subject:"\[Freeipa\-users\] Configuration of client side components failed\! on IPA Server"

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

Thanks Martin for the help.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 7:07 PM, Martin Kosek  wrote:

> This should be in the official RHEL-7.1/CentOS-7.1 repos.
>
> Or you can try our upstream CentOS-7 based Copr repo:
>
> https://copr.fedoraproject.org/coprs/mkosek/freeipa/
>
> On 03/25/2015 02:30 PM, Yogesh Sharma wrote:
> > Hi Martin,
> >
> > Finally, the issue has resolved. :)
> >
> > Is there RPM available to install latest IPA version in CentOS or at
> least
> > 4.0.2 version.
> >
> >
> >
> >
> > *Best Regards,__*
> >
> > *Yogesh Sharma*
> > *Email: yks0...@gmail.com  | Web: www.initd.in
> > *
> >
> > RHCE, VCE-CIA, RackSpace Cloud U
> > [image: My LinkedIn Profile] 
> >
> >
> > On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek  wrote:
> >
> >> Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
> >>
> >> https://fedorahosted.org/freeipa/ticket/
> >>
> >> Please let us know if the DNS update fixed the error.
> >>
> >> Martin
> >>
> >> On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
> >>> I think I got the issue. Realm Name Entry in DNS is added in lower case
> >>> rather than UPPER.
> >>>
> >>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT 
> >>> ,cn=kerberos,dc=sd,dc=int
> >>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> >> server=None,
> >>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >>>
> >>> Will try changing the Realm and see if it resovled.
> >>>
> >>>
> >>>
> >>>
> >>> *Best Regards,__*
> >>>
> >>> *Yogesh Sharma*
> >>> *Email: yks0...@gmail.com  | Web: www.initd.in
> >>> *
> >>>
> >>> RHCE, VCE-CIA, RackSpace Cloud U
> >>> [image: My LinkedIn Profile] 
> >>>
> >>>
> >>> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma 
> >> wrote:
> >>>
>  Hi Martin,
> 
>  Please find the client logs:
> 
> 
> 
>  2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked
> with
>  options: {'domain': 'sd.int', 'force': False,
> 'krb5_offline_passwords':
>  True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
>  'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
> >> None,
>  'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
>  'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
>  False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
>  'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
>  'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
> >> 'nisdomain':
>  None, 'prompt_password': False, 'permit': False, 'debug': False,
>  'preserve_sssd': False, 'uninstall': False}
>  2015-03-25T12:29:49Z DEBUG missing options might be asked for
>  interactively later
>  2015-03-25T12:29:49Z DEBUG Loading Index file from
>  '/var/lib/ipa-client/sysrestore/sysrestore.index'
>  2015-03-25T12:29:49Z DEBUG Loading StateFile from
>  '/var/lib/ipa-client/sysrestore/sysrestore.state'
>  2015-03-25T12:29:49Z DEBUG [IPA Discovery]
>  2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
>  servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
>  ldap-inf-stg-sg1-01.sd.int
>  2015-03-25T12:29:49Z DEBUG Server and domain forced
>  2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
>  2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
> >> kerberos.sd.int.
>  2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
>  kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
>  2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
>  udp.sd.int.
>  2015-03-25T12:29:49Z DEBUG DNS record found:
> DNSResult::name:_kerberos._
>  udp.sd.int
> >> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
>  ldap-inf-stg-sg1-01.sd.int.}
>  2015-03-25T12:29:49Z DEBUG [LDAP server check]
>  2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
>  (realm sd.int) is an IPA server
>  2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
>  ldap-inf-stg-sg1-01.sd.int:389
>  2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
>  2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is
> for
>  IPA
>  2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid
> IPA
>  context
>  2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer)
> in
>  dc=sd,dc=int (sub)
>  2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
>  2015-03-25T12:2

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Martin Kosek

This should be in the official RHEL-7.1/CentOS-7.1 repos.

Or you can try our upstream CentOS-7 based Copr repo:

https://copr.fedoraproject.org/coprs/mkosek/freeipa/

On 03/25/2015 02:30 PM, Yogesh Sharma wrote:
> Hi Martin,
> 
> Finally, the issue has resolved. :)
> 
> Is there RPM available to install latest IPA version in CentOS or at least
> 4.0.2 version.
> 
> 
> 
> 
> *Best Regards,__*
> 
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
> *
> 
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] 
> 
> 
> On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek  wrote:
> 
>> Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
>>
>> https://fedorahosted.org/freeipa/ticket/
>>
>> Please let us know if the DNS update fixed the error.
>>
>> Martin
>>
>> On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
>>> I think I got the issue. Realm Name Entry in DNS is added in lower case
>>> rather than UPPER.
>>>
>>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT 
>>> ,cn=kerberos,dc=sd,dc=int
>>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
>> server=None,
>>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
>>>
>>> Will try changing the Realm and see if it resovled.
>>>
>>>
>>>
>>>
>>> *Best Regards,__*
>>>
>>> *Yogesh Sharma*
>>> *Email: yks0...@gmail.com  | Web: www.initd.in
>>> *
>>>
>>> RHCE, VCE-CIA, RackSpace Cloud U
>>> [image: My LinkedIn Profile] 
>>>
>>>
>>> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma 
>> wrote:
>>>
 Hi Martin,

