freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00203
[Bug 1282818] Re: 14.04 freeipa ipa-client-install fails
ok I've reproduced this.. fixed a couple of smaller issues but the xml-
rpc error remains
** Description changed:
Running ipa-client-install --mkhomedir --enable-dns-updates -d --force-
join ran as previous install had partially failed on install and
rollback. Had to manually delete some files to get installer to run
again, --uninstall option did not work.
- --------------------------------------------------------------------------------------------------------------------------------
+ -----------------------------------------------------------------------------------
This sections seems to be the main point of failure:
failed to find session_cookie in persistent storage for principal 'host/1404t430.domain.name@xxxxxxxxxx'
trying https://ipa2.domain.name/ipa/xml
Connection to https://ipa2.domain.name/ipa/xml failed with argument 2 must be string or None, not int
trying https://ipa1.domain.name/ipa/xml
Connection to https://ipa1.domain.name/ipa/xml failed with argument 2 must be string or None, not int
Cannot connect to the server due to generic error: cannot connect to 'Gettext('any of the configured servers', domain='ipa', localedir=None)': https://ipa2.domain.name/ipa/xml, https://ipa1.domain.name/ipa/xml
Installation failed. Rolling back changes.
-
- --------------------------------------------------------------------------------------------------------------------------------
-
- Full debug:
-
- root@1404t430:/var/log/sssd# ipa-client-install --mkhomedir --enable-dns-updates -d --force-join
- /usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
- missing options might be asked for interactively later
- Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
- Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
- IPA client is already configured on this system.
- If you want to reinstall the IPA client, uninstall it first using 'ipa-client-install --uninstall'.
- root@1404t430:/var/log/sssd# rm /var/lib/ipa-client/sysrestore/sysrestore.index
- root@1404t430:/var/log/sssd# rm /etc/ipa/default.conf
- root@1404t430:/var/log/sssd# rm /etc/ipa/ca.crt
-
-
- root@1404t430:/var/log/sssd# ipa-client-install --mkhomedir --enable-dns-updates -d --force-join
- /usr/sbin/ipa-client-install was invoked with options: {'domain': None, 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': None, 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'ntp_server': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': None, 'no_ac': False, 'unattended': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'force_join': True, 'server': None, 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False}
- missing options might be asked for interactively later
- Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
- Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
- WARNING: ntpd time&date synchronization service will not be configured as
- conflicting service (chronyd) is enabled
- Use --force-ntpd option to disable it and force configuration of ntpd
-
- [IPA Discovery]
- Starting IPA discovery with domain=None, servers=None, hostname=1404t430.domain.name
- Start searching for LDAP SRV record in "domain.name" (domain of the hostname) and its sub-domains
- Search DNS for SRV record of _ldap._tcp.domain.name
- DNS record found: 0 100 389 ipa2.domain.name.
- DNS record found: 0 100 389 ipa1.domain.name.
- [Kerberos realm search]
- Search DNS for TXT record of _kerberos.domain.name
- DNS record found: "REALM.NAME"
- Search DNS for SRV record of _kerberos._udp.domain.name
- DNS record found: 0 100 88 ipa1.domain.name.
- DNS record found: 0 100 88 ipa2.domain.name.
- [LDAP server check]
- Verifying that ipa2.domain.name (realm REALM.NAME) is an IPA server
- Init LDAP connection to: ipa2.domain.name
- Search LDAP server for IPA base DN
- Check if naming context 'dc=domain,dc=name' is for IPA
- Naming context 'dc=domain,dc=name' is a valid IPA context
- Search for (objectClass=krbRealmContainer) in dc=domain,dc=name (sub)
- Found: cn=REALM.NAME,cn=kerberos,dc=domain,dc=name
- Discovery result: Success; server=ipa2.domain.name, domain=domain.name, kdc=ipa1.domain.name,ipa2.domain.name, basedn=dc=domain,dc=name
- Validated servers: ipa2.domain.name
- will use discovered domain: domain.name
- Start searching for LDAP SRV record in "domain.name" (Validating DNS Discovery) and its sub-domains
- Search DNS for SRV record of _ldap._tcp.domain.name
- DNS record found: 0 100 389 ipa1.domain.name.
- DNS record found: 0 100 389 ipa2.domain.name.
- DNS validated, enabling discovery
- will use discovered server: ipa2.domain.name
- Discovery was successful!
