Florence,Thanks yeah I was able to telnet to port 389. It was the TTL of the DNS
records. It finally flushed and worked.
Cheers!
On Tuesday, March 6, 2018 3:34 PM, Florence Blanc-Renaud via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
On 06/03/2018 21:39, Andrew Meyer via FreeIPA-users wrote:
I am trying to add another client in my main location and getting the
following information:
[user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net
--realm=stl1.example.net --mkhomedir --enable-dns-updates
Skip
infra-test-ipa.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
Skip
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
Skip
infra-test-ipa.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
Skip
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
Provide your IPA server name (ex:
ipa.example.com): ^CThe
ipa-client-install command failed. See /var/log/ipaclient-install.log
for more information
[user@freeipa01 ipa]$
[user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net
--realm=example.net --mkhomedir --enable-dns-updates
Skip
infra-test-ipa.example.net: cannot verify if this is an IPA server
Skip
infra-test-ipa2.example.net: cannot verify if this is an IPA server
Skip
freeipa03.east.example.net: cannot verify if this is an IPA server
Skip
freeipa01.east.example.net: cannot verify if this is an IPA server
Provide your IPA server name (ex:
ipa.example.com): ^CThe
ipa-client-install command failed. See /var/log/ipaclient-install.log
for more information
[user@freeipa01 ~]$
I have checked my /etc/resolv.conf and made sure that they are pointed
at the current local FreeIPA nameservers/resolvers.
Here is the output /var/log/ipaclient-install.log
[user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log
2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments
[] and options: {'no_dns_sshfp': False, 'force': False,
'verbose':
False, 'ip_addresses': None, 'configure_firefox': False,
'realm_name':
'stl1.example.net', 'force_ntpd': False, 'on_master': False,
'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None,
'keytab': None, 'no_ntp': False, 'domain_name':
'stl1.example.net',
'request_cert': False, 'fixed_primary': False, 'no_ac': False,
'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses':
False,
'kinit_attempts': None, 'ntp_servers': None,
'enable_dns_updates': True,
'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords':
False,
'servers': None, 'no_ssh': False, 'force_join': False,
'firefox_dir':
None, 'unattended': False, 'quiet': False, 'nisdomain': None,
'prompt_password': False, 'host_name': None, 'permit': False,
'automount_location': None, 'preserve_sssd': False, 'mkhomedir':
True,
'log_file': None, 'uninstall': False}
2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos
2018-03-06T20:29:32Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=1
2018-03-06T20:29:32Z DEBUG stdout=disabled
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:32Z DEBUG Starting external process
2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service
2018-03-06T20:29:32Z DEBUG Process finished, return code=3
2018-03-06T20:29:32Z DEBUG stdout=unknown
2018-03-06T20:29:32Z DEBUG stderr=
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with
domain=stl1.example.net, servers=None,
hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in
stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
_ldap._tcp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Kerberos realm forced
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
_kerberos._udp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that
infra-test-ipa.example.net.stl1.example.net (realm
stl1.example.net) is
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
ldap://infra-test-ipa.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
'ldap://infra-test-ipa.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip
infra-test-ipa.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Verifying that
infra-test-ipa2.example.net.stl1.example.net (realm
stl1.example.net) is
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
ldap://infra-test-ipa2.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER;
server=None,
domain=stl1.example.net,
kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.n...,
basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG No LDAP server found
2018-03-06T20:29:37Z DEBUG [IPA Discovery]
2018-03-06T20:29:37Z DEBUG Starting IPA discovery with
domain=stl1.example.net, servers=None,
hostname=freeipa01.stl1.example.net
2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in
stl1.example.net
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
_ldap._tcp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of
_kerberos.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"
2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
_kerberos._udp.stl1.example.net
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
infra-test-ipa.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
infra-test-ipa2.example.net.stl1.example.net.
2018-03-06T20:29:37Z DEBUG [LDAP server check]
2018-03-06T20:29:37Z DEBUG Verifying that
infra-test-ipa.example.net.stl1.example.net (realm
GATEWAYBLEND.NET) is
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
ldap://infra-test-ipa.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
'ldap://infra-test-ipa.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip
infra-test-ipa.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Verifying that
infra-test-ipa2.example.net.stl1.example.net (realm
GATEWAYBLEND.NET) is
an IPA server
2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
ldap://infra-test-ipa2.example.net.stl1.example.net:389
2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
2018-03-06T20:29:37Z WARNING Skip
infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
responding, unable to verify if this is an IPA server
2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER;
server=None,
domain=stl1.example.net,
kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.n...,
basedn=None
2018-03-06T20:29:37Z DEBUG Validated servers:
2018-03-06T20:29:37Z DEBUG IPA Server not found
2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server
2018-03-06T20:29:44Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 366, in run
self.validate()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 375, in validate
for _nothing in self._validator():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 458, in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 636, in _configure
next(validator)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 458, in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for _nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
line 3619, in main
install_check(self)
File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
line 2158, in install_check
allow_empty=False)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
901, in user_input
ret = input("%s: " % prompt)
2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed,
exception: KeyboardInterrupt:
2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
[user@freeipa01 ~]$
I did have a realm for
stl1.example.net but removed that and the DNS
zone. I have other servers that are
freeipa01.$location.exmaple.net
that joined just fine.
Am I doing something wrong?
Hi Andrew,
first of all, the realm is usually in uppercase. If you are not sure of
the realm and domain that you need to provide to the client installer,
you can check the values in the file /etc/ipa/default.conf that is
stored in the IPA master.
In your case, the client installer is unable to access the ldap servers
(port 389), did you check that your firewall is not blocking this port?
You can find the list of required ports [1] in Linux Domain Identity,
Authentication, and Policy Guide.
HTH,
Flo
[1]
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org