 Please find the client logs:



 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
 options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
 True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
>> None,
 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
 False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
>> 'nisdomain':
 None, 'prompt_password': False, 'permit': False, 'debug': False,
 'preserve_sssd': False, 'uninstall': False}
 2015-03-25T12:29:49Z DEBUG missing options might be asked for
 interactively later
 2015-03-25T12:29:49Z DEBUG Loading Index file from
 '/var/lib/ipa-client/sysrestore/sysrestore.index'
 2015-03-25T12:29:49Z DEBUG Loading StateFile from
 '/var/lib/ipa-client/sysrestore/sysrestore.state'
 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
 servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
 ldap-inf-stg-sg1-01.sd.int
 2015-03-25T12:29:49Z DEBUG Server and domain forced
 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
>> kerberos.sd.int.
 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
 kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
 udp.sd.int.
 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
 udp.sd.int
>> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
 ldap-inf-stg-sg1-01.sd.int.}
 2015-03-25T12:29:49Z DEBUG [LDAP server check]
 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
 (realm sd.int) is an IPA server
 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
 ldap-inf-stg-sg1-01.sd.int:389
 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
 IPA
 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
 context
 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
 dc=sd,dc=int (sub)
 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
>> server=None,
 domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
 2015-03-25T12:29:49Z DEBUG Validated servers:
 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
 2015-03-25T12:29:49Z DEBUG IPA Server not found
 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
 servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
 ldap-inf-stg-sg1-01.sd.int
 2015-03-25T12:29:49Z DEBUG Server and domain forced

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

Hi Martin,

Finally, the issue has resolved. :)

Is there RPM available to install latest IPA version in CentOS or at least
4.0.2 version.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek  wrote:

> Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
>
> https://fedorahosted.org/freeipa/ticket/
>
> Please let us know if the DNS update fixed the error.
>
> Martin
>
> On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
> > I think I got the issue. Realm Name Entry in DNS is added in lower case
> > rather than UPPER.
> >
> > 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT 
> > ,cn=kerberos,dc=sd,dc=int
> > 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> server=None,
> > domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >
> > Will try changing the Realm and see if it resovled.
> >
> >
> >
> >
> > *Best Regards,__*
> >
> > *Yogesh Sharma*
> > *Email: yks0...@gmail.com  | Web: www.initd.in
> > *
> >
> > RHCE, VCE-CIA, RackSpace Cloud U
> > [image: My LinkedIn Profile] 
> >
> >
> > On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma 
> wrote:
> >
> >> Hi Martin,
> >>
> >> Please find the client logs:
> >>
> >>
> >>
> >> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
> >> options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
> >> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
> >> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server':
> None,
> >> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
> >> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
> >> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
> >> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
> >> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None,
> 'nisdomain':
> >> None, 'prompt_password': False, 'permit': False, 'debug': False,
> >> 'preserve_sssd': False, 'uninstall': False}
> >> 2015-03-25T12:29:49Z DEBUG missing options might be asked for
> >> interactively later
> >> 2015-03-25T12:29:49Z DEBUG Loading Index file from
> >> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> >> 2015-03-25T12:29:49Z DEBUG Loading StateFile from
> >> '/var/lib/ipa-client/sysrestore/sysrestore.state'
> >> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> >> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> >> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> >> ldap-inf-stg-sg1-01.sd.int
> >> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> >> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> >> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
> kerberos.sd.int.
> >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> >> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> >> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
> >> udp.sd.int.
> >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
> >> udp.sd.int
> .,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
> >> ldap-inf-stg-sg1-01.sd.int.}
> >> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
> >> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
> >> (realm sd.int) is an IPA server
> >> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
> >> ldap-inf-stg-sg1-01.sd.int:389
> >> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
> >> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
> >> IPA
> >> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
> >> context
> >> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
> >> dc=sd,dc=int (sub)
> >> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
> >> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND;
> server=None,
> >> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> >> 2015-03-25T12:29:49Z DEBUG Validated servers:
> >> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
> >> 2015-03-25T12:29:49Z DEBUG IPA Server not found
> >> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> >> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> >> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> >> ldap-inf-stg-sg1-01.sd.int
> >> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> >> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> >> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _
> kerberos.sd.int.
> >> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> >> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> >> 2015

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Martin Kosek

Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:

https://fedorahosted.org/freeipa/ticket/

Please let us know if the DNS update fixed the error.

