This error is found on Fedora 18, [root@f18a (F-i386) install-client-cli] ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER -U --permit --no-sssd WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd
Hostname: f18a.yzhang.redhat.com Realm: YZHANG.REDHAT.COM DNS Domain: yzhang.redhat.com IPA Server: f18b.yzhang.redhat.com BaseDN: dc=yzhang,dc=redhat,dc=com
Synchronizing time with KDC... Enrolled in IPA realm YZHANG.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM trying https://f18b.yzhang.redhat.com/ipa/xml Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml' Could not update DNS SSHFP records. LDAP enabled Kerberos 5 enabled LDAP configured using configuration file(s) /etc/pam_ldap.conf nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1 NSLCD configured using configuration file(s) /etc/nslcd.conf Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Recognized configuration: NSLCD Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete.
effect: no ipa user can be found vi local "id" command [root@f18a (F-i386) install-client-cli] ipa user-find testuser27934
User login: testuser27934 First name: test27934 Last name: ipa27934 Home directory: /home/testuser27934 Login shell: /bin/sh Email address: testuser27934@yzhang.redhat.com UID: 1308600003 GID: 1308600003 Account disabled: False Password: True Kerberos keys available: True
[root@f18a (F-i386) install-client-cli] id testuser27934 id: testuser27934: no such user
[root@f18a (F-i386) install-client-cli] rpm -qi freeipa-client Name : freeipa-client Version : 3.1.3 Release : 4.fc18 Architecture: i686 Install Date: Mon 22 Apr 2013 01:27:32 PM PDT Group : System Environment/Base Size : 314533 License : GPLv3+ Signature : RSA/SHA256, Tue 02 Apr 2013 12:51:09 PM PDT, Key ID ff01125cde7f38bd Source RPM : freeipa-3.1.3-4.fc18.src.rpm Build Date : Tue 02 Apr 2013 08:00:17 AM PDT Build Host : buildvm-12.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://www.freeipa.org/ Summary : IPA authentication for use on clients
extra notes:
re-post the error output with wikiformat [root@f18a (F-i386) install-client-cli] ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER -U --no-sssd WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Hostname: f18a.yzhang.redhat.com Realm: YZHANG.REDHAT.COM DNS Domain: yzhang.redhat.com IPA Server: f18b.yzhang.redhat.com BaseDN: dc=yzhang,dc=redhat,dc=com Synchronizing time with KDC... Enrolled in IPA realm YZHANG.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM trying https://f18b.yzhang.redhat.com/ipa/xml Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml' Could not update DNS SSHFP records. LDAP enabled Kerberos 5 enabled LDAP configured using configuration file(s) /etc/pam_ldap.conf nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1 NSLCD configured using configuration file(s) /etc/nslcd.conf Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Recognized configuration: NSLCD Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete.
Can you attach the ipaclient-install.log?
somehow the attach function does not work, paste it below:
[root@f18a (F-i386) install-client-cli] cat /var/log/ipaclient-install.log 2013-04-23T19:02:30Z DEBUG /sbin/ipa-client-install was invoked with options: {'domain': 'yzhang.redhat.com', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': 'YZHANG.REDHAT.COM', 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'on_master': False, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server': None, 'principal': 'admin', 'hostname': None, 'no_ac': False, 'unattended': True, 'sssd': False, 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': False, 'conf_ssh': True, 'server': ['f18b.yzhang.redhat.com'], 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False} 2013-04-23T19:02:30Z DEBUG missing options might be asked for interactively later 2013-04-23T19:02:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:02:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2013-04-23T19:02:30Z DEBUG Starting external process 2013-04-23T19:02:30Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2013-04-23T19:02:30Z DEBUG Process finished, return code=0 2013-04-23T19:02:30Z DEBUG stdout=enabled 2013-04-23T19:02:30Z DEBUG stderr= 2013-04-23T19:02:30Z DEBUG [IPA Discovery] 2013-04-23T19:02:30Z DEBUG Starting IPA discovery with domain=yzhang.redhat.com, servers=['f18b.yzhang.redhat.com'], hostname=f18a.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG Server and domain forced 2013-04-23T19:02:30Z DEBUG [Kerberos realm search] 2013-04-23T19:02:30Z DEBUG Search DNS for TXT record of _kerberos.