Hide Forgot
Description of problem: Installing an IPA client on a host that only has an IPv6 address fails with an error message that the "admin user" cannot be found. Version-Release number of selected component (if applicable): ipa-client-4.6.5-11.el7_7.4.x86_64 sssd-1.16.4-21.el7_7.1.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure a IPA server with an IPv6 address 2. Setup a new host as a client with only a IPv6 address 3. Run "ipa-client-install" on the client Actual results: ~~~ .... Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://ipa.example.com/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf Unable to find 'user1' user with 'getent passwd user1@example.com'! Unable to reliably detect configuration. Check NSS setup manually. NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Searching for IPA server... IPA server: DNS discovery Restarting sssd, waiting for it to become available. Unable to find 'admin' user with 'getent passwd admin@EXAMPLE.COM'! This may mean that sssd didn't re-start properly after the configuration changes. ~~~ The is caused by sssd not starting up: ~~~ (Tue Feb 11 10:37:55 2020) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error. DataProvider.Offline] ~~~ and can be resolved by adding "lookup_family_order = ipv6_only" under the domain section in SSSD.conf Expected results: Installation to detect an IPv6 only network and configure sssd accordingly. Additional info: https://blog.delouw.ch/2017/03/01/configure-sssd-to-work-on-ipv6-only-hosts/ and the referenced sssd tickets: https://pagure.io/SSSD/sssd/issue/2128 https://pagure.io/SSSD/sssd/issue/2015
Can you be more specific about IPv6-only. I've been unable to reproduce this using 7.8 beta. ipa-client-4.6.6-11.el7 sssd-1.16.4-37.el7 My client and server have only 2 interfaces: lo and eth0. lo has both IPv4 and IPv6 configured. eth0 has only IPv6 configured, link-local and a routed address.
Ok, so in this case the server has both IPv4 and IPv6, the client is IPv6-only. On DNS lookup it will get the IPv4 address so sssd won't work. The trick will be reliably knowing that only/an IPv6 is available on a client in order to add this option (or ipv6_first).
Upstream ticket: https://pagure.io/freeipa/issue/8243
(In reply to Rob Crittenden from comment #2) > Ok, so in this case the server has both IPv4 and IPv6, the client is > IPv6-only. Just to confirm that this is indeed the case.
Re-assigning to sssd team to address.
Upstream ticket: https://pagure.io/SSSD/sssd/issue/2015
Development Management has reviewed and declined this request. You may appeal this decision by using your Red Hat support channels, who will make certain the issue receives the proper prioritization with product and development management. https://www.redhat.com/support/process/production/#howto
Upstream SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository. This issue has been cloned to Github and is available here: https://github.com/SSSD/sssd/issues/3057