Martin

On 03/25/2015 02:11 PM, Yogesh Sharma wrote:
> I think I got the issue. Realm Name Entry in DNS is added in lower case
> rather than UPPER.
> 
> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT 
> ,cn=kerberos,dc=sd,dc=int
> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> 
> Will try changing the Realm and see if it resovled.
> 
> 
> 
> 
> *Best Regards,__*
> 
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
> *
> 
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] 
> 
> 
> On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma  wrote:
> 
>> Hi Martin,
>>
>> Please find the client logs:
>>
>>
>>
>> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
>> options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
>> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
>> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
>> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
>> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
>> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
>> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
>> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
>> None, 'prompt_password': False, 'permit': False, 'debug': False,
>> 'preserve_sssd': False, 'uninstall': False}
>> 2015-03-25T12:29:49Z DEBUG missing options might be asked for
>> interactively later
>> 2015-03-25T12:29:49Z DEBUG Loading Index file from
>> '/var/lib/ipa-client/sysrestore/sysrestore.index'
>> 2015-03-25T12:29:49Z DEBUG Loading StateFile from
>> '/var/lib/ipa-client/sysrestore/sysrestore.state'
>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
>> ldap-inf-stg-sg1-01.sd.int
>> 2015-03-25T12:29:49Z DEBUG Server and domain forced
>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
>> udp.sd.int.
>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
>> udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
>> ldap-inf-stg-sg1-01.sd.int.}
>> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
>> (realm sd.int) is an IPA server
>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
>> ldap-inf-stg-sg1-01.sd.int:389
>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
>> IPA
>> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
>> context
>> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
>> dc=sd,dc=int (sub)
>> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
>> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
>> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
>> 2015-03-25T12:29:49Z DEBUG Validated servers:
>> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
>> 2015-03-25T12:29:49Z DEBUG IPA Server not found
>> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
>> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
>> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
>> ldap-inf-stg-sg1-01.sd.int
>> 2015-03-25T12:29:49Z DEBUG Server and domain forced
>> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
>> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
>> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
>> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
>> udp.sd.int.
>> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
>> udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
>> ldap-inf-stg-sg1-01.sd.int.}
>> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
>> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
>> (realm sd.int) is an IPA server
>> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
>> ldap-inf-stg-sg1-01.sd.int:389
>> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
>> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,d

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

I think I got the issue. Realm Name Entry in DNS is added in lower case
rather than UPPER.

2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT 
,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int

Will try changing the Realm and see if it resovled.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 6:13 PM, Yogesh Sharma  wrote:

> Hi Martin,
>
> Please find the client logs:
>
>
>
> 2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
> options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
> True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
> 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
> 'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
> 'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
> False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
> 'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
> 'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
> None, 'prompt_password': False, 'permit': False, 'debug': False,
> 'preserve_sssd': False, 'uninstall': False}
> 2015-03-25T12:29:49Z DEBUG missing options might be asked for
> interactively later
> 2015-03-25T12:29:49Z DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2015-03-25T12:29:49Z DEBUG Loading StateFile from
> '/var/lib/ipa-client/sysrestore/sysrestore.state'
> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> ldap-inf-stg-sg1-01.sd.int
> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
> udp.sd.int.
> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
> udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
> ldap-inf-stg-sg1-01.sd.int.}
> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
> (realm sd.int) is an IPA server
> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
> ldap-inf-stg-sg1-01.sd.int:389
> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
> IPA
> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
> context
> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
> dc=sd,dc=int (sub)
> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
> domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
> 2015-03-25T12:29:49Z DEBUG Validated servers:
> 2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
> 2015-03-25T12:29:49Z DEBUG IPA Server not found
> 2015-03-25T12:29:49Z DEBUG [IPA Discovery]
> 2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
> servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=
> ldap-inf-stg-sg1-01.sd.int
> 2015-03-25T12:29:49Z DEBUG Server and domain forced
> 2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
> 2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
> kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
> 2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
> udp.sd.int.
> 2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
> udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
> ldap-inf-stg-sg1-01.sd.int.}
> 2015-03-25T12:29:49Z DEBUG [LDAP server check]
> 2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int
> (realm sd.int) is an IPA server
> 2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
> ldap-inf-stg-sg1-01.sd.int:389
> 2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
> 2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for
> IPA
> 2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
> context
> 2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
> dc=sd,dc=int (sub)
> 2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
> 2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
> doma

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

Hi Martin,

Please find the client logs:



2015-03-25T12:29:49Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'sd.int', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True,
'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'ntp_server': None,
'server': ['ldap-inf-stg-sg1-01.sd.int'], 'no_nisdomain': False,
'principal': None, 'hostname': 'ldap-inf-stg-sg1-01.sd.int', 'no_ac':
False, 'unattended': True, 'sssd': True, 'trust_sshfp': False,
'realm_name': 'SD.INT', 'dns_updates': False, 'conf_sudo': True,
'conf_ssh': True, 'force_join': False, 'ca_cert_file': None, 'nisdomain':
None, 'prompt_password': False, 'permit': False, 'debug': False,
'preserve_sssd': False, 'uninstall': False}
2015-03-25T12:29:49Z DEBUG missing options might be asked for interactively
later
2015-03-25T12:29:49Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2015-03-25T12:29:49Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z DEBUG will use discovered domain: sd.int
2015-03-25T12:29:49Z DEBUG IPA Server not found
2015-03-25T12:29:49Z DEBUG [IPA Discovery]
2015-03-25T12:29:49Z DEBUG Starting IPA discovery with domain=sd.int,
servers=['ldap-inf-stg-sg1-01.sd.int'], hostname=ldap-inf-stg-sg1-01.sd.int
2015-03-25T12:29:49Z DEBUG Server and domain forced
2015-03-25T12:29:49Z DEBUG [Kerberos realm search]
2015-03-25T12:29:49Z DEBUG Search DNS for TXT record of _kerberos.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_
kerberos.sd.int.,type:16,class:1,rdata={data:sd.int}
2015-03-25T12:29:49Z DEBUG Search DNS for SRV record of _kerberos._
udp.sd.int.
2015-03-25T12:29:49Z DEBUG DNS record found: DNSResult::name:_kerberos._
udp.sd.int.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:
ldap-inf-stg-sg1-01.sd.int.}
2015-03-25T12:29:49Z DEBUG [LDAP server check]
2015-03-25T12:29:49Z DEBUG Verifying that ldap-inf-stg-sg1-01.sd.int (realm
sd.int) is an IPA server
2015-03-25T12:29:49Z DEBUG Init LDAP connection with: ldap://
ldap-inf-stg-sg1-01.sd.int:389
2015-03-25T12:29:49Z DEBUG Search LDAP server for IPA base DN
2015-03-25T12:29:49Z DEBUG Check if naming context 'dc=sd,dc=int' is for IPA
2015-03-25T12:29:49Z DEBUG Naming context 'dc=sd,dc=int' is a valid IPA
context
2015-03-25T12:29:49Z DEBUG Search for (objectClass=krbRealmContainer) in
dc=sd,dc=int (sub)
2015-03-25T12:29:49Z DEBUG Found: cn=SD.INT,cn=kerberos,dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Discovery result: REALM_NOT_FOUND; server=None,
domain=sd.int, kdc=ldap-inf-stg-sg1-01.sd.int, basedn=dc=sd,dc=int
2015-03-25T12:29:49Z DEBUG Validated servers:
2015-03-25T12:29:49Z ERROR Failed to verify that ldap-inf-stg-sg1-01.sd.int
is an IPA Server.
2015-03-25T12:29:49Z ERROR This may mean that the remote server is not up
or is not reachable due to network or firewall settings.
2015-03-25T12:29:49Z INFO Please make sure the following ports are opened
in the firewall settings:
 TCP: 80, 88, 389
 UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working
properly after enrollment:
 TCP: 464
 UDP: 464, 123 (if NTP enabled)
2015-03-25T12:29:49Z DEBUG (ldap-inf-stg-sg1-01.sd.int: Provided as option)
2015-03-25T12:29:49Z ERROR Installation failed. Rolling back changes.
2015-03-25T12:29:49Z DEBUG Loading I

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Martin Kosek

On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
> Hi,
> 
> We are getting below error while we are installing IPA Server
> (ipa-server-install --no-ntp).
> 
> 
> **
> *Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> ' returned non-zero exit status 1*
> 
> **Logs indicate below errors:
> 
> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
> ldap-inf-stg-sg1-01.sd.int  -ZZ -x -D
> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
> *2015-03-25T06:39:59Z DEBUG stdout=*
> *2015-03-25T06:39:59Z DEBUG stderr=*
> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
> --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> *
> *2015-03-25T06:40:10Z DEBUG stdout=*
> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
> ldap-inf-stg-sg1-01.sd.int  is an IPA
> Server.*
> *This may mean that the remote server is not up or is not reachable due to
> network or firewall settings.*
> *Please make sure the following ports are opened in the firewall settings:*
> * TCP: 80, 88, 389*
> * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
> *Also note that following ports are necessary for ipa-client working
> properly after enrollment:*
> * TCP: 464*
> * UDP: 464, 123 (if NTP enabled)*
> *Installation failed. Rolling back changes.*
> *Unconfigured automount client failed: Command 'ipa-client-automount
> --uninstall --debug' returned non-zero exit status 1*
> *Removing Kerberos service principals from /etc/krb5.keytab*
> *Disabling client Kerberos and LDAP configurations*
> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted*
> *nscd daemon is not installed, skip configuration*
> *nslcd daemon is not installed, skip configuration*
> *Client uninstall complete.*
> 
> *2015-03-25T06:40:10Z INFO   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
> 614, in run_script*
> *return_value = main_function()*
> 
> *  File "/usr/sbin/ipa-server-install", line 1103, in main*
> *sys.exit("Configuration of client side components
> failed!\nipa-client-install returned: " + str(e))*
> 
> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
> exception: SystemExit: Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> ' returned non-zero exit status 1*
> 
> **
> 
> 
> This server is on AWS and I can confirm that all above ports are opened.
> Also as it is installing on same server where IPA Server is being
> installed, Port should not be an issue.
> 
> Am I missing anything here. 