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG DNS record not found: NXDOMAIN 2013-04-23T19:02:30Z DEBUG [LDAP server check] 2013-04-23T19:02:30Z DEBUG Verifying that f18b.yzhang.redhat.com (realm None) is an IPA server 2013-04-23T19:02:30Z DEBUG Init LDAP connection with: ldap://f18b.yzhang.redhat.com:389 2013-04-23T19:02:30Z DEBUG Search LDAP server for IPA base DN 2013-04-23T19:02:30Z DEBUG Check if naming context 'dc=yzhang,dc=redhat,dc=com' is for IPA 2013-04-23T19:02:30Z DEBUG Naming context 'dc=yzhang,dc=redhat,dc=com' is a valid IPA context 2013-04-23T19:02:30Z DEBUG Search for (objectClass=krbRealmContainer) in dc=yzhang,dc=redhat,dc=com (sub) 2013-04-23T19:02:30Z DEBUG Found: cn=YZHANG.REDHAT.COM,cn=kerberos,dc=yzhang,dc=redhat,dc=com 2013-04-23T19:02:30Z DEBUG Discovery result: Success; server=f18b.yzhang.redhat.com, domain=yzhang.redhat.com, kdc=None, basedn=dc=yzhang,dc=redhat,dc=com 2013-04-23T19:02:30Z DEBUG Validated servers: f18b.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG will use discovered domain: yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG Using servers from command line, disabling DNS discovery 2013-04-23T19:02:30Z DEBUG will use provided server: f18b.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG will use discovered realm: YZHANG.REDHAT.COM 2013-04-23T19:02:30Z DEBUG will use discovered basedn: dc=yzhang,dc=redhat,dc=com 2013-04-23T19:02:30Z INFO Hostname: f18a.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG Hostname source: Machine's FQDN 2013-04-23T19:02:30Z INFO Realm: YZHANG.REDHAT.COM 2013-04-23T19:02:30Z DEBUG Realm source: Discovered from LDAP DNS records in f18b.yzhang.redhat.com 2013-04-23T19:02:30Z INFO DNS Domain: yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG DNS Domain source: Forced 2013-04-23T19:02:30Z INFO IPA Server: f18b.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG IPA Server source: Provided as option 2013-04-23T19:02:30Z INFO BaseDN: dc=yzhang,dc=redhat,dc=com 2013-04-23T19:02:30Z DEBUG BaseDN source: From IPA server ldap://f18b.yzhang.redhat.com:389 2013-04-23T19:02:30Z DEBUG Starting external process 2013-04-23T19:02:30Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r YZHANG.REDHAT.COM 2013-04-23T19:02:30Z DEBUG Process finished, return code=5 2013-04-23T19:02:30Z DEBUG stdout= 2013-04-23T19:02:30Z DEBUG stderr=realm not found 2013-04-23T19:02:30Z INFO Synchronizing time with KDC... 2013-04-23T19:02:30Z DEBUG Search DNS for SRV record of _ntp._udp.yzhang.redhat.com 2013-04-23T19:02:30Z DEBUG DNS record not found: NXDOMAIN 2013-04-23T19:02:30Z DEBUG Starting external process 2013-04-23T19:02:30Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v f18b.yzhang.redhat.com 2013-04-23T19:04:11Z DEBUG Process finished, return code=0 2013-04-23T19:04:11Z DEBUG stdout= 2013-04-23T19:04:11Z DEBUG stderr= 2013-04-23T19:04:11Z DEBUG Writing Kerberos configuration to /tmp/tmp8xDaKN: 2013-04-23T19:04:11Z DEBUG #File modified by ipa-client-install [libdefaults] default_realm = YZHANG.REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] YZHANG.REDHAT.COM = { kdc = f18b.yzhang.redhat.com:88 master_kdc = f18b.yzhang.redhat.com:88 admin_server = f18b.yzhang.redhat.com:749 default_domain = yzhang.redhat.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .yzhang.redhat.com = YZHANG.REDHAT.COM yzhang.redhat.com = YZHANG.REDHAT.COM 2013-04-23T19:04:11Z DEBUG Starting external process 2013-04-23T19:04:11Z DEBUG args=kinit admin@YZHANG.REDHAT.COM 2013-04-23T19:04:11Z DEBUG Process finished, return code=0 2013-04-23T19:04:11Z DEBUG stdout=Password for admin@YZHANG.REDHAT.COM: 2013-04-23T19:04:11Z DEBUG stderr= 2013-04-23T19:04:11Z DEBUG trying to retrieve CA cert via LDAP from ldap://f18b.yzhang.redhat.com 2013-04-23T19:04:11Z DEBUG Existing CA cert and Retrieved CA cert are identical 2013-04-23T19:04:11Z DEBUG Starting external process 2013-04-23T19:04:11Z DEBUG args=/usr/sbin/ipa-join -s f18b.yzhang.redhat.com -b dc=yzhang,dc=redhat,dc=com 2013-04-23T19:04:12Z DEBUG Process finished, return code=0 2013-04-23T19:04:12Z DEBUG stdout= 2013-04-23T19:04:12Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab Certificate subject base is: O=YZHANG.REDHAT.COM 2013-04-23T19:04:12Z INFO Enrolled in IPA realm YZHANG.REDHAT.COM 2013-04-23T19:04:12Z DEBUG Starting external process 2013-04-23T19:04:12Z DEBUG args=kdestroy 2013-04-23T19:04:12Z DEBUG Process finished, return code=0 2013-04-23T19:04:12Z DEBUG stdout= 2013-04-23T19:04:12Z DEBUG stderr= 2013-04-23T19:04:12Z DEBUG Starting external process 2013-04-23T19:04:12Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:12Z DEBUG Process finished, return code=0 2013-04-23T19:04:12Z DEBUG stdout= 2013-04-23T19:04:12Z DEBUG stderr= 2013-04-23T19:04:12Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2013-04-23T19:04:12Z DEBUG -> Not backing up - '/etc/ipa/default.conf' doesn't exist 2013-04-23T19:04:12Z INFO Created /etc/ipa/default.conf 2013-04-23T19:04:12Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/entitle.py' 2013-04-23T19:04:12Z DEBUG skipping plugin module ipalib.plugins.entitle: No module named rhsm.connection 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' 2013-04-23T19:04:12Z DEBUG Starting external process 2013-04-23T19:04:12Z