
with
options: {'domain': 'sd.int', 'force': False,
'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for
interactively later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found:
DNSResult::name:_kerberos._
udp.sd.int
.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
(realm sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is
for
IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid
IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer)
in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
On 03/25/2015 07:46 AM, Yogesh Sharma wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). ** *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* **Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn uid=admin,cn=users,cn=accounts,dc=sd,dc=int* *2015-03-25T06:39:59Z DEBUG stdout=* *2015-03-25T06:39:59Z DEBUG stderr=* *2015-03-25T06:39:59Z DEBUG ldappasswd done* *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int* *2015-03-25T06:40:10Z DEBUG stdout=* *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int is an IPA Server.* *This may mean that the remote server is not up or is not reachable due to network or firewall settings.* *Please make sure the following ports are opened in the firewall settings:* * TCP: 80, 88, 389* * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)* *Also note that following ports are necessary for ipa-client working properly after enrollment:* * TCP: 464* * UDP: 464, 123 (if NTP enabled)* *Installation failed. Rolling back changes.* *Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1* *Removing Kerberos service principals from /etc/krb5.keytab* *Disabling client Kerberos and LDAP configurations* *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted* *nscd daemon is not installed, skip configuration* *nslcd daemon is not installed, skip configuration* *Client uninstall complete.* *2015-03-25T06:40:10Z INFO File /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, in run_script* *return_value = main_function()* * File /usr/sbin/ipa-server-install, line 1103, in main* *sys.exit(Configuration of client side components failed!\nipa-client-install returned: + str(e))* *2015-03-25T06:40:10Z INFO The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* ** This server is on AWS and I can confirm that all above ports are opened. Also as it is installing on same server where IPA Server is being installed, Port should not be an issue. Am I missing anything here. Please also share ipaclient-install.log, it should show what is the exact problem in the client component installation. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
I have tried on multiple Platform. Setup the nisdomain and it is resolving, though it is getting the same error. Any help would be helpful. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 3:42 PM, Yogesh Sharma yks0...@gmail.com wrote: Any suggestion Please. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma yks0...@gmail.com wrote: While restarting using ipactl . It is stopping. Any suggestion. [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Stopping CA Service pki-tomcatd: unrecognized service Failed to stop CA Service Stopping HTTP Service Stopping httpd:[FAILED] Stopping MEMCACHE Service Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] SD-INT... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting MEMCACHE Service Starting ipa_memcached:[ OK ] Starting HTTP Service Starting httpd:[ OK ] Starting CA Service pki-tomcatd: unrecognized service Failed to start CA Service *Shutting down* *Stopping Kerberos 5 KDC: [ OK ]* *Stopping Kerberos 5 Admin Server: [ OK ]* *Stopping ipa_memcached:[ OK ]* *Stopping httpd:[ OK ]* *pki-tomcatd: unrecognized service* *Shutting down dirsrv: * *PKI-IPA... [ OK ]* *SD-INT... [ OK ]* *Aborting ipactl* [root@ldap-inf-stg-sg1-01 ys7673] *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma yks0...@gmail.com wrote: I have checked , there is no default.conf. Please suggest. [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/ total 8.0K drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/ total 28K -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html -rw-r--r-- 1 root root 521 Oct 16 15:03 ipa_error.css -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html [root@ldap-inf-stg-sg1-01 ipa]# *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in http://www.initd.in* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] http://in.linkedin.com/in/yks On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma yks0...@gmail.com wrote: Hi, We are getting below error while we are installing IPA Server (ipa-server-install --no-ntp). *Configuration of client side components failed!* *ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain sd.int http://sd.int --server ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int --realm SD.INT http://SD.INT --hostname ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int' returned non-zero exit status 1* Logs indicate below errors: *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h ldap-inf-stg-sg1-01.sd.int http://ldap-inf-stg-sg1-01.sd.int -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS
Re: [Freeipa-users] Configuration of client side components failed! on IPA Server
Hi Martin,
Please find the client logs:
2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively
later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z ERROR Failed to verify that ldap-inf-stg-sg1-01.sd.int
is an IPA Server.
2015-03-25T12:29:49Z ERROR This may mean that the remote server is not up
or is not reachable due to network or firewall settings.
2015-03-25T12:29:49Z INFO Please make sure the following ports are opened
in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working
properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as option)
2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes.
2015-03-25T12:29:49Z DEBUG Loading
