1026676 – Attempt to run ipa-client-install fails with /etc/pki/nssdb/libnssckbi.so: cannot open shared object file: No such file or directory (PR_LOAD_LIBRARY_ERROR)

Bug 1026676 - Attempt to run ipa-client-install fails with /etc/pki/nssdb/libnssckbi.so: cannot open shared object file: No such file or directory (PR_LOAD_LIBRARY_ERROR)

Summary: Attempt to run ipa-client-install fails with /etc/pki/nssdb/libnssckbi.so: ca...

Keywords:
Status:	CLOSED DUPLICATE of bug 1026677
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-05 08:39 UTC by Jan Pazdziora
Modified:	2013-11-05 10:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-05 10:11:55 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan Pazdziora 2013-11-05 08:39:59 UTC

Description of problem:

Attempting to run ipa-client-install on RHEL 7 (against IdM on RHEL 6).

I get

Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
Cannot connect to the server due to generic error: cannot connect to 'https://ipa.example.com/ipa/xml': /etc/pki/nssdb/libnssckbi.so: cannot open shared object file: No such file or directory (PR_LOAD_LIBRARY_ERROR) Failure to load dynamic library.
Installation failed. Rolling back changes.

Version-Release number of selected component (if applicable):

# rpm -q ipa-client
ipa-client-3.3.3-1.el7.x86_64

How reproducible:

Seen once, suspect deterministic.

Steps to Reproduce:
1. Have an IPA/IdM server configured with domain example.com and realm EXAMPLE.COM.
2. On RHEL 7 machine, run yum install -y ipa-client.
3. On RHEL 7 machine, point the resolv.conf to the IP address of that IPA server: echo nameserver 10.11.12.13 > /etc/resolv.conf
4. Run ipa-client-install --domain example.com

Actual results:

# ipa-client-install --domain example.com
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Discovery was successful!
Hostname: the.real.machine.company.net
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: Mon Oct 14 02:14:11 2013 UTC
Valid Until: Fri Oct 14 02:14:11 2033 UTC

Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.

Expected results:

No error, client IPA-enrolled.

Additional info:

Comment 2 Jan Pazdziora 2013-11-05 10:11:55 UTC

Not sure why the bug got filed twice, closing this dupe.

*** This bug has been marked as a duplicate of bug 1026677 ***

Note You need to log in before you can comment on or make changes to this bug.