RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1802209 - ipa-client-install fails when host only has an IPv6 address
Summary: ipa-client-install fails when host only has an IPv6 address
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.7
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Tomas Halman
QA Contact: sssd-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-12 15:38 UTC by Ron van der Wees
Modified: 2023-09-07 21:49 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-29 13:52:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3057 0 None open SSSD fails to connect with ipv4_first when on a machine with only IPv6 and server is dual-stack 2020-10-02 16:48:24 UTC
Red Hat Knowledge Base (Solution) 4823921 0 None None None 2020-02-12 16:03:27 UTC

Description Ron van der Wees 2020-02-12 15:38:10 UTC 
Description of problem:
Installing an IPA client on a host that only has an IPv6 address fails with an
error message that the "admin user" cannot be found.

Version-Release number of selected component (if applicable):
ipa-client-4.6.5-11.el7_7.4.x86_64
sssd-1.16.4-21.el7_7.1.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure a IPA server with an IPv6 address
2. Setup a new host as a client with only a IPv6 address
3. Run "ipa-client-install" on the client

Actual results:
~~~
....
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://ipa.example.com/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Unable to find 'user1' user with 'getent passwd user1'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Searching for IPA server...
IPA server: DNS discovery
Restarting sssd, waiting for it to become available.
Unable to find 'admin' user with 'getent passwd admin'!
This may mean that sssd didn't re-start properly after the configuration changes.
~~~

The is caused by sssd not starting up:
~~~
(Tue Feb 11 10:37:55 2020) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.  DataProvider.Offline]
~~~

and can be resolved by adding "lookup_family_order = ipv6_only" under the
domain section in SSSD.conf


Expected results:
Installation to detect an IPv6 only network and configure sssd accordingly.


Additional info:
https://blog.delouw.ch/2017/03/01/configure-sssd-to-work-on-ipv6-only-hosts/
 
and the referenced sssd tickets:
https://pagure.io/SSSD/sssd/issue/2128
https://pagure.io/SSSD/sssd/issue/2015
Comment 1 Rob Crittenden 2020-03-25 20:17:53 UTC 
Can you be more specific about IPv6-only.

I've been unable to reproduce this using 7.8 beta.

ipa-client-4.6.6-11.el7
sssd-1.16.4-37.el7

My client and server have only 2 interfaces: lo and eth0. lo has both IPv4 and IPv6 configured. eth0 has only IPv6 configured, link-local and a routed address.
Comment 2 Rob Crittenden 2020-03-25 21:00:23 UTC 
Ok, so in this case the server has both IPv4 and IPv6, the client is IPv6-only.

On DNS lookup it will get the IPv4 address so sssd won't work.

The trick will be reliably knowing that only/an IPv6 is available on a client in order to add this option (or ipv6_first).
Comment 3 Rob Crittenden 2020-03-25 21:45:06 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8243
Comment 4 Ron van der Wees 2020-03-26 08:46:11 UTC 
(In reply to Rob Crittenden from comment #2)
> Ok, so in this case the server has both IPv4 and IPv6, the client is
> IPv6-only.
Just to confirm that this is indeed the case.
Comment 5 Rob Crittenden 2020-03-31 15:11:59 UTC 
Re-assigning to sssd team to address.
Comment 6 Pavel Březina 2020-04-01 09:25:48 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/2015
Comment 8 RHEL Program Management 2020-04-29 13:52:37 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by using your Red Hat support channels, who will make certain  the issue receives the proper prioritization with product and development management.

https://www.redhat.com/support/process/production/#howto
Comment 9 Sam Wachira 2020-05-05 10:11:57 UTC 
Upstream SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
https://github.com/SSSD/sssd/issues/3057
Note You need to log in before you can comment on or make changes to this bug.