I am trying to add another client in my main location and getting the following information:[user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net --realm=stl1.example.net --mkhomedir --enable-dns-updatesSkip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA serverSkip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA serverSkip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA serverSkip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA serverProvide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information[user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net --realm=example.net --mkhomedir --enable-dns-updatesSkip infra-test-ipa.example.net: cannot verify if this is an IPA serverSkip infra-test-ipa2.example.net: cannot verify if this is an IPA serverSkip freeipa03.east.example.net: cannot verify if this is an IPA serverSkip freeipa01.east.example.net: cannot verify if this is an IPA serverProvide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information[user@freeipa01 ~]$ I have checked my /etc/resolv.conf and made sure that they are pointed at the current local FreeIPA nameservers/resolvers. Here is the output /var/log/ipaclient-install.log [user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False}2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos2018-03-06T20:29:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'2018-03-06T20:29:32Z DEBUG Starting external process2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled2018-03-06T20:29:32Z DEBUG Process finished, return code=12018-03-06T20:29:32Z DEBUG stdout=2018-03-06T20:29:32Z DEBUG stderr=2018-03-06T20:29:32Z DEBUG Starting external process2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service2018-03-06T20:29:32Z DEBUG Process finished, return code=12018-03-06T20:29:32Z DEBUG stdout=disabled 2018-03-06T20:29:32Z DEBUG stderr=2018-03-06T20:29:32Z DEBUG Starting external process2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service2018-03-06T20:29:32Z DEBUG Process finished, return code=32018-03-06T20:29:32Z DEBUG stdout=unknown 2018-03-06T20:29:32Z DEBUG stderr=2018-03-06T20:29:37Z DEBUG [IPA Discovery]2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG [Kerberos realm search]2018-03-06T20:29:37Z DEBUG Kerberos realm forced2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG [LDAP server check]2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is an IPA server2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:3892018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389':2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is an IPA server2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:3892018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None2018-03-06T20:29:37Z DEBUG Validated servers:2018-03-06T20:29:37Z DEBUG No LDAP server found2018-03-06T20:29:37Z DEBUG [IPA Discovery]2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG [Kerberos realm search]2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of _kerberos.stl1.example.net2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net.2018-03-06T20:29:37Z DEBUG [LDAP server check]2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:3892018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389':2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:3892018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None2018-03-06T20:29:37Z DEBUG Validated servers:2018-03-06T20:29:37Z DEBUG IPA Server not found2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server2018-03-06T20:29:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3619, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2158, in install_check allow_empty=False) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 901, in user_input ret = input("%s: " % prompt) 2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, exception: KeyboardInterrupt:2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information[user@freeipa01 ~]$ I did have a realm for stl1.example.net but removed that and the DNS zone. I have other servers that are freeipa01.$location.exmaple.net that joined just fine. Am I doing something wrong?
Andrew Meyer via FreeIPA-users wrote:
I am trying to add another client in my main location and getting the following information: [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net --realm=stl1.example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net --realm=example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net: cannot verify if this is an IPA server Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server Skip freeipa03.east.example.net: cannot verify if this is an IPA server Skip freeipa01.east.example.net: cannot verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I have checked my /etc/resolv.conf and made sure that they are pointed at the current local FreeIPA nameservers/resolvers.
Here is the output /var/log/ipaclient-install.log
[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} 2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos 2018-03-06T20:29:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout= 2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout=disabled
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=3 2018-03-06T20:29:32Z DEBUG stdout=unknown
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Kerberos realm forced 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG No LDAP server found 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of _kerberos.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET" 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG IPA Server not found 2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server 2018-03-06T20:29:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3619, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2158, in install_check allow_empty=False) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 901, in user_input ret = input("%s: " % prompt)
2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, exception: KeyboardInterrupt: 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I did have a realm for stl1.example.net but removed that and the DNS zone. I have other servers that are freeipa01.$location.exmaple.net that joined just fine.
Am I doing something wrong?
Those SRV records must be cached in DNS somewhere if you've deleted the zone. The client is finding them using DNS discovery.
rob
On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
I am trying to add another client in my main location and getting the following information: [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net --realm=stl1.example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net --realm=example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net: cannot verify if this is an IPA server Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server Skip freeipa03.east.example.net: cannot verify if this is an IPA server Skip freeipa01.east.example.net: cannot verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I have checked my /etc/resolv.conf and made sure that they are pointed at the current local FreeIPA nameservers/resolvers.
