| Summary: | ipa-client-install: Unable to reliably detect configuration. Check NSS setup manually | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED DUPLICATE | QA Contact: | Kaleem <ksiddiqu> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | jhrozek, mbasti, pvoborni, rcritten, sumenon |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-31 12:56:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1366569, 1371879 | ||
| Bug Blocks: | |||
*** Bug 1368969 has been marked as a duplicate of this bug. *** Anything is SSSD logs? Yeah, this is really not a useful bug report. Please see https://fedorahosted.org/sssd/wiki/Reporting_sssd_bugs and https://fedorahosted.org/sssd/wiki/Troubleshooting Jakub,
After adding sss against initgroups in nsswitch.conf file, the warning message is not displayed on the client and the admin user is also resolved on the client.
[root@client ~]# ipa-client-install
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd
Discovery was successful!
Client hostname: client.redlabs.qe
Realm: REDLABS.QE
DNS Domain: redlabs.qe
IPA Server: replica.redlabs.qe
BaseDN: dc=redlabs,dc=qe
Continue to configure the system with these values? [no]: yes
Skipping synchronizing time with NTP server.
User authorized to enroll computers: admin
Password for admin:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=REDLABS.QE
Issuer: CN=Certificate Authority,O=REDLABS.QE
Valid From: Mon Aug 22 08:44:21 2016 UTC
Valid Until: Fri Aug 22 08:44:21 2036 UTC
Enrolled in IPA realm REDLABS.QE
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm REDLABS.QE
trying https://replica.redlabs.qe/ipa/json
Forwarding 'schema' to json server 'https://replica.redlabs.qe/ipa/json'
trying https://replica.redlabs.qe/ipa/session/json
Forwarding 'ping' to json server 'https://replica.redlabs.qe/ipa/session/json'
Forwarding 'ca_is_enabled' to json server 'https://replica.redlabs.qe/ipa/session/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://replica.redlabs.qe/ipa/session/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring redlabs.qe as NIS domain.
Client configuration complete.
[root@client ~]# getent passwd admin
admin:*:820400000:820400000:Administrator:/home/admin:/bin/bash
[root@client ~]# id admin
uid=820400000(admin) gid=820400000(admins) groups=820400000(admins)
[root@client ~]# service sssd status
Redirecting to /bin/systemctl status sssd.service
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (running) since Mon 2016-08-22 16:27:13 IST; 5s ago
Process: 3242 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS)
Main PID: 3243 (sssd)
CGroup: /system.slice/sssd.service
├─3243 /usr/sbin/sssd -D -f
├─3244 /usr/libexec/sssd/sssd_be --domain shadowutils --uid 0 --gid 0 --debug-to-files
├─3245 /usr/libexec/sssd/sssd_be --domain redlabs.qe --uid 0 --gid 0 --debug-to-files
├─3246 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
├─3247 /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
├─3248 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
├─3249 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
└─3250 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
Aug 22 16:27:13 client.redlabs.qe sssd[ssh][3249]: Starting up
Aug 22 16:27:13 client.redlabs.qe sssd[nss][3246]: Starting up
Aug 22 16:27:13 client.redlabs.qe sssd[sudo][3247]: Starting up
Aug 22 16:27:13 client.redlabs.qe sssd[pam][3248]: Starting up
Aug 22 16:27:13 client.redlabs.qe sssd[pac][3250]: Starting up
Aug 22 16:27:13 client.redlabs.qe systemd[1]: Started System Security Services Daemon.
Aug 22 16:27:14 client.redlabs.qe sssd_be[3245]: GSSAPI client step 1
Aug 22 16:27:14 client.redlabs.qe sssd_be[3245]: GSSAPI client step 1
Aug 22 16:27:14 client.redlabs.qe sssd_be[3245]: GSSAPI client step 1
Aug 22 16:27:14 client.redlabs.qe sssd_be[3245]: GSSAPI client step 2
Related to bz1366569
Then I believe we can close this as a duplicate of #1366569 right? *** This bug has been marked as a duplicate of bug 1366569 *** |
Description of problem: ipa-client-install displays the below message during installation. Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Version-Release number of selected component (if applicable): ipa-server-4.4.0-8.el7.x86_64 ipa-client-4.4.0-8.el7.x86_64 sssd-1.14.0-27.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server #ipa-server-install --no-dnssec-validation --setup-dns -n REDLABS.QE -p <password> -a <password> -r REDLABS.QE --hostname=ipaserver.redlabs.qe --ip-address=<IP-address> 2. Install ipa-client 3. Check the message displayed on the console. Actual results: On the client machine the below message is displayed. [root@client ~]# ipa-client-install WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Discovery was successful! Client hostname: client.redlabs.qe Realm: REDLABS.QE DNS Domain: redlabs.qe IPA Server: ipaserver.redlabs.qe BaseDN: dc=redlabs,dc=qe Continue to configure the system with these values? [no]: yes Skipping synchronizing time with NTP server. User authorized to enroll computers: admin Password for admin: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=REDLABS.QE Issuer: CN=Certificate Authority,O=REDLABS.QE Valid From: Mon Aug 22 08:44:21 2016 UTC Valid Until: Fri Aug 22 08:44:21 2036 UTC Enrolled in IPA realm REDLABS.QE Created /etc/ipa/default.conf Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm REDLABS.QE trying https://ipaserver.redlabs.qe/ipa/json Forwarding 'ping' to json server 'https://ipaserver.redlabs.qe/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://ipaserver.redlabs.qe/ipa/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipaserver.redlabs.qe/ipa/json' SSSD enabled SSSD service restart was unsuccessful. Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring redlabs.qe as NIS domain. Client configuration complete. ===Status of sssd service=== [root@client ~]# systemctl status sssd.service ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: failed (Result: exit-code) since Mon 2016-08-22 14:39:41 IST; 1min 2s ago Aug 22 14:39:41 client.redlabs.qe systemd[1]: Starting System Security Services Daemon... Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service: control process exited, code=exited status=3 Aug 22 14:39:41 client.redlabs.qe systemd[1]: Failed to start System Security Services Daemon. Aug 22 14:39:41 client.redlabs.qe systemd[1]: Unit sssd.service entered failed state. Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service failed. ===sssd.conf configuration on IPA client==== [root@client ~]# cat /etc/sssd/sssd.conf [domain/redlabs.qe] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = redlabs.qe id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = client.redlabs.qe chpass_provider = ipa ipa_server = _srv_, ipaserver.redlabs.qe ldap_tls_cacert = /etc/ipa/ca.crt [sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = shadowutils, redlabs.qe [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True [ssh] [sudo] [root@client ~]# rpm -qf /etc/sssd/sssd.conf sssd-common-1.14.0-27.el7.x86_64 [root@ipaserver ~]# getent passwd admin admin:*:820400000:820400000:Administrator:/home/admin:/bin/bash [root@client ~]# getent passwd admin Expected results: 1. The message displayed during installation should be fixed. 2. getent passwd admin should display same output as seen in the IPA-server 3. sssd.conf configuration needs fix. 4. sssd service should be running on ipa-client. Additional info: