Bug 1368969 - ipa-client-install: Unable to reliably detect configuration. Check NSS setup manually
Summary: ipa-client-install: Unable to reliably detect configuration. Check NSS setup ...
Keywords:
Status: CLOSED DUPLICATE of bug 1368973
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-22 09:15 UTC by Sudhir Menon
Modified: 2016-08-22 09:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-22 09:24:39 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Sudhir Menon 2016-08-22 09:15:04 UTC 
Description of problem: ipa-client-install displays the below message during installation.

Unable to find 'admin' user with 'getent passwd admin'!
Unable to reliably detect configuration. Check NSS setup manually.


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-8.el7.x86_64
ipa-client-4.4.0-8.el7.x86_64
sssd-1.14.0-27.el7.x86_64

How reproducible: Always


Steps to Reproduce:
1. Install ipa-server

#ipa-server-install --no-dnssec-validation --setup-dns -n REDLABS.QE -p <password> -a <password> -r REDLABS.QE --hostname=ipaserver.redlabs.qe --ip-address=<IP-address> 

2. Install ipa-client
3. Check the message displayed on the console.

Actual results: On the client machine the below message is displayed.

[root@client ~]# ipa-client-install 
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Discovery was successful!
Client hostname: client.redlabs.qe
Realm: REDLABS.QE
DNS Domain: redlabs.qe
IPA Server: ipaserver.redlabs.qe
BaseDN: dc=redlabs,dc=qe

Continue to configure the system with these values? [no]: yes
Skipping synchronizing time with NTP server.
User authorized to enroll computers: admin
Password for admin: 
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=REDLABS.QE
    Issuer:      CN=Certificate Authority,O=REDLABS.QE
    Valid From:  Mon Aug 22 08:44:21 2016 UTC
    Valid Until: Fri Aug 22 08:44:21 2036 UTC

Enrolled in IPA realm REDLABS.QE
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm REDLABS.QE
trying https://ipaserver.redlabs.qe/ipa/json
Forwarding 'ping' to json server 'https://ipaserver.redlabs.qe/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://ipaserver.redlabs.qe/ipa/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://ipaserver.redlabs.qe/ipa/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring redlabs.qe as NIS domain.
Client configuration complete.


[root@client ~]# systemctl status sssd.service
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/sssd.service.d
           └─journal.conf
   Active: failed (Result: exit-code) since Mon 2016-08-22 14:39:41 IST; 1min 2s ago
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Starting System Security Services Daemon...
Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service: control process exited, code=exited status=3
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Failed to start System Security Services Daemon.
Aug 22 14:39:41 client.redlabs.qe systemd[1]: Unit sssd.service entered failed state.
Aug 22 14:39:41 client.redlabs.qe systemd[1]: sssd.service failed.

===sssd.conf configuration====

[root@client ~]# cat /etc/sssd/sssd.conf
[domain/redlabs.qe]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = redlabs.qe
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client.redlabs.qe
chpass_provider = ipa
ipa_server = _srv_, ipaserver.redlabs.qe
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains = shadowutils, redlabs.qe

[nss]

[pam]

[domain/shadowutils]
id_provider = proxy
proxy_lib_name = files

auth_provider = proxy
proxy_pam_target = sssd-shadowutils

proxy_fast_alias = True
[ssh]

[sudo]

[root@client ~]# rpm -qf /etc/sssd/sssd.conf
sssd-common-1.14.0-27.el7.x86_64

Expected results: The above messages should be fixed along with the configuration file for sssd service, enabling it to start.

Additional info: sssd service fails to start on ipa-client
Comment 1 Sudhir Menon 2016-08-22 09:24:39 UTC 

*** This bug has been marked as a duplicate of bug 1368973 ***
Note You need to log in before you can comment on or make changes to this bug.