Please also share ipaclient-install.log, it should show what is the exact
problem in the client component installation.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

I have tried on multiple Platform. Setup the nisdomain and it is resolving,
though it is getting the same error.

Any help would be helpful.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 3:42 PM, Yogesh Sharma  wrote:

> Any suggestion Please.
>
>
>
>
> *Best Regards,__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
> *
>
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] 
>
>
> On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma  wrote:
>
>> While restarting using ipactl . It is stopping. Any suggestion.
>>
>> [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop
>> Starting dirsrv:
>> PKI-IPA... [  OK  ]
>> SD-INT...  [  OK  ]
>> Stopping CA Service
>> pki-tomcatd: unrecognized service
>> Failed to stop CA Service
>> Stopping HTTP Service
>> Stopping httpd:[FAILED]
>> Stopping MEMCACHE Service
>> Stopping KPASSWD Service
>> Stopping Kerberos 5 Admin Server:  [FAILED]
>> Stopping KDC Service
>> Stopping Kerberos 5 KDC:   [FAILED]
>> Stopping Directory Service
>> Shutting down dirsrv:
>> PKI-IPA... [  OK  ]
>> SD-INT...  [  OK  ]
>> [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start
>> Starting Directory Service
>> Starting dirsrv:
>> PKI-IPA... [  OK  ]
>> SD-INT...  [  OK  ]
>> Starting KDC Service
>> Starting Kerberos 5 KDC:   [  OK  ]
>> Starting KPASSWD Service
>> Starting Kerberos 5 Admin Server:  [  OK  ]
>> Starting MEMCACHE Service
>> Starting ipa_memcached:[  OK  ]
>> Starting HTTP Service
>> Starting httpd:[  OK  ]
>> Starting CA Service
>> pki-tomcatd: unrecognized service
>> Failed to start CA Service
>> *Shutting down*
>> *Stopping Kerberos 5 KDC:   [  OK  ]*
>> *Stopping Kerberos 5 Admin Server:  [  OK  ]*
>> *Stopping ipa_memcached:[  OK  ]*
>> *Stopping httpd:[  OK  ]*
>> *pki-tomcatd: unrecognized service*
>> *Shutting down dirsrv: *
>> *PKI-IPA... [  OK  ]*
>> *SD-INT...  [  OK  ]*
>> *Aborting ipactl*
>> [root@ldap-inf-stg-sg1-01 ys7673]
>>
>>
>>
>>
>> *Best Regards,__*
>>
>> *Yogesh Sharma*
>> *Email: yks0...@gmail.com  | Web: www.initd.in
>> *
>>
>> RHCE, VCE-CIA, RackSpace Cloud U
>> [image: My LinkedIn Profile] 
>>
>>
>> On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma 
>> wrote:
>>
>>> I have checked , there is no default.conf. Please suggest.
>>>
>>> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/
>>> total 8.0K
>>> drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html
>>> -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt
>>>
>>> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/
>>> total 28K
>>> -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html
>>> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html
>>> -rw-r--r-- 1 root root  521 Oct 16 15:03 ipa_error.css
>>> -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js
>>> -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js
>>> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html
>>> [root@ldap-inf-stg-sg1-01 ipa]#
>>>
>>>
>>>
>>>
>>>
>>> *Best Regards,__*
>>>
>>> *Yogesh Sharma*
>>> *Email: yks0...@gmail.com  | Web: www.initd.in
>>> *
>>>
>>> RHCE, VCE-CIA, RackSpace Cloud U
>>> [image: My LinkedIn Profile] 
>>>
>>>
>>> On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma 
>>> wrote:
>>>
 Hi,

 We are getting below error while we are installing IPA Server
 (ipa-server-install --no-ntp).


