On 03/21/2014 07:44 PM, Shree wrote:
Hi
Attaching the install log. It complains about unable to reach certain
ports, however my tests by using telnet were successful. Also to
refresh your memory the client should be reaching for the replica
lda2.mydomain.com and not ldap.mydomain.com which it does for the most
part but I found a couple of instances of ldap.mydomain.com in the
log. Let me know what you find. I can't believe I migrated over 40
servers and only this one refuses to install ipa-client.
If it is getting to the wrong server then it is either looking at the
wrong DNS server (see resolve.conf) which is telling it to use the wrong
IPA server (may be from some old try/POC) or it has some explicit
entries entered in /etc/hosts.
Shreeraj
----------------------------------------------------------------------------------------
Change is the only Constant !
On Thursday, March 20, 2014 4:29 AM, Martin Kosek <[email protected]>
wrote:
On 03/19/2014 10:37 PM, Shree wrote:
> Hello
> I was able to successfully move all my clients to the replica except
on the process I had to upgrade the client to
"ipa-client-3.0.0-37.el6.x86_64" and some times run a --uninstall
>
> . Bit it works for the most part. Have been struggling with one last
host with errors like below. I have tested the port connectivity using
telnet and netcat commands but the install thinks these ports are
blocked?
>
>
>
>
> kerberos authentication failed
> kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting
initial credentials
>
> Please make sure the following ports are opened in the firewall
settings:
> TCP: 80, 88, 389
> UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> Also note that following ports are necessary for ipa-client working
properly after enrollment:
> TCP: 464
> UDP: 464, 123 (if NTP enabled)
> Installation failed. Rolling back changes.
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
> Restoring client configuration files
> Client uninstall complete.
> [root@www <mailto:root@www> /]#
>
> In the /var/log/ipaclient-install.log I also see things like below.
I get Autodiscovery failures but I am manually entering things and
they have been working.
>
> 2014-03-19T21:13:47Z DEBUG Found:
cn=MYDOMAIN.COM,cn=kerberos,dc=mydomain,dc=com
> 2014-03-19T21:13:47Z DEBUG Discovery result: Success;
server=ldap2.mydomain.com, domain=mydomain.com, kdc=ldap.mydomain.com,
basedn=dc=mydomain,dc=com
> 2014-03-19T21:13:47Z DEBUG Validated servers: ldap2.mydomain.com
> 2014-03-19T21:13:47Z WARNING The failure to use DNS to find your IPA
server indicates that your resolv.conf file is not properly configured.
> 2014-03-19T21:13:47Z INFO Autodiscovery of servers for failover
cannot work with this configuration.
> 2014-03-19T21:13:47Z INFO If you proceed with the installation,
services will be configured to always access the discovered server for
all operations and will not fail over to other servers in case of failure.
Ok. I would guess you have some DNS issue. But it is hard to tell
without the
entire ipaclient-install.log of the failed installation.
Martin
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