DEBUG args=klist -V 2013-04-23T19:04:12Z DEBUG Process finished, return code=0 2013-04-23T19:04:12Z DEBUG stdout=Kerberos 5 version 1.10.3 2013-04-23T19:04:12Z DEBUG stderr= 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' 2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' 2013-04-23T19:04:13Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2013-04-23T19:04:13Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout= 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2013-04-23T19:04:13Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:13Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: 2013-04-23T19:04:13Z DEBUG #File modified by ipa-client-install [libdefaults] default_realm = YZHANG.REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] YZHANG.REDHAT.COM = { kdc = f18b.yzhang.redhat.com:88 master_kdc = f18b.yzhang.redhat.com:88 admin_server = f18b.yzhang.redhat.com:749 default_domain = yzhang.redhat.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .yzhang.redhat.com = YZHANG.REDHAT.COM yzhang.redhat.com = YZHANG.REDHAT.COM 2013-04-23T19:04:13Z INFO Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout=1009308396 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=keyctl unlink 1009308396 @s 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout= 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:13Z DEBUG Process finished, return code=1 2013-04-23T19:04:13Z DEBUG stdout= 2013-04-23T19:04:13Z DEBUG stderr=keyctl_search: Required key not available 2013-04-23T19:04:13Z DEBUG failed to find session_cookie in persistent storage for principal 'host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM' 2013-04-23T19:04:13Z INFO trying https://f18b.yzhang.redhat.com/ipa/xml 2013-04-23T19:04:13Z DEBUG Created connection context.xmlclient 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/bin/systemctl start messagebus.service 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout= 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/bin/systemctl is-active messagebus.service 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout=active 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/bin/systemctl restart certmonger.service 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout= 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/bin/systemctl is-active certmonger.service 2013-04-23T19:04:13Z DEBUG Process finished, return code=0 2013-04-23T19:04:13Z DEBUG stdout=active 2013-04-23T19:04:13Z DEBUG stderr= 2013-04-23T19:04:13Z DEBUG Starting external process 2013-04-23T19:04:13Z DEBUG args=/bin/systemctl restart certmonger.service 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl is-active certmonger.service 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout=active 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl enable certmonger.service 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr=ln -s '/usr/lib/systemd/system/certmonger.service' '/etc/systemd/system/multi-user.target.wants/certmonger.service' 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - f18a.yzhang.redhat.com -N CN=f18a.yzhang.redhat.com,O=YZHANG.REDHAT.COM -K host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout=New signing request "20130423190414" added. 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub 2013-04-23T19:04:14Z INFO Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub 2013-04-23T19:04:14Z DEBUG raw: host_mod(u'f18a.yzhang.redhat.com', ipasshpubkey=[u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC35npIFOA3BxPdEwC6TfOTCj/3d9CDwZtCHFUbvw9ZGAjJyt3WKtyHDwrZ9AmzdYR+bsqowgd9SoJpCEUlxM8eJK2NBvpJ3jL1NTSpma/izrLVS9xG6fF6p93RVcNQ21in/LT1XKAqIFikJBZV4XHnO8CfRHLK99sXgHS4lBUonWYTEo9da+ZQ9MeR9jXIL6rSs52A1MoFge1vtU69d1XozB/tsdz5SJbLraKUKQWJzp+qYbTaJJY7lZ1ctHwUWBhrY1sis8OtH7CJ4O4jxPhClcT8pEdEjUA5D+Ku72ZKBBefdVmo3YcOKL4XuTlJviNBdl3CeauTTmt5+GVg9AX/', u'ssh-dss AAAAB3NzaC1kc3MAAACBAN3Qza2cIRs3etyNMmPkq9N5shmI8ATMgripQXS/FwzfQuNQQqzjxJFYsPZ/X3NToA9R9/ol3tE7tbTgteJEK506cbq5nRLQjR1VL0Y7I4kAS8qtyH5iNKC87dubDNwMYebkr5o1+afTpOQguvzyCqWERo4c4df7KN/qy9p6svsHAAAAFQCYuEsjFuWsUdJpTz65WF54AzD9kwAAAIEAwzRRd/uVDTadr2ZgrAssqMUi/pyDT1MFrTUTE6STZjcjSrcqxSY6B293Ztx3rkNBxqSIo2GJgjqwD1bZwUQv/t79ZXjZOQlevRUqPHLDwfedWT4HAy/EiWP8GbZBCvDI9vfzDBN9tU0DVZFoBgId9NKKvpzmfsC/RXmE7C2ImdkAAACARnywxsXgfwlMIA/nRa9fGWoChSjgMLPGLrgw7dXFMfUusNLObH26G2mRsy1a7qXPFdVvsLDdSkRiPYgLf4BtIweSIHGgH9XmD9mSR9Za0lbh3BCJnZMsPS8tuOxK6Q6HgUYtK2fKQai+R/Z+b3aRBE8nm51U9uTSEaH/Al/SNg8='], updatedns=False) 2013-04-23T19:04:14Z DEBUG host_mod(u'f18a.yzhang.redhat.com', random=False, ipasshpubkey=(u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC35npIFOA3BxPdEwC6TfOTCj/3d9CDwZtCHFUbvw9ZGAjJyt3WKtyHDwrZ9AmzdYR+bsqowgd9SoJpCEUlxM8eJK2NBvpJ3jL1NTSpma/izrLVS9xG6fF6p93RVcNQ21in/LT1XKAqIFikJBZV4XHnO8CfRHLK99sXgHS4lBUonWYTEo9da+ZQ9MeR9jXIL6rSs52A1MoFge1vtU69d1XozB/tsdz5SJbLraKUKQWJzp+qYbTaJJY7lZ1ctHwUWBhrY1sis8OtH7CJ4O4jxPhClcT8pEdEjUA5D+Ku72ZKBBefdVmo3YcOKL4XuTlJviNBdl3CeauTTmt5+GVg9AX/', u'ssh-dss