 *Configuration of client side components failed!*
 *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
 --on-master --unattended --domain sd.int  --server
 ldap-inf-stg-sg1-01.sd.int  --realm
 SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
 ' returned non-zero exit status 1*

 Logs indicate be

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

Any suggestion Please.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 1:20 PM, Yogesh Sharma  wrote:

> While restarting using ipactl . It is stopping. Any suggestion.
>
> [root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop
> Starting dirsrv:
> PKI-IPA... [  OK  ]
> SD-INT...  [  OK  ]
> Stopping CA Service
> pki-tomcatd: unrecognized service
> Failed to stop CA Service
> Stopping HTTP Service
> Stopping httpd:[FAILED]
> Stopping MEMCACHE Service
> Stopping KPASSWD Service
> Stopping Kerberos 5 Admin Server:  [FAILED]
> Stopping KDC Service
> Stopping Kerberos 5 KDC:   [FAILED]
> Stopping Directory Service
> Shutting down dirsrv:
> PKI-IPA... [  OK  ]
> SD-INT...  [  OK  ]
> [root@ldap-inf-stg-sg1-01 ys7673]# ipactl start
> Starting Directory Service
> Starting dirsrv:
> PKI-IPA... [  OK  ]
> SD-INT...  [  OK  ]
> Starting KDC Service
> Starting Kerberos 5 KDC:   [  OK  ]
> Starting KPASSWD Service
> Starting Kerberos 5 Admin Server:  [  OK  ]
> Starting MEMCACHE Service
> Starting ipa_memcached:[  OK  ]
> Starting HTTP Service
> Starting httpd:[  OK  ]
> Starting CA Service
> pki-tomcatd: unrecognized service
> Failed to start CA Service
> *Shutting down*
> *Stopping Kerberos 5 KDC:   [  OK  ]*
> *Stopping Kerberos 5 Admin Server:  [  OK  ]*
> *Stopping ipa_memcached:[  OK  ]*
> *Stopping httpd:[  OK  ]*
> *pki-tomcatd: unrecognized service*
> *Shutting down dirsrv: *
> *PKI-IPA... [  OK  ]*
> *SD-INT...  [  OK  ]*
> *Aborting ipactl*
> [root@ldap-inf-stg-sg1-01 ys7673]
>
>
>
>
> *Best Regards,__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
> *
>
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] 
>
>
> On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma  wrote:
>
>> I have checked , there is no default.conf. Please suggest.
>>
>> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/
>> total 8.0K
>> drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html
>> -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt
>>
>> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/
>> total 28K
>> -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html
>> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html
>> -rw-r--r-- 1 root root  521 Oct 16 15:03 ipa_error.css
>> -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js
>> -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js
>> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html
>> [root@ldap-inf-stg-sg1-01 ipa]#
>>
>>
>>
>>
>>
>> *Best Regards,__*
>>
>> *Yogesh Sharma*
>> *Email: yks0...@gmail.com  | Web: www.initd.in
>> *
>>
>> RHCE, VCE-CIA, RackSpace Cloud U
>> [image: My LinkedIn Profile] 
>>
>>
>> On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma 
>> wrote:
>>
>>> Hi,
>>>
>>> We are getting below error while we are installing IPA Server
>>> (ipa-server-install --no-ntp).
>>>
>>>
>>> *Configuration of client side components failed!*
>>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>>> --on-master --unattended --domain sd.int  --server
>>> ldap-inf-stg-sg1-01.sd.int  --realm
>>> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
>>> ' returned non-zero exit status 1*
>>>
>>> Logs indicate below errors:
>>>
>>> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
>>> ldap-inf-stg-sg1-01.sd.int  -ZZ -x -D
>>> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
>>> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
>>> *2015-03-25T06:39:59Z DEBUG stdout=*
>>> *2015-03-25T06:39:59Z DEBUG stderr=*
>>> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
>>> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install
>>> --on-master --unattended --domain sd.int  --server
>>> ldap-inf-stg-sg1-01.sd.int

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

While restarting using ipactl . It is stopping. Any suggestion.

