#3589 error with ipa client install option "--no-sssd": "nslcd failed to restart" & "no 'admin' user found"
Closed: Fixed None Opened 10 years ago by yizhangid.

This error is found on Fedora 18,
[root@f18a (F-i386) install-client-cli] ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER -U --permit --no-sssd
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Hostname: f18a.yzhang.redhat.com
Realm: YZHANG.REDHAT.COM
DNS Domain: yzhang.redhat.com
IPA Server: f18b.yzhang.redhat.com
BaseDN: dc=yzhang,dc=redhat,dc=com

Synchronizing time with KDC...
Enrolled in IPA realm YZHANG.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM
trying https://f18b.yzhang.redhat.com/ipa/xml
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml'
Could not update DNS SSHFP records.
LDAP enabled
Kerberos 5 enabled
LDAP configured using configuration file(s) /etc/pam_ldap.conf
nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1
NSLCD configured using configuration file(s) /etc/nslcd.conf
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: NSLCD
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.

effect: no ipa user can be found vi local "id" command
[root@f18a (F-i386) install-client-cli] ipa user-find testuser27934


1 user matched

User login: testuser27934
First name: test27934
Last name: ipa27934
Home directory: /home/testuser27934
Login shell: /bin/sh
Email address: testuser27934@yzhang.redhat.com
UID: 1308600003
GID: 1308600003
Account disabled: False
Password: True
Kerberos keys available: True


Number of entries returned 1

[root@f18a (F-i386) install-client-cli] id testuser27934
id: testuser27934: no such user

[root@f18a (F-i386) install-client-cli] rpm -qi freeipa-client
Name : freeipa-client
Version : 3.1.3
Release : 4.fc18
Architecture: i686
Install Date: Mon 22 Apr 2013 01:27:32 PM PDT
Group : System Environment/Base
Size : 314533
License : GPLv3+
Signature : RSA/SHA256, Tue 02 Apr 2013 12:51:09 PM PDT, Key ID ff01125cde7f38bd
Source RPM : freeipa-3.1.3-4.fc18.src.rpm
Build Date : Tue 02 Apr 2013 08:00:17 AM PDT
Build Host : buildvm-12.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://www.freeipa.org/
Summary : IPA authentication for use on clients

extra notes:

  • same install option used on RHEL6.4 (ipa-client 3.0.0). The install success, no error msg output. and use local command "id <IPA USER>" returns desired information
  • on rhel, the required package nss-pam-ldapd installed, on fedora, the required package nss_ldap is used. This could be the cause of the problem.

re-post the error output with wikiformat

[root@f18a (F-i386) install-client-cli] ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --server=$MASTER -U --no-sssd
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Hostname: f18a.yzhang.redhat.com
Realm: YZHANG.REDHAT.COM
DNS Domain: yzhang.redhat.com
IPA Server: f18b.yzhang.redhat.com
BaseDN: dc=yzhang,dc=redhat,dc=com

Synchronizing time with KDC...
Enrolled in IPA realm YZHANG.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM
trying https://f18b.yzhang.redhat.com/ipa/xml
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml'
Could not update DNS SSHFP records.
LDAP enabled
Kerberos 5 enabled
LDAP configured using configuration file(s) /etc/pam_ldap.conf
nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1
NSLCD configured using configuration file(s) /etc/nslcd.conf
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: NSLCD
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.

Can you attach the ipaclient-install.log?

somehow the attach function does not work, paste it below:

[root@f18a (F-i386) install-client-cli] cat /var/log/ipaclient-install.log 
2013-04-23T19:02:30Z DEBUG /sbin/ipa-client-install was invoked with options: {'domain': 'yzhang.redhat.com', 'force': False, 'krb5_offline_passwords': True, 'primary': False, 'realm_name': 'YZHANG.REDHAT.COM', 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'on_master': False, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server': None, 'principal': 'admin', 'hostname': None, 'no_ac': False, 'unattended': True, 'sssd': False, 'trust_sshfp': False, 'dns_updates': False, 'mkhomedir': False, 'conf_ssh': True, 'server': ['f18b.yzhang.redhat.com'], 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'uninstall': False}
2013-04-23T19:02:30Z DEBUG missing options might be asked for interactively later
2013-04-23T19:02:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:02:30Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-04-23T19:02:30Z DEBUG Starting external process
2013-04-23T19:02:30Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2013-04-23T19:02:30Z DEBUG Process finished, return code=0
2013-04-23T19:02:30Z DEBUG stdout=enabled

