Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem: ipa-client-install displays the below message during installation.
Unable to find 'admin' user with 'getent passwd admin'!
Unable to reliably detect configuration. Check NSS setup manually.
Version-Release number of selected component (if applicable):
ipa-server-4.4.0-8.el7.x86_64
ipa-client-4.4.0-8.el7.x86_64
sssd-1.14.0-27.el7.x86_64
How reproducible: Always
Steps to Reproduce:
1. Install ipa-server
#ipa-server-install --no-dnssec-validation --setup-dns -n REDLABS.QE -p <password> -a <password> -r REDLABS.QE --hostname=ipaserver.redlabs.qe --ip-address=<IP-address>
2. Install ipa-client
3. Check the message displayed on the console.
Actual results: On the client machine the below message is displayed.
[root@client ~]# ipa-client-install
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd
Discovery was successful!
Client hostname: client.redlabs.qe
Realm: REDLABS.QE
DNS Domain: redlabs.qe
IPA Server: ipaserver.redlabs.qe
BaseDN: dc=redlabs,dc=qe
Continue to configure the system with these values? [no]: yes
Skipping synchronizing time with NTP server.
User authorized to enroll computers: admin
Password for admin:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=REDLABS.QE
Issuer: CN=Certificate Authority,O=REDLABS.QE
Valid From: Mon Aug 22 08:44:21 2016 UTC
Valid Until: Fri Aug 22 08:44:21 2036 UTC
Enrolled in IPA realm REDLABS.QE
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm REDLABS.QE
trying https://ipaserver.redlabs.qe/ipa/json
Forwarding 'ping' to json server 'https://ipaserver.redlabs.qe/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://ipaserver.redlabs.qe/ipa/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://ipaserver.redlabs.qe/ipa/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring redlabs.qe as NIS domain.
Client configuration complete.
[root@client ~]# systemctl status sssd.service
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: failed (Result: exit-code) since Mon 2016-08-22 14:39:41 IST; 1min 2s ago
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Starting System Security Services Daemon...
Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service: control process exited, code=exited status=3
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Failed to start System Security Services Daemon.
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Unit sssd.service entered failed state.
Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service failed.
===sssd.conf configuration====
[root@client ~]# cat /etc/sssd/sssd.conf
[domain/redlabs.qe]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = redlabs.qe
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client.redlabs.qe
chpass_provider = ipa
ipa_server = _srv_, ipaserver.redlabs.qe
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains = shadowutils, redlabs.qe
[nss]
[pam]
[domain/shadowutils]
id_provider = proxy
proxy_lib_name = files
auth_provider = proxy
proxy_pam_target = sssd-shadowutils
proxy_fast_alias = True
[ssh]
[sudo]
[root@client ~]# rpm -qf /etc/sssd/sssd.conf
sssd-common-1.14.0-27.el7.x86_64
Expected results: The above messages should be fixed along with the configuration file for sssd service, enabling it to start.
Additional info: sssd service fails to start on ipa-client
Description of problem: ipa-client-install displays the below message during installation. Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Version-Release number of selected component (if applicable): ipa-server-4.4.0-8.el7.x86_64 ipa-client-4.4.0-8.el7.x86_64 sssd-1.14.0-27.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server #ipa-server-install --no-dnssec-validation --setup-dns -n REDLABS.QE -p <password> -a <password> -r REDLABS.QE --hostname=ipaserver.redlabs.qe --ip-address=<IP-address> 2. Install ipa-client 3. Check the message displayed on the console. Actual results: On the client machine the below message is displayed. [root@client ~]# ipa-client-install WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Discovery was successful! Client hostname: client.redlabs.qe Realm: REDLABS.QE DNS Domain: redlabs.qe IPA Server: ipaserver.redlabs.qe BaseDN: dc=redlabs,dc=qe Continue to configure the system with these values? [no]: yes Skipping synchronizing time with NTP server. User authorized to enroll computers: admin Password for admin: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=REDLABS.QE Issuer: CN=Certificate Authority,O=REDLABS.QE Valid From: Mon Aug 22 08:44:21 2016 UTC Valid Until: Fri Aug 22 08:44:21 2036 UTC Enrolled in IPA realm REDLABS.QE Created /etc/ipa/default.conf Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm REDLABS.QE trying https://ipaserver.redlabs.qe/ipa/json Forwarding 'ping' to json server 'https://ipaserver.redlabs.qe/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://ipaserver.redlabs.qe/ipa/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipaserver.redlabs.qe/ipa/json' SSSD enabled SSSD service restart was unsuccessful. Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring redlabs.qe as NIS domain. Client configuration complete. [root@client ~]# systemctl status sssd.service ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: failed (Result: exit-code) since Mon 2016-08-22 14:39:41 IST; 1min 2s ago Aug 22 14:39:41 client.redlabs.qe systemd[1]: Starting System Security Services Daemon... Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service: control process exited, code=exited status=3 Aug 22 14:39:41 client.redlabs.qe systemd[1]: Failed to start System Security Services Daemon. Aug 22 14:39:41 client.redlabs.qe systemd[1]: Unit sssd.service entered failed state. Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service failed. ===sssd.conf configuration==== [root@client ~]# cat /etc/sssd/sssd.conf [domain/redlabs.qe] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = redlabs.qe id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = client.redlabs.qe chpass_provider = ipa ipa_server = _srv_, ipaserver.redlabs.qe ldap_tls_cacert = /etc/ipa/ca.crt [sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = shadowutils, redlabs.qe [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True [ssh] [sudo] [root@client ~]# rpm -qf /etc/sssd/sssd.conf sssd-common-1.14.0-27.el7.x86_64 Expected results: The above messages should be fixed along with the configuration file for sssd service, enabling it to start. Additional info: sssd service fails to start on ipa-client