RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 906363 - ipa-client-install succeeds but the client is not functional
Summary: ipa-client-install succeeds but the client is not functional
Keywords:
Status: CLOSED DUPLICATE of bug 878420
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-31 14:08 UTC by Maxim Egorushkin
Modified: 2013-01-31 16:50 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-31 16:25:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
ipa-client installation log (25.43 KB, text/plain)
2013-01-31 14:09 UTC, Maxim Egorushkin 		no flags Details
sssd.log when it can't start (3.44 MB, text/x-log)
2013-01-31 14:32 UTC, Maxim Egorushkin 		no flags Details
sssd.log when it can't start (3.44 MB, text/plain)
2013-01-31 14:35 UTC, Maxim Egorushkin 		no flags Details
all sssd logs (7.13 KB, application/x-xz)
2013-01-31 15:52 UTC, Maxim Egorushkin 		no flags Details
core file (826.91 KB, application/x-xz)
2013-01-31 16:00 UTC, Maxim Egorushkin 		no flags Details
Show Obsolete (1) View All

Description Maxim Egorushkin 2013-01-31 14:08:38 UTC 
Description of problem:
I am trying to configure an IPA client. I am using the same command I used on other clients. Installation succeeds but the client is not functional, i.g. `getent passwd admin` fails, `id <ipa-registered-user>` also fails.

Installation succeeded on RHEL 6.3 clients with ipa-client-2.2.0-17.el6_3.1.x86_64. 

This client is RHEL 6.4 with ipa-client-3.0.0-8.el6.x86_64.

Version-Release number of selected component (if applicable):
ipa-client-3.0.0-8.el6.x86_64
kernel-2.6.32-343.el6.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Invoke ipa-client-install
2. Enter all info it asks.
3. Installation succeeds.

  
Actual results:
`id max` responds with "No such user". max is an IPA registered user.

Expected results:
# id max
uid=1637600006(max) gid=1637600006(max) groups=1637600006(max),1637600000(admins)


Additional info:
Comment 1 Maxim Egorushkin 2013-01-31 14:09:10 UTC 
Created attachment 690917 [details]
ipa-client installation log
Comment 3 Rob Crittenden 2013-01-31 14:17:38 UTC 
The client install succeeded (in that it configured the system) but you were presented with the error: Unable to find 'admin' user with 'getent passwd admin'!

This indicates that sssd is not communicating with the IPA server for some reason.

Can you try increasing the debug_level in /etc/sssd/sssd.conf and restarting sssd?
Comment 4 Maxim Egorushkin 2013-01-31 14:32:17 UTC 
(In reply to comment #3)
> The client install succeeded (in that it configured the system) but you were
> presented with the error: Unable to find 'admin' user with 'getent passwd
> admin'!
> 
> This indicates that sssd is not communicating with the IPA server for some
> reason.
> 
> Can you try increasing the debug_level in /etc/sssd/sssd.conf and restarting
> sssd?

Looks like sssd can't start. Will attach sssd.log.
Comment 5 Maxim Egorushkin 2013-01-31 14:32:58 UTC 
Created attachment 690939 [details]
sssd.log when it can't start
Comment 6 Maxim Egorushkin 2013-01-31 14:35:41 UTC 
Created attachment 690940 [details]
sssd.log when it can't start
Comment 7 Jakub Hrozek 2013-01-31 15:15:15 UTC 
From the logs:
(Thu Jan 31 14:27:07 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [xyz.com] terminated with signal [11]

Signal 11 is Segmentation fault, so it seems that the back end crashed.

Maxim, what is the SSSD version? Can we get the core file and the domain logs (put debug_level=10 into the [domain] section, restart sssd and attach /var/log/sssd/sssd_xyz.log)

Anyhow, reassigning to SSSD.
Comment 8 Maxim Egorushkin 2013-01-31 15:52:09 UTC 
Created attachment 691031 [details]
all sssd logs

Jakub,

I am using sssd-1.9.2-24.el6.x86_64.

Here are all sssd logs attached with debug log level as you requested.

Let me see if I can get the core file easily...

Maxim
Comment 9 Maxim Egorushkin 2013-01-31 16:00:23 UTC 
Created attachment 691037 [details]
core file

xyz is olivetree-solutions
Comment 10 Jakub Hrozek 2013-01-31 16:11:51 UTC 
Judging by the version and the changelog I suspect you were hitting #878420 or #883336 (both were fixed later in 6.4). I'll inspect the core file to be sure.
Comment 11 Maxim Egorushkin 2013-01-31 16:18:53 UTC 
Just in case: sssd does not start on boot,

    # service sssd start 

Hangs forever.
Comment 12 Jakub Hrozek 2013-01-31 16:22:06 UTC 
It's definitely #878420. Sorry, it was introduced in -23 and fixed in -29.

I'm marking this bugzilla as duplicate. Please upgrade to a later build where your issue should be resolved and reopen the bugzilla if it's still affecting you with later builds.
Comment 13 Jakub Hrozek 2013-01-31 16:24:19 UTC 
(In reply to comment #11)
> Just in case: sssd does not start on boot,
> 
>     # service sssd start 
> 
> Hangs forever.

That's https://bugzilla.redhat.com/show_bug.cgi?id=880140 also fixed in 6.4

Please update to the latest build available. Thank you!
Comment 14 Jakub Hrozek 2013-01-31 16:25:03 UTC 

*** This bug has been marked as a duplicate of bug 878420 ***
Comment 15 Jakub Hrozek 2013-01-31 16:26:12 UTC 
As a workaround you should be able to set ldap_sasl_authid manually:

ldap_sasl_authid = host/hostname@REALM

But I would recommend upgrading anyway, there was a huge number of bugs fixed between the version you are running and the 6.4 candidate.
Comment 16 Maxim Egorushkin 2013-01-31 16:31:11 UTC 
Thans a lot Jakub.

I wonded how do I upgrade please?

# yum update
Loaded plugins: product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
rhel-6-server-cf-tools-1-rpms                            | 2.8 kB     00:00
rhel-6-server-rhev-agent-rpms                            | 2.8 kB     00:00
rhel-6-server-rpms                                       | 3.7 kB     00:00
rhel-6-server-rpms/primary_db                            |  17 MB     00:01
Setting up Update Process
No Packages marked for Update
Comment 17 Maxim Egorushkin 2013-01-31 16:45:10 UTC 
Adding ldap_sasl_authid config parameter fixed the problem and it now works as expected. Thanks a lot again.

I am still wondering where I could get "the 6.4 candidate" you mentioned...
Comment 18 Jakub Hrozek 2013-01-31 16:50:02 UTC 
I admit I don't know how was the pre-release you are running distributed. But I would guess that either a new channel would appear on RHN or the current one would be updated. But I'm really guessing.

Red Hat support would give the best answer I suppose...
Note You need to log in before you can comment on or make changes to this bug.