AAAAB3NzaC1kc3MAAACBAN3Qza2cIRs3etyNMmPkq9N5shmI8ATMgripQXS/FwzfQuNQQqzjxJFYsPZ/X3NToA9R9/ol3tE7tbTgteJEK506cbq5nRLQjR1VL0Y7I4kAS8qtyH5iNKC87dubDNwMYebkr5o1+afTpOQguvzyCqWERo4c4df7KN/qy9p6svsHAAAAFQCYuEsjFuWsUdJpTz65WF54AzD9kwAAAIEAwzRRd/uVDTadr2ZgrAssqMUi/pyDT1MFrTUTE6STZjcjSrcqxSY6B293Ztx3rkNBxqSIo2GJgjqwD1bZwUQv/t79ZXjZOQlevRUqPHLDwfedWT4HAy/EiWP8GbZBCvDI9vfzDBN9tU0DVZFoBgId9NKKvpzmfsC/RXmE7C2ImdkAAACARnywxsXgfwlMIA/nRa9fGWoChSjgMLPGLrgw7dXFMfUusNLObH26G2mRsy1a7qXPFdVvsLDdSkRiPYgLf4BtIweSIHGgH9XmD9mSR9Za0lbh3BCJnZMsPS8tuOxK6Q6HgUYtK2fKQai+R/Z+b3aRBE8nm51U9uTSEaH/Al/SNg8='), rights=False, updatedns=False, all=False, raw=False) 2013-04-23T19:04:14Z INFO Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml' 2013-04-23T19:04:14Z DEBUG NSSConnection init f18b.yzhang.redhat.com 2013-04-23T19:04:14Z DEBUG Connecting: 192.168.122.22:0 2013-04-23T19:04:14Z DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=YZHANG.REDHAT.COM Validity: Not Before: Mon Apr 22 20:39:30 2013 UTC Not After: Thu Apr 23 20:39:30 2015 UTC Subject: CN=f18b.yzhang.redhat.com,O=YZHANG.REDHAT.COM Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:61:25:e0:91:38:4b:bb:a5:08:3b:b4:dc:dd:6f:20: f3:e5:6c:da:d5:60:22:e9:b9:66:18:52:de:a6:75:bd: 40:3b:3d:39:0e:98:4c:84:fc:78:ca:5d:67:e8:cf:89: 2d:39:7d:65:65:4f:6b:aa:51:37:bf:c4:8e:2b:31:7d: 05:a0:a3:c8:80:fe:10:de:12:4c:67:36:ad:2d:22:56: 4d:06:79:64:02:59:4e:cc:e5:de:7a:1e:c4:d6:40:5e: 1e:2c:ac:96:b4:90:8d:58:a8:c1:e2:d7:fa:dc:2b:43: 8b:87:8e:45:4b:d4:45:6f:95:95:66:a9:26:94:4a:40: f4:9f:73:0a:9c:9b:eb:ce:47:1b:ce:2d:ed:14:e3:c8: 30:56:91:63:11:aa:4c:89:b0:9d:f3:1d:66:4d:4d:83: 25:1c:16:90:90:1f:da:9b:ab:53:47:d2:9f:ad:33:6b: 26:a0:67:9a:84:9a:21:a6:e9:4a:16:6f:3f:de:c3:01: a5:1d:97:05:f3:d7:4b:80:8b:51:19:e4:ab:ba:a3:df: 64:de:d1:a2:ce:5f:69:57:09:30:e6:5d:d2:0f:5a:c6: 3e:88:b4:20:c8:0a:b0:1e:b5:eb:68:dc:ac:ac:22:82: 3d:ad:c1:92:9e:e4:42:fa:e5:0c:65:59:97:c6:0f:bf Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: d7:f7:e9:a6:2a:51:51:58:c1:7f:fc:60:36:dd:34:fb: d1:8d:60:ee Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [2 total] Point [1]: General Names: [1 total] https://ipa-ca.yzhang.redhat.com/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Point [2]: General Names: [1 total] https://f18b.yzhang.redhat.com/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 7b:02:73:72:c1:5b:6f:81:b7:42:18:f0:5e:52:14:29: c1:26:26:31 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 22:c3:be:4b:36:1f:7e:57:f5:29:21:59:14:23:38:ff: 1a:ac:a3:ea:00:53:49:fb:05:e6:89:35:1a:ab:64:12: dd:80:bc:cb:80:e6:bc:67:cd:82:46:18:3f:66:2e:22: 72:52:6b:41:e9:81:d0:03:17:b9:3e:84:6d:3c:07:80: eb:4d:60:40:e7:0d:6d:23:bf:f6:4f:5a:89:8c:e3:92: ab:bd:0f:a9:3d:93:51:0f:e3:72:86:71:ba:89:1d:fb: f7:59:99:31:89:94:ae:04:e8:60:15:d6:98:ea:d7:86: b7:05:96:fe:d5:78:4e:89:4d:20:60:bf:35:c6:3d:67: d7:a2:ac:f8:32:69:40:82:af:cb:dc:3a:d0:61:6c:f0: f2:90:c5:50:8b:d0:73:20:46:0e:dd:07:9b:f3:65:a6: 3f:5c:79:c6:9f:58:4e:38:0b:4e:9b:e2:c9:45:34:0c: bc:97:19:4c:e8:b7:96:a2:b8:f8:ef:d6:dc:54:83:de: 2a:86:a8:c0:f5:77:65:31:56:5a:d1:ee:f4:e0:68:64: c5:7b:55:e4:7e:d1:39:49:41:a2:aa:7f:cd:16:32:7b: 7f:36:3c:ec:fd:58:ef:2c:10:7b:ff:ce:0e:49:ff:13: 13:31:d6:d3:64:7c:3f:2d:d3:10:98:af:f8:3e:46:01 Fingerprint (MD5): e6:6f:71:b9:a7:95:2c:8e:a5:d9:7e:13:1f:20:90:26 Fingerprint (SHA1): 2b:e1:f2:98:e8:9e:bb:41:ed:20:40:2c:ee:4d:02:27: 42:5e:5a:d9 2013-04-23T19:04:14Z DEBUG approved_usage = SSLServer intended_usage = SSLServer 2013-04-23T19:04:14Z DEBUG cert valid True for "CN=f18b.yzhang.redhat.com,O=YZHANG.REDHAT.COM" 2013-04-23T19:04:14Z DEBUG handshake complete, peer = 192.168.122.22:443 2013-04-23T19:04:14Z DEBUG received Set-Cookie 'ipa_session=6a5266d7c1308f6a8cc7b8985fb249c4; Domain=f18b.yzhang.redhat.com; Path=/ipa; Expires=Tue, 23 Apr 2013 19:24:14 GMT; Secure; HttpOnly' 2013-04-23T19:04:14Z DEBUG storing cookie 'ipa_session=6a5266d7c1308f6a8cc7b8985fb249c4; Domain=f18b.yzhang.redhat.com; Path=/ipa; Expires=Tue, 23 Apr 2013 19:24:14 GMT; Secure; HttpOnly' for principal host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:14Z DEBUG Process finished, return code=1 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr=keyctl_search: Required key not available 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM 2013-04-23T19:04:14Z DEBUG Process finished, return code=1 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr=keyctl_search: Required key not available 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=keyctl padd user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM @s 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout=350485715 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Caught fault 4202 from server https://f18b.yzhang.redhat.com/ipa/xml: no modifications to be performed 2013-04-23T19:04:14Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2013-04-23T19:04:14Z DEBUG zone yzhang.redhat.com. update delete f18a.yzhang.redhat.com. IN SSHFP send update add f18a.yzhang.redhat.com. 1200 IN SSHFP 1 1 0A8516CF6D985972BB7B0A6F4B28585D9D61A50E update add f18a.yzhang.redhat.com. 1200 IN SSHFP 2 1 A9E81A48DB6A9FC938B1FF4BE8792C390098CE1F send 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2013-04-23T19:04:14Z DEBUG Process finished, return code=1 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/env.yzhang.redhat.com@YZHANG.REDHAT.COM not found in Kerberos database. 