freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00202
[Bug 1282818] Re: 14.04 freeipa ipa-client-install fails
please attach logs next time..
** Changed in: freeipa (Ubuntu)
Assignee: (unassigned) => Timo Aaltonen (tjaalton)
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1282818
Title:
14.04 freeipa ipa-client-install fails
Status in “freeipa” package in Ubuntu:
New
Bug description:
Running ipa-client-install --mkhomedir --enable-dns-updates -d
--force-join ran as previous install had partially failed on install
and rollback. Had to manually delete some files to get installer to
run again, --uninstall option did not work.
--------------------------------------------------------------------------------------------------------------------------------
This sections seems to be the main point of failure:
failed to find session_cookie in persistent storage for principal 'host/1404t430.domain.name@xxxxxxxxxx'
trying https://ipa2.domain.name/ipa/xml
Connection to https://ipa2.domain.name/ipa/xml failed with argument 2 must be string or None, not int
trying https://ipa1.domain.name/ipa/xml
Connection to https://ipa1.domain.name/ipa/xml failed with argument 2 must be string or None, not int
Cannot connect to the server due to generic error: cannot connect to 'Gettext('any of the configured servers', domain='ipa', localedir=None)': https://ipa2.domain.name/ipa/xml, https://ipa1.domain.name/ipa/xml
Installation failed. Rolling back changes.
--------------------------------------------------------------------------------------------------------------------------------
Full debug:
root@1404t430:/var/log/sssd# ipa-client-install --mkhomedir --enable-dns-updates -d --force-join
/usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
missing options might be asked for interactively later
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
IPA client is already configured on this system.
If you want to reinstall the IPA client, uninstall it first using 'ipa-client-install --uninstall'.
root@1404t430:/var/log/sssd# rm /var/lib/ipa-client/sysrestore/sysrestore.index
root@1404t430:/var/log/sssd# rm /etc/ipa/default.conf
root@1404t430:/var/log/sssd# rm /etc/ipa/ca.crt
root@1404t430:/var/log/sssd# ipa-client-install --mkhomedir --enable-dns-updates -d --force-join
/usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
missing options might be asked for interactively later
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd
[IPA Discovery]
Starting IPA discovery with domain=None, servers=None, hostname=1404t430.domain.name
Start searching for LDAP SRV record in "domain.name" (domain of the hostname) and its sub-domains
Search DNS for SRV record of _ldap._tcp.domain.name
DNS record found: 0 100 389 ipa2.domain.name.
DNS record found: 0 100 389 ipa1.domain.name.
[Kerberos realm search]
Search DNS for TXT record of _kerberos.domain.name
DNS record found: "REALM.NAME"
Search DNS for SRV record of _kerberos._udp.domain.name
DNS record found: 0 100 88 ipa1.domain.name.
DNS record found: 0 100 88 ipa2.domain.name.
[LDAP server check]
Verifying that ipa2.domain.name (realm REALM.NAME) is an IPA server
Init LDAP connection to: ipa2.domain.name
Search LDAP server for IPA base DN
Check if naming context 'dc=domain,dc=name' is for IPA
Naming context 'dc=domain,dc=name' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=domain,dc=name (sub)
Found: cn=REALM.NAME,cn=kerberos,dc=domain,dc=name
Discovery result: Success; server=ipa2.domain.name, domain=domain.name, kdc=ipa1.domain.name,ipa2.domain.name, basedn=dc=domain,dc=name
Validated servers: ipa2.domain.name
will use discovered domain: domain.name
Start searching for LDAP SRV record in "domain.name" (Validating DNS Discovery) and its sub-domains
Search DNS for SRV record of _ldap._tcp.domain.name
DNS record found: 0 100 389 ipa1.domain.name.
DNS record found: 0 100 389 ipa2.domain.name.
