freeipa

Clone
Source Code
GIT

#3316 ipa server install failing when realm differs from domain
Closed: Fixed None Opened 11 years ago by dpal.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=889583 (Red Hat Enterprise Linux 6)

Description of problem:

I'm trying to setup IPA with testrelm.com for domain and RALEIGHREALM for the
realm.

The ipa-client-install portion of the ipa-server-install is failing.

[root@rhel6-1 install-server-cli]# ipa-server-install --setup-dns
--forwarder=192.168.122.1  -r RALEIGHREALM -p Secret123 -P Secret123 -a
Secret123 -U

...normal output skipped here...

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master
--unattended --domain testrelm.com --server rhel6-1.testrelm.com --realm
RALEIGHREALM --hostname rhel6-1.testrelm.com' returned non-zero exit status 1


Version-Release number of selected component (if applicable):

ipa-server-3.0.0-17.el6.x86_64


How reproducible:
always


Steps to Reproduce:
1.  run ipa-server-install as above
2.
3.

Actual results:
failure on ipa client install portion.


Expected results:
works?


Additional info:

From ipaserver-install.log:

2012-12-21T18:59:30Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain testrelm.com --server rhel6-1.testrelm.com --realm
RALEIGHREALM --hostname rhel6-1.testrelm.com
2012-12-21T18:59:30Z DEBUG stdout=ESC[?1034h
2012-12-21T18:59:30Z DEBUG stderr=Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 2325, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 2311, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1676, in install
    ret = ds.search(domain=options.domain, server=options.server,
hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file))
  File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line 212,
in search
    krb_realm, kdc = self.ipadnssearchkrb(self.domain)
  File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line 434,
in ipadnssearchkrb
    kdc = ','.join(kdc)
TypeError

2012-12-21T18:59:30Z INFO   File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614,
in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1103, in main
    sys.exit("Configuration of client side components
failed!\nipa-client-install returned: " + str(e))

2012-12-21T18:59:30Z INFO The ipa-server-install command failed, exception:
SystemExit: Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master
--unattended --domain testrelm.com --server rhel6-1.testrelm.com --realm
RALEIGHREALM --hostname rhel6-1.testrelm.com' returned non-zero exit status 1


From ipaclient-install.log:
2012-12-21T18:59:29Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'testrelm.com', 'force': False, 'krb5_offline_passwords':
True, 'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd':
True, 'on_master': True, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server':
None, 'principal': None, 'hostname': 'rhel6-1.testrelm.com', 'no_ac': False,
'unattended': True, 'sssd': True, 'trust_sshfp': False, 'dns_updates': False,
'realm_name': 'RALEIGHREALM', 'conf_ssh': True, 'server':
['rhel6-1.testrelm.com'], 'prompt_password': False, 'permit': False, 'debug':
False, 'preserve_sssd': False, 'uninstall': False}
2012-12-21T18:59:29Z DEBUG missing options might be asked for interactively
later
2012-12-21T18:59:29Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2012-12-21T18:59:29Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2012-12-21T18:59:29Z DEBUG [IPA Discovery]
2012-12-21T18:59:29Z DEBUG Starting IPA discovery with domain=testrelm.com,
server=['rhel6-1.testrelm.com'], hostname=rhel6-1.testrelm.com
2012-12-21T18:59:29Z DEBUG Server and domain forced
2012-12-21T18:59:29Z DEBUG [Kerberos realm search]
2012-12-21T18:59:29Z DEBUG Search DNS for TXT record of _kerberos.testrelm.com.
2012-12-21T18:59:29Z DEBUG DNS record found: DNSResult::name:_kerberos.testrelm
.com.,type:16,class:1,rdata={data:RALEIGHREALM}
2012-12-21T18:59:29Z DEBUG Search DNS for SRV record of
_kerberos._udp.raleighrealm.
2012-12-21T18:59:30Z DEBUG No DNS record found
2012-12-21T18:59:30Z DEBUG SRV record for KDC not found! Realm: RALEIGHREALM,
SRV record: _kerberos.testrelm.com.

Patch freeipa-mkosek-345-kerberos-srv-record-crash.patch sent for review

master: cbb12c7[[BR]]
ipa-3-1: b6c81f2[[BR]]
ipa-3-0: 5e831f1

Metadata Update from @dpal:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.0.2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=889583, https://bugzilla.redhat.com/show_bug.cgi?id=893163
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.