2013-04-23T19:04:14Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1 2013-04-23T19:04:14Z WARNING Could not update DNS SSHFP records. 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl list-unit-files --full 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount static var-lib-nfs-rpc_pipefs.mount static cups.path enabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static abrt-ccpp.service enabled abrt-oops.service enabled abrt-vmcore.service enabled abrt-xorg.service enabled abrtd.service enabled accounts-daemon.service enabled alsa-restore.service static alsa-store.service static arp-ethers.service disabled atd.service enabled auditd.service enabled autofs.service disabled autovt@.service disabled blk-availability.service disabled bluetooth.service enabled canberra-system-bootup.service disabled canberra-system-shutdown-reboot.service disabled canberra-system-shutdown.service disabled capi.service disabled certmonger.service enabled chrony-wait.service disabled chronyd.service enabled colord.service static configure-printer@.service static console-getty.service disabled console-kit-daemon.service disabled console-kit-log-system-restart.service static console-kit-log-system-start.service static console-kit-log-system-stop.service static console-shell.service disabled crond.service enabled cups.service enabled cvs@.service static dbus-org.bluez.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled display-manager.service enabled dm-event.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static emergency.service static fedora-autorelabel-mark.service static fedora-autorelabel.service static fedora-configure.service static fedora-import-state.service static fedora-loadmodules.service static fedora-readonly.service static fedora-storage-init-late.service static fedora-storage-init.service static firewalld.service enabled firstboot-graphical.service disabled getty@.service enabled halt-local.service static initrd-switch-root.service static irda.service disabled irqbalance.service enabled isdn.service disabled lightdm.service enabled lvm2-lvmetad.service disabled lvm2-monitor.service enabled mcelog.service enabled mdmon@.service static mdmonitor.service enabled messagebus.service static NetworkManager-wait-online.service enabled NetworkManager.service enabled nfs-blkmap.service disabled nfs-idmap.service disabled nfs-lock.service disabled nfs-mountd.service disabled nfs-rquotad.service disabled nfs-secure-server.service disabled nfs-secure.service disabled nfs-server.service disabled nfs.service disabled nfslock.service disabled nscd.service enabled nslcd.service disabled ntpd.service disabled ntpdate.service disabled openvpn@.service disabled packagekit-offline-update.service enabled pcscd.service static plymouth-halt.service static plymouth-kexec.service static plymouth-poweroff.service static plymouth-quit-wait.service static plymouth-quit.service static plymouth-read-write.service static plymouth-reboot.service static plymouth-start.service static plymouth-switch-root.service static polkit.service static pppoe-server.service disabled psacct.service disabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rngd.service enabled rpcbind.service enabled rpcgssd.service disabled rpcidmapd.service disabled rpcsvcgssd.service disabled rsyslog.service enabled rtkit-daemon.service enabled saslauthd.service disabled sendmail.service enabled serial-getty@.service static single.service static sm-client.service enabled smartd.service enabled snmpd.service disabled snmptrapd.service disabled spice-vdagentd.service enabled sshd.service enabled sssd.service disabled svnserve.service disabled syslog.service enabled systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-binfmt.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-flush.service static systemd-journal-gatewayd.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-modules-load.service static systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed-load.service static systemd-random-seed-save.