DNS validated, enabling discovery
will use discovered server: ipa2.domain.name
Discovery was successful!
will use discovered realm: REALM.NAME
will use discovered basedn: dc=domain,dc=name
Hostname: 1404t430.domain.name
Hostname source: Machine's FQDN
Realm: REALM.NAME
Realm source: Discovered from LDAP DNS records in ipa2.domain.name
DNS Domain: domain.name
DNS Domain source: Discovered LDAP SRV records from domain.name (domain of the hostname)
IPA Server: ipa2.domain.name
IPA Server source: Discovered from LDAP DNS records in ipa2.domain.name
BaseDN: dc=domain,dc=name
BaseDN source: From IPA server ldap://ipa2.domain.name:389
Continue to configure the system with these values? [no]: yes
Starting external process
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r REALM.NAME
Process finished, return code=5
stdout=
stderr=realm not found
User authorized to enroll computers: admin
will use principal provided as option: admin
Synchronizing time with KDC...
Search DNS for SRV record of _ntp._udp.domain.name
DNS record found: 0 100 123 ipa2.domain.name.
DNS record found: 0 100 123 ipa1.domain.name.
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Starting external process
args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
Process finished, return code=1
stdout=
stderr=
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Starting external process
args=keyctl get_persistent @s 0
Process finished, return code=2
stdout=
stderr=Unknown command
Writing Kerberos configuration to /tmp/tmpu5JHPH:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = REALM.NAME
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
REALM.NAME = {
kdc = ipa2.domain.name:88
master_kdc = ipa2.domain.name:88
admin_server = ipa2.domain.name:749
default_domain = domain.name
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.domain.name = REALM.NAME
domain.name = REALM.NAME
Password for admin@xxxxxxxxxx:
Starting external process
args=kinit admin@xxxxxxxxxx
Process finished, return code=0
stdout=Password for admin@xxxxxxxxxx:
stderr=
trying to retrieve CA cert via LDAP from ipa2.domain.name
flushing ldap://ipa2.domain.name:389 from SchemaCache
retrieving schema for SchemaCache url=ldap://ipa2.domain.name:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x221d3b0>
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=REALM.NAME
Issuer: CN=Certificate Authority,O=REALM.NAME
Valid From: Sun Feb 09 22:14:23 2014 UTC
Valid Until: Thu Feb 09 22:14:23 2034 UTC
Starting external process
args=/usr/sbin/ipa-join -s ipa2.domain.name -b dc=domain,dc=name -h 1404t430.domain.name -d -f
Process finished, return code=0
stdout=
stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>1404t430.domain.name</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>3.13.0-8-generic</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
XML-RPC RESPONSE:
<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=1404t430.domain.name,cn=computers,cn=accounts,dc=domain,dc=name</string></value>\n
<value><struct>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=1404t430.domain.name,cn=computers,cn=accounts,dc=domain,dc=name</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=REALM.NAME</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAIKjQZTaG9zdC8xNDA0dDQzMC5taW9saW51eC5jb3JwQE1JT0xJTlVYLkNPUlAA\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>1404t430.domain.name</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaobject</string></value>\n
<value><string>nshost</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>ieee802device</string></value>\n
<value><string>ipasshhost</string></value>\n
<value><string>top</string></value>\n
<value><string>ipaSshGroupOfPubKeys</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krblastpwdchange</name>\n
<value><array><data>\n
<value><string>20140220231730Z</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbokasdelegate</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>1404t430.domain.name</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>1404t430.domain.name</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krblastsuccessfulauth</name>\n
<value><array><data>\n
<value><string>20140220230505Z</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
<member>\n
<name>has_password</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>ec1c5fc4-9a71-11e3-b0f9-001a4a99e683</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/1404t430.domain.name@xxxxxxxxxx</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>1404t430.domain.name</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>1404t430</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>admin</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbrequirespreauth</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=REALM.NAME
Enrolled in IPA realm REALM.NAME
Starting external process
args=kdestroy
Process finished, return code=0
