Bug 1491868

Summary: ipa-client-install command failed
Product: [Fedora] Fedora Reporter: Dominic P Geevarghese <dominicpg>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 27CC: abokovoy, cglombek, ipa-maint, jcholast, jhrozek, mkosek, pvoborni, rcritten, ssorce, tkrizek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-15 10:50:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ipaclient-install.log
none
ipaserver-install.log
none
krb5kdc.log
none
http_error_log none

Description Dominic P Geevarghese 2017-09-14 21:40:43 UTC 
Created attachment 1326194 [details]
ipaclient-install.log

Description of problem:

ipa-server installation has failed with

trying https://uefipxeboot.cinimod.ae/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://uefipxeboot.cinimod.ae/ipa/json'
No valid Negotiate header in server response
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
ipapython.admintool: ERROR    Configuration of client side components failed!
ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Version-Release number of selected component (if applicable):

freeipa-4.6.0-3.fc27

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1490762

How reproducible:

Steps to Reproduce:
1. install builds from https://koji.fedoraproject.org/koji/buildinfo?buildID=970028
2. ipa-server-install with no arguments
3. installation failed at client config stage.

Actual results:

Installation failed

Expected results:

Installation should complete without error

Additional info:

[1] though the older version had selinux issue, not witnessed any error while installing ipa-server with selinux in permissive mode.

[2] 

2017-09-14T17:18:41Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain cinimod.ae --server uefi-pxeboot.cinimod.ae --realm CINIMOD.AE --hostname uefi-pxeboot.cinimod.ae
2017-09-14T17:18:42Z DEBUG Process finished, return code=1

however,

[root@uefi-pxeboot ~]# /usr/sbin/ipa-client-install --on-master --unattended --domain cinimod.ae --server uefi-pxeboot.cinimod.ae --realm CINIMOD.AE --hostname uefi-pxeboot.cinimod.ae
IPA client is already configured on this system.
If you want to reinstall the IPA client, uninstall it first using 'ipa-client-install --uninstall'.
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information


Thanks, 
Dominic Geevarghese
4096R/43EACB09
Comment 1 Dominic P Geevarghese 2017-09-14 21:41:55 UTC 
Created attachment 1326195 [details]
ipaserver-install.log
Comment 2 Alexander Bokovoy 2017-09-14 21:44:39 UTC 
Could you please also attach /var/log/httpd/error_log and /var/log/krb5kdc.log?
Comment 3 Dominic P Geevarghese 2017-09-14 21:53:21 UTC 
Created attachment 1326208 [details]
krb5kdc.log
Comment 4 Dominic P Geevarghese 2017-09-14 21:54:02 UTC 
Created attachment 1326209 [details]
http_error_log
Comment 5 Dominic P Geevarghese 2017-09-14 22:06:06 UTC 
(In reply to Alexander Bokovoy from comment #2)
> Could you please also attach /var/log/httpd/error_log and
> /var/log/krb5kdc.log?

attached. as the system had older version installed with setenforce 0, you might not see errors at the start of log files and thus, please refer the most recent logs.
Comment 6 Dominic P Geevarghese 2017-09-15 10:50:39 UTC 
I have verified that, this is duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1491508 . I could complete installation with selinux=0

*** This bug has been marked as a duplicate of bug 1491508 ***