- will use discovered realm: REALM.NAME
- will use discovered basedn: dc=domain,dc=name
- Hostname: 1404t430.domain.name
- Hostname source: Machine's FQDN
- Realm: REALM.NAME
- Realm source: Discovered from LDAP DNS records in ipa2.domain.name
- DNS Domain: domain.name
- DNS Domain source: Discovered LDAP SRV records from domain.name (domain of the hostname)
- IPA Server: ipa2.domain.name
- IPA Server source: Discovered from LDAP DNS records in ipa2.domain.name
- BaseDN: dc=domain,dc=name
- BaseDN source: From IPA server ldap://ipa2.domain.name:389
-
- Continue to configure the system with these values? [no]: yes
- Starting external process
- args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r REALM.NAME
- Process finished, return code=5
- stdout=
- stderr=realm not found
-
- User authorized to enroll computers: admin
- will use principal provided as option: admin
- Synchronizing time with KDC...
- Search DNS for SRV record of _ntp._udp.domain.name
- DNS record found: 0 100 123 ipa2.domain.name.
- DNS record found: 0 100 123 ipa1.domain.name.
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa1.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/ntpdate -s -b -v ipa2.domain.name
- Process finished, return code=1
- stdout=
- stderr=
- Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
- Starting external process
- args=keyctl get_persistent @s 0
- Process finished, return code=2
- stdout=
- stderr=Unknown command
-
- Writing Kerberos configuration to /tmp/tmpu5JHPH:
- #File modified by ipa-client-install
-
- includedir /var/lib/sss/pubconf/krb5.include.d/
-
- [libdefaults]
- default_realm = REALM.NAME
- dns_lookup_realm = false
- dns_lookup_kdc = false
- rdns = false
- ticket_lifetime = 24h
- forwardable = yes
-
- [realms]
- REALM.NAME = {
- kdc = ipa2.domain.name:88
- master_kdc = ipa2.domain.name:88
- admin_server = ipa2.domain.name:749
- default_domain = domain.name
- pkinit_anchors = FILE:/etc/ipa/ca.crt
- }
-
- [domain_realm]
- .domain.name = REALM.NAME
- domain.name = REALM.NAME
-
- Password for admin@xxxxxxxxxx:
- Starting external process
- args=kinit admin@xxxxxxxxxx
- Process finished, return code=0
- stdout=Password for admin@xxxxxxxxxx:
-
- stderr=
- trying to retrieve CA cert via LDAP from ipa2.domain.name
- flushing ldap://ipa2.domain.name:389 from SchemaCache
- retrieving schema for SchemaCache url=ldap://ipa2.domain.name:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x221d3b0>
- Successfully retrieved CA cert
- Subject: CN=Certificate Authority,O=REALM.NAME
- Issuer: CN=Certificate Authority,O=REALM.NAME
- Valid From: Sun Feb 09 22:14:23 2014 UTC
- Valid Until: Thu Feb 09 22:14:23 2034 UTC
-
- Starting external process
- args=/usr/sbin/ipa-join -s ipa2.domain.name -b dc=domain,dc=name -h 1404t430.domain.name -d -f
- Process finished, return code=0
- stdout=
- stderr=XML-RPC CALL:
-
- <?xml version="1.0" encoding="UTF-8"?>\r\n
- <methodCall>\r\n
- <methodName>join</methodName>\r\n
- <params>\r\n
- <param><value><array><data>\r\n
- <value><string>1404t430.domain.name</string></value>\r\n
- </data></array></value></param>\r\n
- <param><value><struct>\r\n
- <member><name>nsosversion</name>\r\n
- <value><string>3.13.0-8-generic</string></value></member>\r\n
- <member><name>nshardwareplatform</name>\r\n
- <value><string>x86_64</string></value></member>\r\n
- </struct></value></param>\r\n
- </params>\r\n
- </methodCall>\r\n
-
- XML-RPC RESPONSE:
-
- <?xml version='1.0' encoding='UTF-8'?>\n
- <methodResponse>\n
- <params>\n
- <param>\n
- <value><array><data>\n
- <value><string>fqdn=1404t430.domain.name,cn=computers,cn=accounts,dc=domain,dc=name</string></value>\n
- <value><struct>\n
- <member>\n
- <name>dn</name>\n
- <value><string>fqdn=1404t430.domain.name,cn=computers,cn=accounts,dc=domain,dc=name</string></value>\n
- </member>\n
- <member>\n
- <name>ipacertificatesubjectbase</name>\n
- <value><array><data>\n
- <value><string>O=REALM.NAME</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>krbextradata</name>\n
- <value><array><data>\n
- <value><base64>\n
- AAIKjQZTaG9zdC8xNDA0dDQzMC5taW9saW51eC5jb3JwQE1JT0xJTlVYLkNPUlAA\n
- </base64></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>cn</name>\n
- <value><array><data>\n
- <value><string>1404t430.domain.name</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>objectclass</name>\n
- <value><array><data>\n
- <value><string>ipaobject</string></value>\n
- <value><string>nshost</string></value>\n
- <value><string>ipahost</string></value>\n
- <value><string>pkiuser</string></value>\n
- <value><string>ipaservice</string></value>\n
- <value><string>krbprincipalaux</string></value>\n
- <value><string>krbprincipal</string></value>\n
- <value><string>ieee802device</string></value>\n
- <value><string>ipasshhost</string></value>\n
- <value><string>top</string></value>\n
- <value><string>ipaSshGroupOfPubKeys</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>krblastpwdchange</name>\n
- <value><array><data>\n
- <value><string>20140220231730Z</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>ipakrbokasdelegate</name>\n
- <value><boolean>0</boolean></value>\n
- </member>\n
- <member>\n
- <name>fqdn</name>\n
- <value><array><data>\n
- <value><string>1404t430.domain.name</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>managing_host</name>\n
- <value><array><data>\n
- <value><string>1404t430.domain.name</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>krblastsuccessfulauth</name>\n
- <value><array><data>\n
- <value><string>20140220230505Z</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>has_keytab</name>\n
- <value><boolean>1</boolean></value>\n
- </member>\n
- <member>\n
- <name>has_password</name>\n
- <value><boolean>0</boolean></value>\n
- </member>\n
- <member>\n
- <name>ipauniqueid</name>\n
- <value><array><data>\n
- <value><string>ec1c5fc4-9a71-11e3-b0f9-001a4a99e683</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>krbprincipalname</name>\n
- <value><array><data>\n
- <value><string>host/1404t430.domain.name@xxxxxxxxxx</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>managedby_host</name>\n
- <value><array><data>\n
- <value><string>1404t430.domain.name</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>serverhostname</name>\n
- <value><array><data>\n
- <value><string>1404t430</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>enrolledby_user</name>\n
- <value><array><data>\n
- <value><string>admin</string></value>\n
- </data></array></value>\n
- </member>\n
- <member>\n
- <name>ipakrbrequirespreauth</name>\n
- <value><boolean>1</boolean></value>\n
- </member>\n
- </struct></value>\n
- </data></array></value>\n
- </param>\n
- </params>\n
- </methodResponse>\n
-
- Keytab successfully retrieved and stored in: /etc/krb5.keytab
- Certificate subject base is: O=REALM.NAME
-
- Enrolled in IPA realm REALM.NAME
- Starting external process
- args=kdestroy
- Process finished, return code=0
- stdout=
- stderr=
- Starting external process
- args=/usr/bin/kinit -k -t /etc/krb5.keytab host/1404t430.domain.name@xxxxxxxxxx
- Process finished, return code=0
- stdout=
- stderr=
- Backing up system configuration file '/etc/ipa/default.conf'
- -> Not backing up - '/etc/ipa/default.conf' doesn't exist
- Created /etc/ipa/default.conf
- importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
- Starting external process
- args=klist -V
- Process finished, return code=0
- stdout=Kerberos 5 version 1.12
-
- stderr=
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
- Backing up system configuration file '/etc/sssd/sssd.conf'
- Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
- Domain domain.name is already configured in existing SSSD config, creating a new one.
- The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
- Configured /etc/sssd/sssd.conf
- Starting external process
- args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
- Process finished, return code=0
- stdout=
- stderr=
- Backing up system configuration file '/etc/krb5.conf'
- Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
- Starting external process
- args=keyctl get_persistent @s 0
- Process finished, return code=2
- stdout=
- stderr=Unknown command
-
- Writing Kerberos configuration to /etc/krb5.conf:
- #File modified by ipa-client-install
-
- includedir /var/lib/sss/pubconf/krb5.include.d/
-
- [libdefaults]
- default_realm = REALM.NAME
- dns_lookup_realm = true
- dns_lookup_kdc = true
- rdns = false
- ticket_lifetime = 24h
- forwardable = yes
-
- [realms]
- REALM.NAME = {
- pkinit_anchors = FILE:/etc/ipa/ca.crt
- }
-
- [domain_realm]
- .domain.name = REALM.NAME
- domain.name = REALM.NAME
-
- Configured /etc/krb5.conf for IPA realm REALM.NAME
- Starting external process
- args=keyctl search @s user ipa_session_cookie:host/1404t430.domain.name@xxxxxxxxxx
- Process finished, return code=1
- stdout=
- stderr=keyctl_search: Required key not available
-
- Starting external process
- args=keyctl search @s user ipa_session_cookie:host/1404t430.domain.name@xxxxxxxxxx
- Process finished, return code=1
- stdout=
- stderr=keyctl_search: Required key not available
-
- failed to find session_cookie in persistent storage for principal 'host/1404t430.domain.name@xxxxxxxxxx'
- trying https://ipa2.domain.name/ipa/xml
- Connection to https://ipa2.domain.name/ipa/xml failed with argument 2 must be string or None, not int
- trying https://ipa1.domain.name/ipa/xml
- Connection to https://ipa1.domain.name/ipa/xml failed with argument 2 must be string or None, not int
- Cannot connect to the server due to generic error: cannot connect to 'Gettext('any of the configured servers', domain='ipa', localedir=None)': https://ipa2.domain.name/ipa/xml, https://ipa1.domain.name/ipa/xml
- Installation failed. Rolling back changes.
- Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- Starting external process
- args=ipa-client-automount --uninstall --debug
- Process finished, return code=0
- stdout=Restoring configuration
-
- stderr=importing all plugin modules in '/usr/lib/python2.7/dist-packages/ipalib/plugins'...
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/aci.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automember.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/automount.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/baseldap.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/batch.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/cert.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/config.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/delegation.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/dns.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/group.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacrule.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvc.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbacsvcgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hbactest.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/host.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/hostgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/idrange.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/internal.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/kerberos.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/krbtpolicy.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/migration.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/misc.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/netgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/passwd.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/permission.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/ping.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pkinit.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/privilege.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/pwpolicy.py'
- Starting external process
- args=klist -V
- Process finished, return code=0
- stdout=Kerberos 5 version 1.12
-
- stderr=
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/realmdomains.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/role.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selfservice.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/selinuxusermap.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/service.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmd.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudocmdgroup.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/sudorule.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/trust.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/user.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/virtual.py'
- importing plugin module '/usr/lib/python2.7/dist-packages/ipalib/plugins/xmlclient.py'
-
- Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
- Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
- Starting external process
- args=/usr/bin/certutil -L -d /etc/pki/nssdb -n IPA CA
- Process finished, return code=0
- stdout=Certificate:
- Data:
- <-----REMOVED------>
-
- Certificate Trust Flags:
- SSL Flags:
- Valid CA
- Trusted CA
- Trusted Client CA
- Email Flags:
- Valid CA
- Trusted CA
- Object Signing Flags:
- Valid CA
- Trusted CA
-
-
- stderr=
- Starting external process
- args=/usr/bin/certutil -D -d /etc/pki/nssdb -n IPA CA
- Process finished, return code=0
- stdout=
- stderr=
- Starting external process
- args=/usr/sbin/service dbus status
- Process finished, return code=0
- stdout=dbus start/running, process 527
-
- stderr=
- Starting external process
- args=/usr/sbin/service certmonger start
- Process finished, return code=1
- stdout=
- stderr=start: Job is already running: certmonger
-
- certmonger failed to start: Command '/usr/sbin/service certmonger start ' returned non-zero exit status 1
- Starting external process
- args=/usr/bin/certutil -L -d /etc/pki/nssdb -n IPA Machine Certificate - 1404t430.domain.name
- Process finished, return code=255
- stdout=
- stderr=certutil: Could not find cert: IPA Machine Certificate - 1404t430.domain.name
- : PR_FILE_NOT_FOUND_ERROR: File not found
-
- Starting external process
- args=/usr/sbin/service certmonger stop
- Process finished, return code=0
- stdout=certmonger stop/waiting
-
- stderr=
- certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
- Unenrolling client from IPA server
- Starting external process
- args=/usr/sbin/ipa-join --unenroll -h 1404t430.domain.name -d
- Process finished, return code=21
- stdout=
- stderr=Error getting default Kerberos realm: Configuration file does not specify default realm.
-
- Unenrolling host failed: Error getting default Kerberos realm:
- Configuration file does not specify default realm.
-
- Removing Kerberos service principals from /etc/krb5.keytab
- Starting external process
- args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r REALM.NAME
- Process finished, return code=0
- stdout=
- stderr=Removing principal host/1404t430.domain.name@xxxxxxxxxx
-
- Disabling client Kerberos and LDAP configurations
- Failed to remove krb5/LDAP configuration: global name 'ipautil' is not defined
- root@1404t430:/var/log/sssd#
** Changed in: freeipa (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1282818
Title:
14.04 freeipa ipa-client-install fails
Status in “freeipa” package in Ubuntu:
Triaged
Bug description:
Running ipa-client-install --mkhomedir --enable-dns-updates -d
--force-join ran as previous install had partially failed on install
and rollback. Had to manually delete some files to get installer to
run again, --uninstall option did not work.
-----------------------------------------------------------------------------------
This sections seems to be the main point of failure:
failed to find session_cookie in persistent storage for principal 'host/1404t430.domain.name@xxxxxxxxxx'
trying https://ipa2.domain.name/ipa/xml
Connection to https://ipa2.domain.name/ipa/xml failed with argument 2 must be string or None, not int
trying https://ipa1.domain.name/ipa/xml
Connection to https://ipa1.domain.name/ipa/xml failed with argument 2 must be string or None, not int
Cannot connect to the server due to generic error: cannot connect to 'Gettext('any of the configured servers', domain='ipa', localedir=None)': https://ipa2.domain.name/ipa/xml, https://ipa1.domain.name/ipa/xml
Installation failed. Rolling back changes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1282818/+subscriptions
References
