[Freeipa-users] Re: new client setup

6 Mar 2018


      On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
...
I am trying to add another client in my main location and getting the 
following information:
[user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net 
--realm=stl1.example.net --mkhomedir --enable-dns-updates
Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
Provide your IPA server name (ex: ipa.example.com): ^CThe 
ipa-client-install command failed. See /var/log/ipaclient-install.log 
for more information
[user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net 
--realm=example.net --mkhomedir --enable-dns-updates
Skip infra-test-ipa.example.net: cannot verify if this is an IPA server
Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server
Skip freeipa03.east.example.net: cannot verify if this is an IPA server
Skip freeipa01.east.example.net: cannot verify if this is an IPA server
Provide your IPA server name (ex: ipa.example.com): ^CThe 
ipa-client-install command failed. See /var/log/ipaclient-install.log 
for more information
[user@freeipa01 ~]$
I have checked my /etc/resolv.conf and made sure that they are pointed 
at the current local FreeIPA nameservers/resolvers.
Here is the output /var/log/ipaclient-install.log
[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments 
[] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': 
False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 
'stl1.example.net', 'force_ntpd': False, 'on_master': False, 
'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 
'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 
'request_cert': False, 'fixed_primary': False, 'no_ac': False, 
'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 
'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 
'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 
'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': 
None, 'unattended': False, 'quiet': False, 'nisdomain': None, 
'prompt_password': False, 'host_name': None, 'permit': False, 
'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 
'log_file': None, 'uninstall': False}
2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos
2018-03-06T20:29:32Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=disabled
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=3
2018-03-06T20:29:32Z DEBUG stdout=unknown
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with 
domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
_ldap._tcp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Kerberos realm forced
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
_kerberos._udp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that 
infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is 
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
ldap://infra-test-ipa.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
'ldap://infra-test-ipa.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip 
infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Verifying that 
infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is 
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
ldap://infra-test-ipa2.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip 
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; 
server=None, domain=stl1.example.net, 
kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, 
basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG No LDAP server found
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with 
domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
_ldap._tcp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of 
_kerberos.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of 
_kerberos._udp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that 
infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is 
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
ldap://infra-test-ipa.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
'ldap://infra-test-ipa.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip 
infra-test-ipa.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Verifying that 
infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is 
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to: 
ldap://infra-test-ipa2.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 
'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip 
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not 
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; 
server=None, domain=stl1.example.net, 
kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, 
basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG IPA Server not found
2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server
2018-03-06T20:29:44Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in 
execute
     return_value = self.run()
   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", 
line 333, in run
     cfgr.run()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 366, in run
     self.validate()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 375, in validate
     for _nothing in self._validator():
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 434, in __runner
     exc_handler(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 458, in _handle_validate_exception
     self._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 453, in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 424, in __runner
     step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 421, in <lambda>
     step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 81, in run_generator_with_yield_from
     six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 59, in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 636, in _configure
     next(validator)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 434, in __runner
     exc_handler(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 458, in _handle_validate_exception
     self._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 521, in _handle_exception
     self.__parent._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 453, in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 518, in _handle_exception
     super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 453, in _handle_exception
     six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 424, in __runner
     step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 421, in <lambda>
     step = lambda: next(self.__gen)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 81, in run_generator_with_yield_from
     six.reraise(*exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 59, in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", 
line 63, in _install
     for _nothing in self._installer(self.parent):
   File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", 
line 3619, in main
     install_check(self)
   File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", 
line 2158, in install_check
     allow_empty=False)
   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 
901, in user_input
     ret = input("%s: " % prompt)
2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, 
exception: KeyboardInterrupt:
2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See 
/var/log/ipaclient-install.log for more information
[user@freeipa01 ~]$
I did have a realm for stl1.example.net but removed that and the DNS 
zone.  I have other servers that are freeipa01.$location.exmaple.net 
that joined just fine.
Am I doing something wrong?
Hi Andrew,
first of all, the realm is usually in uppercase. If you are not sure of 
the realm and domain that you need to provide to the client installer, 
you can check the values in the file /etc/ipa/default.conf that is 
stored in the IPA master.
In your case, the client installer is unable to access the ldap servers 
(port 389), did you check that your firewall is not blocking this port? 
You can find the list of required ports [1] in Linux Domain Identity, 
Authentication, and Policy Guide.
HTH,
Flo
[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
...

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org

2025

2024

2023

2022

2021

2020

2019

2018

2017

[Freeipa-users] Re: new client setup