stdout=
stderr=
Starting external process
args=/usr/bin/kinit -k -t /etc/krb5.keytab host/1404t430.domain.name@xxxxxxxxxx
Process finished, return code=0
stdout=
stderr=
Backing up system configuration file '/etc/ipa/default.conf'
-> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
Starting external process
args=klist -V
Process finished, return code=0
stdout=Kerberos 5 version 1.12
stderr=
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
Backing up system configuration file '/etc/sssd/sssd.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Domain domain.name is already configured in existing SSSD config, creating a new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
Starting external process
args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
Process finished, return code=0
stdout=
stderr=
Backing up system configuration file '/etc/krb5.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Starting external process
args=keyctl get_persistent @s 0
Process finished, return code=2
stdout=
stderr=Unknown command
Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = REALM.NAME
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
REALM.NAME = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.domain.name = REALM.NAME
domain.name = REALM.NAME
Configured /etc/krb5.conf for IPA realm REALM.NAME
Starting external process
args=keyctl search @s user ipa_session_cookie:host/1404t430.domain.name@xxxxxxxxxx
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
Starting external process
args=keyctl search @s user ipa_session_cookie:host/1404t430.domain.name@xxxxxxxxxx
Process finished, return code=1
stdout=
stderr=keyctl_search: Required key not available
failed to find session_cookie in persistent storage for principal 'host/1404t430.domain.name@xxxxxxxxxx'
trying https://ipa2.domain.name/ipa/xml
Connection to https://ipa2.domain.name/ipa/xml failed with argument 2 must be string or None, not int
trying https://ipa1.domain.name/ipa/xml
Connection to https://ipa1.domain.name/ipa/xml failed with argument 2 must be string or None, not int
Cannot connect to the server due to generic error: cannot connect to 'Gettext('any of the configured servers', domain='ipa', localedir=None)': https://ipa2.domain.name/ipa/xml, https://ipa1.domain.name/ipa/xml
Installation failed. Rolling back changes.
Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
Starting external process
args=ipa-client-automount --uninstall --debug
Process finished, return code=0
stdout=Restoring configuration
stderr=importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
Starting external process
args=klist -V
Process finished, return code=0
stdout=Kerberos 5 version 1.12
stderr=
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
Starting external process
args=/usr/bin/certutil -L -d /etc/pki/nssdb -n IPA CA
Process finished, return code=0
stdout=Certificate:
Data:
<-----REMOVED------>
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Trusted Client CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA
stderr=
Starting external process
args=/usr/bin/certutil -D -d /etc/pki/nssdb -n IPA CA
Process finished, return code=0
stdout=
stderr=
Starting external process
args=/usr/sbin/service dbus status
Process finished, return code=0
stdout=dbus start/running, process 527
stderr=
Starting external process
args=/usr/sbin/service certmonger start
Process finished, return code=1
stdout=
stderr=start: Job is already running: certmonger
certmonger failed to start: Command '/usr/sbin/service certmonger start ' returned non-zero exit status 1
Starting external process
args=/usr/bin/certutil -L -d /etc/pki/nssdb -n IPA Machine Certificate - 1404t430.domain.name
Process finished, return code=255
stdout=
stderr=certutil: Could not find cert: IPA Machine Certificate - 1404t430.domain.name
: PR_FILE_NOT_FOUND_ERROR: File not found
Starting external process
args=/usr/sbin/service certmonger stop
Process finished, return code=0
stdout=certmonger stop/waiting
stderr=
certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
Unenrolling client from IPA server
Starting external process
args=/usr/sbin/ipa-join --unenroll -h 1404t430.domain.name -d
Process finished, return code=21
stdout=
stderr=Error getting default Kerberos realm: Configuration file does not specify default realm.
Unenrolling host failed: Error getting default Kerberos realm:
Configuration file does not specify default realm.
Removing Kerberos service principals from /etc/krb5.keytab
Starting external process
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r REALM.NAME
Process finished, return code=0
stdout=
stderr=Removing principal host/1404t430.domain.name@xxxxxxxxxx
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration: global name 'ipautil' is not defined
root@1404t430:/var/log/sssd#
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1282818/+subscriptions
References
