Bug 1802209 - ipa-client-install fails when host only has an IPv6 address
Summary: ipa-client-install fails when host only has an IPv6 address
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.7
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Tomas Halman
QA Contact: sssd-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-12 15:38 UTC by Ron van der Wees
Modified: 2020-05-05 10:11 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-29 13:52:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3057 0 None open SSSD fails to connect with ipv4_first when on a machine with only IPv6 and server is dual-stack 2020-10-02 16:48:24 UTC
Red Hat Knowledge Base (Solution) 4823921 0 None None None 2020-02-12 16:03:27 UTC

Description Ron van der Wees 2020-02-12 15:38:10 UTC
Description of problem:
Installing an IPA client on a host that only has an IPv6 address fails with an
error message that the "admin user" cannot be found.

Version-Release number of selected component (if applicable):
ipa-client-4.6.5-11.el7_7.4.x86_64
sssd-1.16.4-21.el7_7.1.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure a IPA server with an IPv6 address
2. Setup a new host as a client with only a IPv6 address
3. Run "ipa-client-install" on the client

Actual results:
~~~
....
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://ipa.example.com/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
Unable to find 'user1' user with 'getent passwd user1@example.com'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Searching for IPA server...
IPA server: DNS discovery
Restarting sssd, waiting for it to become available.
Unable to find 'admin' user with 'getent passwd admin@EXAMPLE.COM'!
This may mean that sssd didn't re-start properly after the configuration changes.
~~~

The is caused by sssd not starting up:
~~~
(Tue Feb 11 10:37:55 2020) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.  DataProvider.Offline]
~~~

and can be resolved by adding "lookup_family_order = ipv6_only" under the
domain section in SSSD.conf


Expected results:
Installation to detect an IPv6 only network and configure sssd accordingly.


Additional info:
https://blog.delouw.ch/2017/03/01/configure-sssd-to-work-on-ipv6-only-hosts/
 
and the referenced sssd tickets:
https://pagure.io/SSSD/sssd/issue/2128
https://pagure.io/SSSD/sssd/issue/2015

Comment 1 Rob Crittenden 2020-03-25 20:17:53 UTC
Can you be more specific about IPv6-only.

I've been unable to reproduce this using 7.8 beta.

ipa-client-4.6.6-11.el7
sssd-1.16.4-37.el7

My client and server have only 2 interfaces: lo and eth0. lo has both IPv4 and IPv6 configured. eth0 has only IPv6 configured, link-local and a routed address.

Comment 2 Rob Crittenden 2020-03-25 21:00:23 UTC
Ok, so in this case the server has both IPv4 and IPv6, the client is IPv6-only.

On DNS lookup it will get the IPv4 address so sssd won't work.

The trick will be reliably knowing that only/an IPv6 is available on a client in order to add this option (or ipv6_first).

Comment 3 Rob Crittenden 2020-03-25 21:45:06 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/8243

Comment 4 Ron van der Wees 2020-03-26 08:46:11 UTC
(In reply to Rob Crittenden from comment #2)
> Ok, so in this case the server has both IPv4 and IPv6, the client is
> IPv6-only.
Just to confirm that this is indeed the case.

Comment 5 Rob Crittenden 2020-03-31 15:11:59 UTC
Re-assigning to sssd team to address.

Comment 6 Pavel Březina 2020-04-01 09:25:48 UTC
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/2015

Comment 8 RHEL Program Management 2020-04-29 13:52:37 UTC
Development Management has reviewed and declined this request. You may appeal this decision by using your Red Hat support channels, who will make certain  the issue receives the proper prioritization with product and development management.

https://www.redhat.com/support/process/production/#howto

Comment 9 Sam Wachira 2020-05-05 10:11:57 UTC
Upstream SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
https://github.com/SSSD/sssd/issues/3057


Note You need to log in before you can comment on or make changes to this bug.