Bug 961447
| Summary: | Can not re-install IPA client | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dean Hunter <deanhunter> |
| Component: | freeipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | abokovoy, mkosek, rcritten, ssorce |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-09 17:59:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
ipaclient-install.log
2013-05-09T15:53:32Z DEBUG /sbin/ipa-client-install was invoked with options: {'domain': 'hunter.org', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': 'HUNTER.ORG', 'force_ntpd': True, 'create_sshfp': True, 'conf_sshd': True, 'on_master': False, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server': None, 'principal': 'admin', 'hostname': None, 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': True, 'dns_updates': True, 'mkhomedir': True, 'conf_ssh': True, 'server': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False}
2013-05-09T15:53:32Z DEBUG missing options might be asked for interactively later
2013-05-09T15:53:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-05-09T15:53:32Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-05-09T15:53:32Z DEBUG [IPA Discovery]
2013-05-09T15:53:32Z DEBUG Starting IPA discovery with domain=hunter.org, servers=None, hostname=developer.hunter.org
2013-05-09T15:53:32Z DEBUG Search for LDAP SRV record in hunter.org
2013-05-09T15:53:32Z DEBUG Search DNS for SRV record of _ldap._tcp.hunter.org
2013-05-09T15:53:32Z DEBUG DNS record found: 0 100 389 ipa.hunter.org.
2013-05-09T15:53:32Z DEBUG [Kerberos realm search]
2013-05-09T15:53:32Z DEBUG Search DNS for TXT record of _kerberos.hunter.org
2013-05-09T15:53:32Z DEBUG DNS record found: "HUNTER.ORG"
2013-05-09T15:53:32Z DEBUG Search DNS for SRV record of _kerberos._udp.hunter.org
2013-05-09T15:53:32Z DEBUG DNS record found: 0 100 88 ipa.hunter.org.
2013-05-09T15:53:32Z DEBUG [LDAP server check]
2013-05-09T15:53:32Z DEBUG Verifying that ipa.hunter.org (realm HUNTER.ORG) is an IPA server
2013-05-09T15:53:32Z DEBUG Init LDAP connection with: ldap://ipa.hunter.org:389
2013-05-09T15:53:32Z DEBUG LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
2013-05-09T15:53:32Z WARNING Skip ipa.hunter.org: cannot verify if this is an IPA server
2013-05-09T15:53:32Z DEBUG Discovery result: UNKNOWN_ERROR; server=None, domain=hunter.org, kdc=ipa.hunter.org, basedn=None
2013-05-09T15:53:32Z DEBUG Validated servers:
2013-05-09T15:53:32Z DEBUG will use discovered domain: hunter.org
2013-05-09T15:53:32Z DEBUG IPA Server not found
2013-05-09T15:53:32Z ERROR Unable to find IPA Server to join
2013-05-09T15:53:32Z ERROR Installation failed. Rolling back changes.
2013-05-09T15:53:32Z ERROR IPA client is not configured on this system.
The problem is /etc/ipa/ca.crt is not removed when a client is uninstalled. This will be fixed in the next release. The upstream ticket is https://fedorahosted.org/freeipa/ticket/3537 Ah! Thank you. I verified that freeipa-client.3.1.4-1.fc18.x86_64 corrects this problem. |
Description of problem: I rebuilt my FreeIPA server to test 3.1.4-1. I can build new clients but I can not re-install FreeIPA client on existing machines. Did I forget something? Version-Release number of selected component (if applicable): Installed Packages freeipa-client.x86_64 3.1.4-1.fc18 @updates-testing How reproducible: Consistent Steps to Reproduce: 1. ipa-client-install --uninstall 2. reboot 3. yum update --enablerepo updates-testing freeipa-client 4. ipa-client-install \ --domain hunter.org \ --enable-dns-updates \ --force-ntpd \ --mkhomedir \ --password adminpassword \ --principal admin \ --realm HUNTER.ORG \ --ssh-trust-dns \ --unattended Actual results: [root@developer ~]# ipa-client-install \ > --domain hunter.org \ > --enable-dns-updates \ > --force-ntpd \ > --mkhomedir \ > --password adminpassword \ > --principal admin \ > --realm HUNTER.ORG \ > --ssh-trust-dns \ > --unattended Skip ipa.hunter.org: cannot verify if this is an IPA server Unable to find IPA Server to join Installation failed. Rolling back changes. IPA client is not configured on this system. [root@developer ~]# Expected results: Successful installation Additional info: [root@developer ~]# nslookup ipa.hunter.org Server: 192.168.1.11 Address: 192.168.1.11#53 Name: ipa.hunter.org Address: 192.168.1.11 [root@developer ~]#