2013-04-23T19:02:30Z DEBUG stderr=
2013-04-23T19:02:30Z DEBUG [IPA Discovery]
2013-04-23T19:02:30Z DEBUG Starting IPA discovery with domain=yzhang.redhat.com, servers=['f18b.yzhang.redhat.com'], hostname=f18a.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG Server and domain forced
2013-04-23T19:02:30Z DEBUG [Kerberos realm search]
2013-04-23T19:02:30Z DEBUG Search DNS for TXT record of _kerberos.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG DNS record not found: NXDOMAIN
2013-04-23T19:02:30Z DEBUG [LDAP server check]
2013-04-23T19:02:30Z DEBUG Verifying that f18b.yzhang.redhat.com (realm None) is an IPA server
2013-04-23T19:02:30Z DEBUG Init LDAP connection with: ldap://f18b.yzhang.redhat.com:389
2013-04-23T19:02:30Z DEBUG Search LDAP server for IPA base DN
2013-04-23T19:02:30Z DEBUG Check if naming context 'dc=yzhang,dc=redhat,dc=com' is for IPA
2013-04-23T19:02:30Z DEBUG Naming context 'dc=yzhang,dc=redhat,dc=com' is a valid IPA context
2013-04-23T19:02:30Z DEBUG Search for (objectClass=krbRealmContainer) in dc=yzhang,dc=redhat,dc=com (sub)
2013-04-23T19:02:30Z DEBUG Found: cn=YZHANG.REDHAT.COM,cn=kerberos,dc=yzhang,dc=redhat,dc=com
2013-04-23T19:02:30Z DEBUG Discovery result: Success; server=f18b.yzhang.redhat.com, domain=yzhang.redhat.com, kdc=None, basedn=dc=yzhang,dc=redhat,dc=com
2013-04-23T19:02:30Z DEBUG Validated servers: f18b.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG will use discovered domain: yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG Using servers from command line, disabling DNS discovery
2013-04-23T19:02:30Z DEBUG will use provided server: f18b.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG will use discovered realm: YZHANG.REDHAT.COM
2013-04-23T19:02:30Z DEBUG will use discovered basedn: dc=yzhang,dc=redhat,dc=com
2013-04-23T19:02:30Z INFO Hostname: f18a.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG Hostname source: Machine's FQDN
2013-04-23T19:02:30Z INFO Realm: YZHANG.REDHAT.COM
2013-04-23T19:02:30Z DEBUG Realm source: Discovered from LDAP DNS records in f18b.yzhang.redhat.com
2013-04-23T19:02:30Z INFO DNS Domain: yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG DNS Domain source: Forced
2013-04-23T19:02:30Z INFO IPA Server: f18b.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG IPA Server source: Provided as option
2013-04-23T19:02:30Z INFO BaseDN: dc=yzhang,dc=redhat,dc=com
2013-04-23T19:02:30Z DEBUG BaseDN source: From IPA server ldap://f18b.yzhang.redhat.com:389
2013-04-23T19:02:30Z DEBUG Starting external process
2013-04-23T19:02:30Z DEBUG args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r YZHANG.REDHAT.COM
2013-04-23T19:02:30Z DEBUG Process finished, return code=5
2013-04-23T19:02:30Z DEBUG stdout=
2013-04-23T19:02:30Z DEBUG stderr=realm not found

2013-04-23T19:02:30Z INFO Synchronizing time with KDC...
2013-04-23T19:02:30Z DEBUG Search DNS for SRV record of _ntp._udp.yzhang.redhat.com
2013-04-23T19:02:30Z DEBUG DNS record not found: NXDOMAIN
2013-04-23T19:02:30Z DEBUG Starting external process
2013-04-23T19:02:30Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v f18b.yzhang.redhat.com
2013-04-23T19:04:11Z DEBUG Process finished, return code=0
2013-04-23T19:04:11Z DEBUG stdout=
2013-04-23T19:04:11Z DEBUG stderr=
2013-04-23T19:04:11Z DEBUG Writing Kerberos configuration to /tmp/tmp8xDaKN:
2013-04-23T19:04:11Z DEBUG #File modified by ipa-client-install