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-utmp-runlevel.service static systemd-update-utmp-shutdown.service static systemd-user-sessions.service static systemd-vconsole-setup.service static udevadm-cleanup-db.service static udisks2.service static upower.service disabled usbmuxd.service static user@.service static wpa_supplicant.service disabled ypbind.service disabled cups.socket enabled cvs.socket disabled dbus.socket static dm-event.socket enabled lvm2-lvmetad.socket enabled nscd.socket enabled pcscd.socket enabled rpcbind.socket enabled syslog.socket static systemd-initctl.socket static systemd-journal-gatewayd.socket disabled systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup.target static ctrl-alt-del.target disabled cvs.target static default.target enabled emergency.target static final.target static getty.target static graphical.target disabled halt.target disabled hibernate.target static http-daemon.target static hybrid-sleep.target static initrd-switch-root.target static kexec.target disabled local-fs-pre.target static local-fs.target static mail-transfer-agent.target static multi-user.target enabled network.target static nfs.target disabled nss-lookup.target static nss-user-lookup.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target disabled runlevel3.target disabled runlevel4.target disabled runlevel5.target disabled runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static smartcard.target static sockets.target static sound.target static spice-vdagentd.target static suspend.target static swap.target static sysinit.target static syslog.target static system-update.target static time-sync.target static umount.target static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 261 unit files listed. 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl restart nscd.service 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout= 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl is-active nscd.service 2013-04-23T19:04:14Z DEBUG Process finished, return code=0 2013-04-23T19:04:14Z DEBUG stdout=active 2013-04-23T19:04:14Z DEBUG stderr= 2013-04-23T19:04:14Z DEBUG Starting external process 2013-04-23T19:04:14Z DEBUG args=/bin/systemctl enable nscd.service 2013-04-23T19:04:15Z DEBUG Process finished, return code=0 2013-04-23T19:04:15Z DEBUG stdout= 2013-04-23T19:04:15Z DEBUG stderr= 2013-04-23T19:04:15Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2013-04-23T19:04:15Z DEBUG Starting external process 2013-04-23T19:04:15Z DEBUG args=/usr/sbin/authconfig --enableforcelegacy --update --enableldap 2013-04-23T19:04:40Z DEBUG Process finished, return code=0 2013-04-23T19:04:40Z DEBUG stdout= 2013-04-23T19:04:40Z DEBUG stderr= 2013-04-23T19:04:40Z INFO LDAP enabled 2013-04-23T19:04:40Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2013-04-23T19:04:40Z DEBUG Starting external process 2013-04-23T19:04:40Z DEBUG args=/usr/sbin/authconfig --enablekrb5 --nostart --update 2013-04-23T19:04:41Z DEBUG Process finished, return code=0 2013-04-23T19:04:41Z DEBUG stdout= 2013-04-23T19:04:41Z DEBUG stderr= 2013-04-23T19:04:41Z INFO Kerberos 5 enabled 2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/pam_ldap.conf' 2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:41Z INFO LDAP configured using configuration file(s) /etc/pam_ldap.conf 2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/nslcd.conf' 2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:41Z DEBUG Starting external process 2013-04-23T19:04:41Z DEBUG args=/bin/systemctl list-unit-files --full 2013-04-23T19:04:41Z DEBUG Process finished, return code=0 2013-04-23T19:04:41Z DEBUG stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount static var-lib-nfs-rpc_pipefs.mount static cups.path enabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static abrt-ccpp.service enabled abrt-oops.service enabled abrt-vmcore.service enabled abrt-xorg.service enabled abrtd.service enabled accounts-daemon.service enabled alsa-restore.service static alsa-store.service static arp-ethers.service disabled atd.service enabled auditd.service enabled autofs.service disabled autovt@.service disabled blk-availability.service disabled bluetooth.service enabled canberra-system-bootup.service disabled canberra-system-shutdown-reboot.service disabled canberra-system-shutdown.service disabled capi.service disabled certmonger.service enabled chrony-wait.service disabled chronyd.service enabled colord.service static configure-printer@.service static console-getty.service disabled console-kit-daemon.service disabled console-kit-log-system-restart.service static console-kit-log-system-start.service static console-kit-log-system-stop.service static console-shell.service disabled crond.service enabled cups.service enabled cvs@.service static dbus-org.bluez.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled display-manager.service enabled dm-event.