| Summary: | ipa-client-install: Unable to reliably detect configuration. Check NSS setup manually | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED DUPLICATE | QA Contact: | Kaleem <ksiddiqu> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | pvoborni, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-22 09:24:39 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
*** This bug has been marked as a duplicate of bug 1368973 *** |
Description of problem: ipa-client-install displays the below message during installation. Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Version-Release number of selected component (if applicable): ipa-server-4.4.0-8.el7.x86_64 ipa-client-4.4.0-8.el7.x86_64 sssd-1.14.0-27.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server #ipa-server-install --no-dnssec-validation --setup-dns -n REDLABS.QE -p <password> -a <password> -r REDLABS.QE --hostname=ipaserver.redlabs.qe --ip-address=<IP-address> 2. Install ipa-client 3. Check the message displayed on the console. Actual results: On the client machine the below message is displayed. [root@client ~]# ipa-client-install WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Discovery was successful! Client hostname: client.redlabs.qe Realm: REDLABS.QE DNS Domain: redlabs.qe IPA Server: ipaserver.redlabs.qe BaseDN: dc=redlabs,dc=qe Continue to configure the system with these values? [no]: yes Skipping synchronizing time with NTP server. User authorized to enroll computers: admin Password for admin: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=REDLABS.QE Issuer: CN=Certificate Authority,O=REDLABS.QE Valid From: Mon Aug 22 08:44:21 2016 UTC Valid Until: Fri Aug 22 08:44:21 2036 UTC Enrolled in IPA realm REDLABS.QE Created /etc/ipa/default.conf Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm REDLABS.QE trying https://ipaserver.redlabs.qe/ipa/json Forwarding 'ping' to json server 'https://ipaserver.redlabs.qe/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://ipaserver.redlabs.qe/ipa/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipaserver.redlabs.qe/ipa/json' SSSD enabled SSSD service restart was unsuccessful. Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring redlabs.qe as NIS domain. Client configuration complete. [root@client ~]# systemctl status sssd.service ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: failed (Result: exit-code) since Mon 2016-08-22 14:39:41 IST; 1min 2s ago Aug 22 14:39:41 client.redlabs.qe systemd[1]: Starting System Security Services Daemon... Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service: control process exited, code=exited status=3 Aug 22 14:39:41 client.redlabs.qe systemd[1]: Failed to start System Security Services Daemon. Aug 22 14:39:41 client.redlabs.qe systemd[1]: Unit sssd.service entered failed state. Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service failed. ===sssd.conf configuration==== [root@client ~]# cat /etc/sssd/sssd.conf [domain/redlabs.qe] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = redlabs.qe id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = client.redlabs.qe chpass_provider = ipa ipa_server = _srv_, ipaserver.redlabs.qe ldap_tls_cacert = /etc/ipa/ca.crt [sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = shadowutils, redlabs.qe [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True [ssh] [sudo] [root@client ~]# rpm -qf /etc/sssd/sssd.conf sssd-common-1.14.0-27.el7.x86_64 Expected results: The above messages should be fixed along with the configuration file for sssd service, enabling it to start. Additional info: sssd service fails to start on ipa-client