[libdefaults]
  default_realm = YZHANG.REDHAT.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  YZHANG.REDHAT.COM = {
    kdc = f18b.yzhang.redhat.com:88
    master_kdc = f18b.yzhang.redhat.com:88
    admin_server = f18b.yzhang.redhat.com:749
    default_domain = yzhang.redhat.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .yzhang.redhat.com = YZHANG.REDHAT.COM
  yzhang.redhat.com = YZHANG.REDHAT.COM

2013-04-23T19:04:11Z DEBUG Starting external process
2013-04-23T19:04:11Z DEBUG args=kinit admin@YZHANG.REDHAT.COM
2013-04-23T19:04:11Z DEBUG Process finished, return code=0
2013-04-23T19:04:11Z DEBUG stdout=Password for admin@YZHANG.REDHAT.COM:

2013-04-23T19:04:11Z DEBUG stderr=
2013-04-23T19:04:11Z DEBUG trying to retrieve CA cert via LDAP from ldap://f18b.yzhang.redhat.com
2013-04-23T19:04:11Z DEBUG Existing CA cert and Retrieved CA cert are identical
2013-04-23T19:04:11Z DEBUG Starting external process
2013-04-23T19:04:11Z DEBUG args=/usr/sbin/ipa-join -s f18b.yzhang.redhat.com -b dc=yzhang,dc=redhat,dc=com
2013-04-23T19:04:12Z DEBUG Process finished, return code=0
2013-04-23T19:04:12Z DEBUG stdout=
2013-04-23T19:04:12Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=YZHANG.REDHAT.COM

2013-04-23T19:04:12Z INFO Enrolled in IPA realm YZHANG.REDHAT.COM
2013-04-23T19:04:12Z DEBUG Starting external process
2013-04-23T19:04:12Z DEBUG args=kdestroy
2013-04-23T19:04:12Z DEBUG Process finished, return code=0
2013-04-23T19:04:12Z DEBUG stdout=
2013-04-23T19:04:12Z DEBUG stderr=
2013-04-23T19:04:12Z DEBUG Starting external process
2013-04-23T19:04:12Z DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:12Z DEBUG Process finished, return code=0
2013-04-23T19:04:12Z DEBUG stdout=
2013-04-23T19:04:12Z DEBUG stderr=
2013-04-23T19:04:12Z DEBUG Backing up system configuration file '/etc/ipa/default.conf'
2013-04-23T19:04:12Z DEBUG   -> Not backing up - '/etc/ipa/default.conf' doesn't exist
2013-04-23T19:04:12Z INFO Created /etc/ipa/default.conf
2013-04-23T19:04:12Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'...
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/entitle.py'
2013-04-23T19:04:12Z DEBUG skipping plugin module ipalib.plugins.entitle: No module named rhsm.connection
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
2013-04-23T19:04:12Z DEBUG Starting external process
2013-04-23T19:04:12Z DEBUG args=klist -V
2013-04-23T19:04:12Z DEBUG Process finished, return code=0
2013-04-23T19:04:12Z DEBUG stdout=Kerberos 5 version 1.10.3

2013-04-23T19:04:12Z DEBUG stderr=
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
2013-04-23T19:04:12Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'
2013-04-23T19:04:13Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf'
2013-04-23T19:04:13Z DEBUG   -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=
2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Backing up system configuration file '/etc/krb5.conf'
2013-04-23T19:04:13Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:13Z DEBUG Writing Kerberos configuration to /etc/krb5.conf:
2013-04-23T19:04:13Z DEBUG #File modified by ipa-client-install

[libdefaults]
  default_realm = YZHANG.REDHAT.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  YZHANG.REDHAT.COM = {
    kdc = f18b.yzhang.redhat.com:88
    master_kdc = f18b.yzhang.redhat.com:88
    admin_server = f18b.yzhang.redhat.com:749
    default_domain = yzhang.redhat.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .yzhang.redhat.com = YZHANG.REDHAT.COM
  yzhang.redhat.com = YZHANG.REDHAT.COM

2013-04-23T19:04:13Z INFO Configured /etc/krb5.conf for IPA realm YZHANG.REDHAT.COM
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=1009308396

2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=keyctl unlink 1009308396 @s
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=
2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:13Z DEBUG Process finished, return code=1
2013-04-23T19:04:13Z DEBUG stdout=
2013-04-23T19:04:13Z DEBUG stderr=keyctl_search: Required key not available