[root@ldap-inf-stg-sg1-01 ys7673]# ipactl stop
Starting dirsrv:
PKI-IPA... [  OK  ]
SD-INT...  [  OK  ]
Stopping CA Service
pki-tomcatd: unrecognized service
Failed to stop CA Service
Stopping HTTP Service
Stopping httpd:[FAILED]
Stopping MEMCACHE Service
Stopping KPASSWD Service
Stopping Kerberos 5 Admin Server:  [FAILED]
Stopping KDC Service
Stopping Kerberos 5 KDC:   [FAILED]
Stopping Directory Service
Shutting down dirsrv:
PKI-IPA... [  OK  ]
SD-INT...  [  OK  ]
[root@ldap-inf-stg-sg1-01 ys7673]# ipactl start
Starting Directory Service
Starting dirsrv:
PKI-IPA... [  OK  ]
SD-INT...  [  OK  ]
Starting KDC Service
Starting Kerberos 5 KDC:   [  OK  ]
Starting KPASSWD Service
Starting Kerberos 5 Admin Server:  [  OK  ]
Starting MEMCACHE Service
Starting ipa_memcached:[  OK  ]
Starting HTTP Service
Starting httpd:[  OK  ]
Starting CA Service
pki-tomcatd: unrecognized service
Failed to start CA Service
*Shutting down*
*Stopping Kerberos 5 KDC:   [  OK  ]*
*Stopping Kerberos 5 Admin Server:  [  OK  ]*
*Stopping ipa_memcached:[  OK  ]*
*Stopping httpd:[  OK  ]*
*pki-tomcatd: unrecognized service*
*Shutting down dirsrv: *
*PKI-IPA... [  OK  ]*
*SD-INT...  [  OK  ]*
*Aborting ipactl*
[root@ldap-inf-stg-sg1-01 ys7673]

*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 

On Wed, Mar 25, 2015 at 12:29 PM, Yogesh Sharma  wrote:

> I have checked , there is no default.conf. Please suggest.
>
> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/
> total 8.0K
> drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html
> -r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt
>
> [root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/
> total 28K
> -rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html
> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html
> -rw-r--r-- 1 root root  521 Oct 16 15:03 ipa_error.css
> -rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js
> -rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js
> -rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html
> [root@ldap-inf-stg-sg1-01 ipa]#
>
>
>
>
>
> *Best Regards,__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
> *
>
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] 
>
>
> On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma  wrote:
>
>> Hi,
>>
>> We are getting below error while we are installing IPA Server
>> (ipa-server-install --no-ntp).
>>
>>
>> *Configuration of client side components failed!*
>> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>> --on-master --unattended --domain sd.int  --server
>> ldap-inf-stg-sg1-01.sd.int  --realm
>> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
>> ' returned non-zero exit status 1*
>>
>> Logs indicate below errors:
>>
>> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
>> ldap-inf-stg-sg1-01.sd.int  -ZZ -x -D
>> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
>> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
>> *2015-03-25T06:39:59Z DEBUG stdout=*
>> *2015-03-25T06:39:59Z DEBUG stderr=*
>> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
>> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
>> --unattended --domain sd.int  --server
>> ldap-inf-stg-sg1-01.sd.int  --realm
>> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
>> *
>> *2015-03-25T06:40:10Z DEBUG stdout=*
>> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
>> ldap-inf-stg-sg1-01.sd.int  is an IPA
>> Server.*
>> *This may mean that the remote server is not up or is not reachable due
>> to network or firewall settings.*
>> *Please make sure the following ports are opened in the firewall

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-25 Thread Yogesh Sharma

I have checked , there is no default.conf. Please suggest.

[root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/
total 8.0K
drwxr-xr-x 2 root root 4.0K Mar 24 13:29 html
-r--r--r-- 1 root root 1.3K Mar 25 06:36 ca.crt

[root@ldap-inf-stg-sg1-01 ipa]# ls -lrth /etc/ipa/html/
total 28K
-rw-r--r-- 1 root root 1.4K Oct 16 15:03 unauthorized.html
-rw-r--r-- 1 root root 3.9K Oct 16 15:03 ssbrowser.html
-rw-r--r-- 1 root root  521 Oct 16 15:03 ipa_error.css
-rw-r--r-- 1 root root 4.5K Oct 16 15:03 ffconfig_page.js
-rw-r--r-- 1 root root 2.9K Oct 16 15:03 ffconfig.js
-rw-r--r-- 1 root root 3.9K Oct 16 15:03 browserconfig.html
[root@ldap-inf-stg-sg1-01 ipa]#





*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Wed, Mar 25, 2015 at 12:16 PM, Yogesh Sharma  wrote:

> Hi,
>
> We are getting below error while we are installing IPA Server
> (ipa-server-install --no-ntp).
>
>
> *Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> ' returned non-zero exit status 1*
>
> Logs indicate below errors:
>
> *2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
> ldap-inf-stg-sg1-01.sd.int  -ZZ -x -D
> cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
> uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
> *2015-03-25T06:39:59Z DEBUG stdout=*
> *2015-03-25T06:39:59Z DEBUG stderr=*
> *2015-03-25T06:39:59Z DEBUG ldappasswd done*
> *2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
> --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> *
> *2015-03-25T06:40:10Z DEBUG stdout=*
> *2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
> ldap-inf-stg-sg1-01.sd.int  is an IPA
> Server.*
> *This may mean that the remote server is not up or is not reachable due to
> network or firewall settings.*
> *Please make sure the following ports are opened in the firewall settings:*
> * TCP: 80, 88, 389*
> * UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
> *Also note that following ports are necessary for ipa-client working
> properly after enrollment:*
> * TCP: 464*
> * UDP: 464, 123 (if NTP enabled)*
> *Installation failed. Rolling back changes.*
> *Unconfigured automount client failed: Command 'ipa-client-automount
> --uninstall --debug' returned non-zero exit status 1*
> *Removing Kerberos service principals from /etc/krb5.keytab*
> *Disabling client Kerberos and LDAP configurations*
> *Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted*
> *nscd daemon is not installed, skip configuration*
> *nslcd daemon is not installed, skip configuration*
> *Client uninstall complete.*
>
> *2015-03-25T06:40:10Z INFO   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
> 614, in run_script*
> *return_value = main_function()*
>
> *  File "/usr/sbin/ipa-server-install", line 1103, in main*
> *sys.exit("Configuration of client side components
> failed!\nipa-client-install returned: " + str(e))*
>
> *2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
> exception: SystemExit: Configuration of client side components failed!*
> *ipa-client-install returned: Command '/usr/sbin/ipa-client-install
> --on-master --unattended --domain sd.int  --server
> ldap-inf-stg-sg1-01.sd.int  --realm
> SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
> ' returned non-zero exit status 1*
>
>
>
> This server is on AWS and I can confirm that all above ports are opened.
> Also as it is installing on same server where IPA Server is being
> installed, Port should not be an issue.
>
> Am I missing anything here.
>
>
>
>
> *Best Regards,__*
>
> *Yogesh Sharma*
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Configuration of client side components failed! on IPA Server

2015-03-24 Thread Yogesh Sharma

Hi,

We are getting below error while we are installing IPA Server
(ipa-server-install --no-ntp).


**
*Configuration of client side components failed!*
*ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain sd.int  --server
ldap-inf-stg-sg1-01.sd.int  --realm
SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
' returned non-zero exit status 1*

**Logs indicate below errors:

*2015-03-25T06:39:59Z DEBUG args=/usr/bin/ldappasswd -h
ldap-inf-stg-sg1-01.sd.int  -ZZ -x -D
cn=Directory Manager -y /var/lib/ipa/tmpiI0qCS -T /var/lib/ipa/tmp0iYpzn
uid=admin,cn=users,cn=accounts,dc=sd,dc=int*
*2015-03-25T06:39:59Z DEBUG stdout=*
*2015-03-25T06:39:59Z DEBUG stderr=*
*2015-03-25T06:39:59Z DEBUG ldappasswd done*
*2015-03-25T06:40:10Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain sd.int  --server
ldap-inf-stg-sg1-01.sd.int  --realm
SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
*
*2015-03-25T06:40:10Z DEBUG stdout=*
*2015-03-25T06:40:10Z DEBUG stderr=Failed to verify that
ldap-inf-stg-sg1-01.sd.int  is an IPA
Server.*
*This may mean that the remote server is not up or is not reachable due to
network or firewall settings.*
*Please make sure the following ports are opened in the firewall settings:*
* TCP: 80, 88, 389*
* UDP: 88 (at least one of TCP/UDP ports 88 has to be open)*
*Also note that following ports are necessary for ipa-client working
properly after enrollment:*
* TCP: 464*
* UDP: 464, 123 (if NTP enabled)*
*Installation failed. Rolling back changes.*
*Unconfigured automount client failed: Command 'ipa-client-automount
--uninstall --debug' returned non-zero exit status 1*
*Removing Kerberos service principals from /etc/krb5.keytab*
*Disabling client Kerberos and LDAP configurations*
*Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted*
*nscd daemon is not installed, skip configuration*
*nslcd daemon is not installed, skip configuration*
*Client uninstall complete.*

*2015-03-25T06:40:10Z INFO   File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
614, in run_script*
*return_value = main_function()*

*  File "/usr/sbin/ipa-server-install", line 1103, in main*
*sys.exit("Configuration of client side components
failed!\nipa-client-install returned: " + str(e))*

*2015-03-25T06:40:10Z INFO The ipa-server-install command failed,
exception: SystemExit: Configuration of client side components failed!*
*ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain sd.int  --server
ldap-inf-stg-sg1-01.sd.int  --realm
SD.INT  --hostname ldap-inf-stg-sg1-01.sd.int
' returned non-zero exit status 1*

**


This server is on AWS and I can confirm that all above ports are opened.
Also as it is installing on same server where IPA Server is being
installed, Port should not be an issue.

Am I missing anything here. 




*Best Regards,__*

*Yogesh Sharma*
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

Re: [Freeipa-users] Configuration of client side components failed! on IPA Server

[Freeipa-users] Configuration of client side components failed! on IPA Server

12 matches

Site Navigation

Mail list logo

Footer information