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static emergency.service static fedora-autorelabel-mark.service static fedora-autorelabel.service static fedora-configure.service static fedora-import-state.service static fedora-loadmodules.service static fedora-readonly.service static fedora-storage-init-late.service static fedora-storage-init.service static firewalld.service enabled firstboot-graphical.service disabled getty@.service enabled halt-local.service static initrd-switch-root.service static irda.service disabled irqbalance.service enabled isdn.service disabled lightdm.service enabled lvm2-lvmetad.service disabled lvm2-monitor.service enabled mcelog.service enabled mdmon@.service static mdmonitor.service enabled messagebus.service static NetworkManager-wait-online.service enabled NetworkManager.service enabled nfs-blkmap.service disabled nfs-idmap.service disabled nfs-lock.service disabled nfs-mountd.service disabled nfs-rquotad.service disabled nfs-secure-server.service disabled nfs-secure.service disabled nfs-server.service disabled nfs.service disabled nfslock.service disabled nscd.service enabled nslcd.service enabled ntpd.service disabled ntpdate.service disabled openvpn@.service disabled packagekit-offline-update.service enabled pcscd.service static plymouth-halt.service static plymouth-kexec.service static plymouth-poweroff.service static plymouth-quit-wait.service static plymouth-quit.service static plymouth-read-write.service static plymouth-reboot.service static plymouth-start.service static plymouth-switch-root.service static polkit.service static pppoe-server.service disabled psacct.service disabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rngd.service enabled rpcbind.service enabled rpcgssd.service disabled rpcidmapd.service disabled rpcsvcgssd.service disabled rsyslog.service enabled rtkit-daemon.service enabled saslauthd.service disabled sendmail.service enabled serial-getty@.service static single.service static sm-client.service enabled smartd.service enabled snmpd.service disabled snmptrapd.service disabled spice-vdagentd.service enabled sshd.service enabled sssd.service disabled svnserve.service disabled syslog.service enabled systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-binfmt.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-flush.service static systemd-journal-gatewayd.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-modules-load.service static systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed-load.service static systemd-random-seed-save.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-utmp-runlevel.service static systemd-update-utmp-shutdown.service static systemd-user-sessions.service static systemd-vconsole-setup.service static udevadm-cleanup-db.service static udisks2.service static upower.service disabled usbmuxd.service static user@.service static wpa_supplicant.service disabled ypbind.service disabled cups.socket enabled cvs.socket disabled dbus.socket static dm-event.socket enabled lvm2-lvmetad.socket enabled nscd.socket enabled pcscd.socket enabled rpcbind.socket enabled syslog.socket static systemd-initctl.socket static systemd-journal-gatewayd.socket disabled systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup.target static ctrl-alt-del.target disabled cvs.target static default.target enabled emergency.target static final.target static getty.target static graphical.target disabled halt.target disabled hibernate.target static http-daemon.target static hybrid-sleep.target static initrd-switch-root.target static kexec.target disabled local-fs-pre.target static local-fs.target static mail-transfer-agent.target static multi-user.target enabled network.target static nfs.target disabled nss-lookup.target static nss-user-lookup.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target disabled runlevel3.target disabled runlevel4.target disabled runlevel5.target disabled runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static smartcard.target static sockets.target static sound.target static spice-vdagentd.target static suspend.target static swap.target static sysinit.target static syslog.target static system-update.target static time-sync.target static umount.target static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 261 unit files listed. 2013-04-23T19:04:41Z DEBUG stderr= 2013-04-23T19:04:41Z DEBUG Starting external process 2013-04-23T19:04:41Z DEBUG args=/bin/systemctl restart nslcd.service 2013-04-23T19:04:41Z DEBUG Process finished, return code=1 2013-04-23T19:04:41Z DEBUG stdout= 2013-04-23T19:04:41Z DEBUG stderr=Job for nslcd.service failed. See 'systemctl status nslcd.service' and 'journalctl -xn' for details. 