Here is the output /var/log/ipaclient-install.log
[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} 2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos 2018-03-06T20:29:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout= 2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout=disabled
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=3 2018-03-06T20:29:32Z DEBUG stdout=unknown
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Kerberos realm forced 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG No LDAP server found 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of _kerberos.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET" 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG IPA Server not found 2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server 2018-03-06T20:29:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3619, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2158, in install_check allow_empty=False) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 901, in user_input ret = input("%s: " % prompt)
2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, exception: KeyboardInterrupt: 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I did have a realm for stl1.example.net but removed that and the DNS zone. I have other servers that are freeipa01.$location.exmaple.net that joined just fine.
Am I doing something wrong?
Hi Andrew,
first of all, the realm is usually in uppercase. If you are not sure of the realm and domain that you need to provide to the client installer, you can check the values in the file /etc/ipa/default.conf that is stored in the IPA master.
In your case, the client installer is unable to access the ldap servers (port 389), did you check that your firewall is not blocking this port? You can find the list of required ports [1] in Linux Domain Identity, Authentication, and Policy Guide.
HTH, Flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Florence,Thanks yeah I was able to telnet to port 389. It was the TTL of the DNS records. It finally flushed and worked. Cheers!
On Tuesday, March 6, 2018 3:34 PM, Florence Blanc-Renaud via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
I am trying to add another client in my main location and getting the following information: [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net --realm=stl1.example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net --realm=example.net --mkhomedir --enable-dns-updates Skip infra-test-ipa.example.net: cannot verify if this is an IPA server Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server Skip freeipa03.east.example.net: cannot verify if this is an IPA server Skip freeipa01.east.example.net: cannot verify if this is an IPA server Provide your IPA server name (ex: ipa.example.com): ^CThe ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I have checked my /etc/resolv.conf and made sure that they are pointed at the current local FreeIPA nameservers/resolvers.
Here is the output /var/log/ipaclient-install.log
[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log 2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'stl1.example.net', 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} 2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos 2018-03-06T20:29:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout= 2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=1 2018-03-06T20:29:32Z DEBUG stdout=disabled
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:32Z DEBUG Starting external process 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service 2018-03-06T20:29:32Z DEBUG Process finished, return code=3 2018-03-06T20:29:32Z DEBUG stdout=unknown
2018-03-06T20:29:32Z DEBUG stderr= 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Kerberos realm forced 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG No LDAP server found 2018-03-06T20:29:37Z DEBUG [IPA Discovery] 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _ldap._tcp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [Kerberos realm search] 2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of _kerberos.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET" 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of _kerberos._udp.stl1.example.net 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88 infra-test-ipa2.example.net.stl1.example.net. 2018-03-06T20:29:37Z DEBUG [LDAP server check] 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Verifying that infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is an IPA server 2018-03-06T20:29:37Z DEBUG Init LDAP connection to: ldap://infra-test-ipa2.example.net.stl1.example.net:389 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to 'ldap://infra-test-ipa2.example.net.stl1.example.net:389': 2018-03-06T20:29:37Z WARNING Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not responding, unable to verify if this is an IPA server 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER; server=None, domain=stl1.example.net, kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net, basedn=None 2018-03-06T20:29:37Z DEBUG Validated servers: 2018-03-06T20:29:37Z DEBUG IPA Server not found 2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server 2018-03-06T20:29:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3619, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2158, in install_check allow_empty=False) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 901, in user_input ret = input("%s: " % prompt)
2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed, exception: KeyboardInterrupt: 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information [user@freeipa01 ~]$
I did have a realm for stl1.example.net but removed that and the DNS zone. I have other servers that are freeipa01.$location.exmaple.net that joined just fine.
Am I doing something wrong?
Hi Andrew,
first of all, the realm is usually in uppercase. If you are not sure of the realm and domain that you need to provide to the client installer, you can check the values in the file /etc/ipa/default.conf that is stored in the IPA master.
In your case, the client installer is unable to access the ldap servers (port 389), did you check that your firewall is not blocking this port? You can find the list of required ports [1] in Linux Domain Identity, Authentication, and Policy Guide.
HTH, Flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Andrew Meyer -
Florence Blanc-Renaud -
Rob Crittenden