2013-04-23T19:04:13Z DEBUG failed to find session_cookie in persistent storage for principal 'host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM'
2013-04-23T19:04:13Z INFO trying https://f18b.yzhang.redhat.com/ipa/xml
2013-04-23T19:04:13Z DEBUG Created connection context.xmlclient
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/bin/systemctl start messagebus.service
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=
2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/bin/systemctl is-active messagebus.service
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=active

2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/bin/systemctl restart certmonger.service
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=
2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/bin/systemctl is-active certmonger.service
2013-04-23T19:04:13Z DEBUG Process finished, return code=0
2013-04-23T19:04:13Z DEBUG stdout=active

2013-04-23T19:04:13Z DEBUG stderr=
2013-04-23T19:04:13Z DEBUG Starting external process
2013-04-23T19:04:13Z DEBUG args=/bin/systemctl restart certmonger.service
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl is-active certmonger.service
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=active

2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl enable certmonger.service
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=ln -s '/usr/lib/systemd/system/certmonger.service' '/etc/systemd/system/multi-user.target.wants/certmonger.service'

2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - f18a.yzhang.redhat.com -N CN=f18a.yzhang.redhat.com,O=YZHANG.REDHAT.COM -K host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=New signing request "20130423190414" added.

2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
2013-04-23T19:04:14Z INFO Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
2013-04-23T19:04:14Z DEBUG raw: host_mod(u'f18a.yzhang.redhat.com', ipasshpubkey=[u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC35npIFOA3BxPdEwC6TfOTCj/3d9CDwZtCHFUbvw9ZGAjJyt3WKtyHDwrZ9AmzdYR+bsqowgd9SoJpCEUlxM8eJK2NBvpJ3jL1NTSpma/izrLVS9xG6fF6p93RVcNQ21in/LT1XKAqIFikJBZV4XHnO8CfRHLK99sXgHS4lBUonWYTEo9da+ZQ9MeR9jXIL6rSs52A1MoFge1vtU69d1XozB/tsdz5SJbLraKUKQWJzp+qYbTaJJY7lZ1ctHwUWBhrY1sis8OtH7CJ4O4jxPhClcT8pEdEjUA5D+Ku72ZKBBefdVmo3YcOKL4XuTlJviNBdl3CeauTTmt5+GVg9AX/', u'ssh-dss AAAAB3NzaC1kc3MAAACBAN3Qza2cIRs3etyNMmPkq9N5shmI8ATMgripQXS/FwzfQuNQQqzjxJFYsPZ/X3NToA9R9/ol3tE7tbTgteJEK506cbq5nRLQjR1VL0Y7I4kAS8qtyH5iNKC87dubDNwMYebkr5o1+afTpOQguvzyCqWERo4c4df7KN/qy9p6svsHAAAAFQCYuEsjFuWsUdJpTz65WF54AzD9kwAAAIEAwzRRd/uVDTadr2ZgrAssqMUi/pyDT1MFrTUTE6STZjcjSrcqxSY6B293Ztx3rkNBxqSIo2GJgjqwD1bZwUQv/t79ZXjZOQlevRUqPHLDwfedWT4HAy/EiWP8GbZBCvDI9vfzDBN9tU0DVZFoBgId9NKKvpzmfsC/RXmE7C2ImdkAAACARnywxsXgfwlMIA/nRa9fGWoChSjgMLPGLrgw7dXFMfUusNLObH26G2mRsy1a7qXPFdVvsLDdSkRiPYgLf4BtIweSIHGgH9XmD9mSR9Za0lbh3BCJnZMsPS8tuOxK6Q6HgUYtK2fKQai+R/Z+b3aRBE8nm51U9uTSEaH/Al/SNg8='], updatedns=False)