2013-04-23T19:04:41Z ERROR nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1 2013-04-23T19:04:41Z DEBUG Starting external process 2013-04-23T19:04:41Z DEBUG args=/bin/systemctl enable nslcd.service 2013-04-23T19:04:41Z DEBUG Process finished, return code=0 2013-04-23T19:04:41Z DEBUG stdout= 2013-04-23T19:04:41Z DEBUG stderr= 2013-04-23T19:04:41Z INFO NSLCD configured using configuration file(s) /etc/nslcd.conf 2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/openldap/ldap.conf' 2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:41Z INFO Configured /etc/openldap/ldap.conf 2013-04-23T19:04:41Z DEBUG Starting external process 2013-04-23T19:04:41Z DEBUG args=getent passwd admin 2013-04-23T19:04:41Z DEBUG Process finished, return code=2 2013-04-23T19:04:41Z DEBUG stdout= 2013-04-23T19:04:41Z DEBUG stderr= 2013-04-23T19:04:42Z DEBUG Starting external process 2013-04-23T19:04:42Z DEBUG args=getent passwd admin 2013-04-23T19:04:42Z DEBUG Process finished, return code=2 2013-04-23T19:04:42Z DEBUG stdout= 2013-04-23T19:04:42Z DEBUG stderr= 2013-04-23T19:04:43Z DEBUG Starting external process 2013-04-23T19:04:43Z DEBUG args=getent passwd admin 2013-04-23T19:04:43Z DEBUG Process finished, return code=2 2013-04-23T19:04:43Z DEBUG stdout= 2013-04-23T19:04:43Z DEBUG stderr= 2013-04-23T19:04:44Z DEBUG Starting external process 2013-04-23T19:04:44Z DEBUG args=getent passwd admin 2013-04-23T19:04:44Z DEBUG Process finished, return code=2 2013-04-23T19:04:44Z DEBUG stdout= 2013-04-23T19:04:44Z DEBUG stderr= 2013-04-23T19:04:45Z DEBUG Starting external process 2013-04-23T19:04:45Z DEBUG args=getent passwd admin 2013-04-23T19:04:45Z DEBUG Process finished, return code=2 2013-04-23T19:04:45Z DEBUG stdout= 2013-04-23T19:04:45Z DEBUG stderr= 2013-04-23T19:04:46Z DEBUG Starting external process 2013-04-23T19:04:46Z DEBUG args=getent passwd admin 2013-04-23T19:04:46Z DEBUG Process finished, return code=2 2013-04-23T19:04:46Z DEBUG stdout= 2013-04-23T19:04:46Z DEBUG stderr= 2013-04-23T19:04:47Z DEBUG Starting external process 2013-04-23T19:04:47Z DEBUG args=getent passwd admin 2013-04-23T19:04:47Z DEBUG Process finished, return code=2 2013-04-23T19:04:47Z DEBUG stdout= 2013-04-23T19:04:47Z DEBUG stderr= 2013-04-23T19:04:48Z DEBUG Starting external process 2013-04-23T19:04:48Z DEBUG args=getent passwd admin 2013-04-23T19:04:48Z DEBUG Process finished, return code=2 2013-04-23T19:04:48Z DEBUG stdout= 2013-04-23T19:04:48Z DEBUG stderr= 2013-04-23T19:04:49Z DEBUG Starting external process 2013-04-23T19:04:49Z DEBUG args=getent passwd admin 2013-04-23T19:04:49Z DEBUG Process finished, return code=2 2013-04-23T19:04:49Z DEBUG stdout= 2013-04-23T19:04:49Z DEBUG stderr= 2013-04-23T19:04:50Z DEBUG Starting external process 2013-04-23T19:04:50Z DEBUG args=getent passwd admin 2013-04-23T19:04:50Z DEBUG Process finished, return code=2 2013-04-23T19:04:50Z DEBUG stdout= 2013-04-23T19:04:50Z DEBUG stderr= 2013-04-23T19:04:51Z ERROR Unable to find 'admin' user with 'getent passwd admin'! 2013-04-23T19:04:51Z INFO Recognized configuration: NSLCD 2013-04-23T19:04:51Z DEBUG Backing up system configuration file '/etc/ssh/ssh_config' 2013-04-23T19:04:51Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:52Z INFO Configured /etc/ssh/ssh_config 2013-04-23T19:04:52Z DEBUG Backing up system configuration file '/etc/ssh/sshd_config' 2013-04-23T19:04:52Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-04-23T19:04:52Z INFO Configured /etc/ssh/sshd_config 2013-04-23T19:04:52Z DEBUG Starting external process 2013-04-23T19:04:52Z DEBUG args=/bin/systemctl is-active sshd.service 2013-04-23T19:04:52Z DEBUG Process finished, return code=0 2013-04-23T19:04:52Z DEBUG stdout=active 2013-04-23T19:04:52Z DEBUG stderr= 2013-04-23T19:04:52Z DEBUG Starting external process 2013-04-23T19:04:52Z DEBUG args=/bin/systemctl restart sshd.service 2013-04-23T19:04:52Z DEBUG Process finished, return code=0 2013-04-23T19:04:52Z DEBUG stdout= 2013-04-23T19:04:52Z DEBUG stderr= 2013-04-23T19:04:52Z DEBUG Starting external process 2013-04-23T19:04:52Z DEBUG args=/bin/systemctl is-active sshd.service 2013-04-23T19:04:52Z DEBUG Process finished, return code=0 2013-04-23T19:04:52Z DEBUG stdout=active 2013-04-23T19:04:52Z DEBUG stderr= 2013-04-23T19:04:52Z INFO Client configuration complete. [root@f18a (F-i386) install-client-cli]
nslcd is failing to start. It doesn't like this line:
map group uniqueMember member
# systemctl status -a nslcd nslcd.service - Naming services LDAP client daemon. Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled) Active: failed (Result: exit-code) since Tue 2013-04-30 12:07:21 EDT; 6s ago Process: 5003 ExecStart=/usr/sbin/nslcd (code=exited, status=1/FAILURE) Main PID: 4968 (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/nslcd.service Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Starting Naming services LDAP client daemon.... Apr 30 12:07:21 rawhide2.greyoak.com nslcd[5003]: nslcd: /etc/nslcd.conf:8: unknown attribute to map: 'uniqueMember' Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: nslcd.service: control process exited, code=exited status=1 Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Failed to start Naming services LDAP client daemon.. Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Unit nslcd.service entered failed state
It appears that 'uniqueMember' became 'member' by default between the 0.8.3 and 0.8.4 releases.
attachment freeipa-rcrit-1099-nslcd.patch
master: bfdcc7c
ipa-3-1: 77cfe8e
Metadata Update from @yizhangid: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)
Login to comment on this ticket.