2013-04-23T19:04:14Z DEBUG host_mod(u'f18a.yzhang.redhat.com', random=False, ipasshpubkey=(u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC35npIFOA3BxPdEwC6TfOTCj/3d9CDwZtCHFUbvw9ZGAjJyt3WKtyHDwrZ9AmzdYR+bsqowgd9SoJpCEUlxM8eJK2NBvpJ3jL1NTSpma/izrLVS9xG6fF6p93RVcNQ21in/LT1XKAqIFikJBZV4XHnO8CfRHLK99sXgHS4lBUonWYTEo9da+ZQ9MeR9jXIL6rSs52A1MoFge1vtU69d1XozB/tsdz5SJbLraKUKQWJzp+qYbTaJJY7lZ1ctHwUWBhrY1sis8OtH7CJ4O4jxPhClcT8pEdEjUA5D+Ku72ZKBBefdVmo3YcOKL4XuTlJviNBdl3CeauTTmt5+GVg9AX/', u'ssh-dss AAAAB3NzaC1kc3MAAACBAN3Qza2cIRs3etyNMmPkq9N5shmI8ATMgripQXS/FwzfQuNQQqzjxJFYsPZ/X3NToA9R9/ol3tE7tbTgteJEK506cbq5nRLQjR1VL0Y7I4kAS8qtyH5iNKC87dubDNwMYebkr5o1+afTpOQguvzyCqWERo4c4df7KN/qy9p6svsHAAAAFQCYuEsjFuWsUdJpTz65WF54AzD9kwAAAIEAwzRRd/uVDTadr2ZgrAssqMUi/pyDT1MFrTUTE6STZjcjSrcqxSY6B293Ztx3rkNBxqSIo2GJgjqwD1bZwUQv/t79ZXjZOQlevRUqPHLDwfedWT4HAy/EiWP8GbZBCvDI9vfzDBN9tU0DVZFoBgId9NKKvpzmfsC/RXmE7C2ImdkAAACARnywxsXgfwlMIA/nRa9fGWoChSjgMLPGLrgw7dXFMfUusNLObH26G2mRsy1a7qXPFdVvsLDdSkRiPYgLf4BtIweSIHGgH9XmD9mSR9Za0lbh3BCJnZMsPS8tuOxK6Q6HgUYtK2fKQai+R/Z+b3aRBE8nm51U9uTSEaH/Al/SNg8='), rights=False, updatedns=False, all=False, raw=False)
2013-04-23T19:04:14Z INFO Forwarding 'host_mod' to server u'https://f18b.yzhang.redhat.com/ipa/xml'
2013-04-23T19:04:14Z DEBUG NSSConnection init f18b.yzhang.redhat.com
2013-04-23T19:04:14Z DEBUG Connecting: 192.168.122.22:0
2013-04-23T19:04:14Z DEBUG auth_certificate_callback: check_sig=True is_server=False
Data:
        Version:       3 (0x2)
        Serial Number: 9 (0x9)
        Signature Algorithm:
            Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: CN=Certificate Authority,O=YZHANG.REDHAT.COM
        Validity:
            Not Before: Mon Apr 22 20:39:30 2013 UTC
            Not After:  Thu Apr 23 20:39:30 2015 UTC
        Subject: CN=f18b.yzhang.redhat.com,O=YZHANG.REDHAT.COM
        Subject Public Key Info:
            Public Key Algorithm:
                Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:61:25:e0:91:38:4b:bb:a5:08:3b:b4:dc:dd:6f:20:
                    f3:e5:6c:da:d5:60:22:e9:b9:66:18:52:de:a6:75:bd:
                    40:3b:3d:39:0e:98:4c:84:fc:78:ca:5d:67:e8:cf:89:
                    2d:39:7d:65:65:4f:6b:aa:51:37:bf:c4:8e:2b:31:7d:
                    05:a0:a3:c8:80:fe:10:de:12:4c:67:36:ad:2d:22:56:
                    4d:06:79:64:02:59:4e:cc:e5:de:7a:1e:c4:d6:40:5e:
                    1e:2c:ac:96:b4:90:8d:58:a8:c1:e2:d7:fa:dc:2b:43:
                    8b:87:8e:45:4b:d4:45:6f:95:95:66:a9:26:94:4a:40:
                    f4:9f:73:0a:9c:9b:eb:ce:47:1b:ce:2d:ed:14:e3:c8:
                    30:56:91:63:11:aa:4c:89:b0:9d:f3:1d:66:4d:4d:83:
                    25:1c:16:90:90:1f:da:9b:ab:53:47:d2:9f:ad:33:6b:
                    26:a0:67:9a:84:9a:21:a6:e9:4a:16:6f:3f:de:c3:01:
                    a5:1d:97:05:f3:d7:4b:80:8b:51:19:e4:ab:ba:a3:df:
                    64:de:d1:a2:ce:5f:69:57:09:30:e6:5d:d2:0f:5a:c6:
                    3e:88:b4:20:c8:0a:b0:1e:b5:eb:68:dc:ac:ac:22:82:
                    3d:ad:c1:92:9e:e4:42:fa:e5:0c:65:59:97:c6:0f:bf
                Exponent:
                    65537 (0x10001)
    Signed Extensions: (6)
        Name:     Certificate Authority Key Identifier
        Critical: False
        Key ID:
            d7:f7:e9:a6:2a:51:51:58:c1:7f:fc:60:36:dd:34:fb:
            d1:8d:60:ee
        Serial Number: None
        General Names: [0 total]

        Name:     Authority Information Access
        Critical: False

        Name:     Certificate Key Usage
        Critical: True
        Usages:
            Digital Signature
            Non-Repudiation
            Key Encipherment
            Data Encipherment

        Name:     Extended Key Usage
        Critical: False
        Usages:
            TLS Web Server Authentication Certificate
            TLS Web Client Authentication Certificate

        Name:     CRL Distribution Points
        Critical: False
        CRL Distribution Points: [2 total]
            Point [1]:
                General Names: [1 total]
                    https://ipa-ca.yzhang.redhat.com/ipa/crl/MasterCRL.bin
                Issuer:  Directory Name: CN=Certificate Authority,O=ipaca
                Reasons: ()
            Point [2]:
                General Names: [1 total]
                    https://f18b.yzhang.redhat.com/ipa/crl/MasterCRL.bin
                Issuer:  Directory Name: CN=Certificate Authority,O=ipaca
                Reasons: ()

        Name:     Certificate Subject Key ID
        Critical: False
        Data:
            7b:02:73:72:c1:5b:6f:81:b7:42:18:f0:5e:52:14:29:
            c1:26:26:31

    Signature:
        Signature Algorithm:
            Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Signature:
            22:c3:be:4b:36:1f:7e:57:f5:29:21:59:14:23:38:ff:
            1a:ac:a3:ea:00:53:49:fb:05:e6:89:35:1a:ab:64:12:
            dd:80:bc:cb:80:e6:bc:67:cd:82:46:18:3f:66:2e:22:
            72:52:6b:41:e9:81:d0:03:17:b9:3e:84:6d:3c:07:80:
            eb:4d:60:40:e7:0d:6d:23:bf:f6:4f:5a:89:8c:e3:92:
            ab:bd:0f:a9:3d:93:51:0f:e3:72:86:71:ba:89:1d:fb:
            f7:59:99:31:89:94:ae:04:e8:60:15:d6:98:ea:d7:86:
            b7:05:96:fe:d5:78:4e:89:4d:20:60:bf:35:c6:3d:67:
            d7:a2:ac:f8:32:69:40:82:af:cb:dc:3a:d0:61:6c:f0:
            f2:90:c5:50:8b:d0:73:20:46:0e:dd:07:9b:f3:65:a6:
            3f:5c:79:c6:9f:58:4e:38:0b:4e:9b:e2:c9:45:34:0c:
            bc:97:19:4c:e8:b7:96:a2:b8:f8:ef:d6:dc:54:83:de:
            2a:86:a8:c0:f5:77:65:31:56:5a:d1:ee:f4:e0:68:64:
            c5:7b:55:e4:7e:d1:39:49:41:a2:aa:7f:cd:16:32:7b:
            7f:36:3c:ec:fd:58:ef:2c:10:7b:ff:ce:0e:49:ff:13:
            13:31:d6:d3:64:7c:3f:2d:d3:10:98:af:f8:3e:46:01
        Fingerprint (MD5):
            e6:6f:71:b9:a7:95:2c:8e:a5:d9:7e:13:1f:20:90:26
        Fingerprint (SHA1):
            2b:e1:f2:98:e8:9e:bb:41:ed:20:40:2c:ee:4d:02:27:
            42:5e:5a:d9
2013-04-23T19:04:14Z DEBUG approved_usage = SSLServer intended_usage = SSLServer
2013-04-23T19:04:14Z DEBUG cert valid True for "CN=f18b.yzhang.redhat.com,O=YZHANG.REDHAT.COM"
2013-04-23T19:04:14Z DEBUG handshake complete, peer = 192.168.122.22:443
2013-04-23T19:04:14Z DEBUG received Set-Cookie 'ipa_session=6a5266d7c1308f6a8cc7b8985fb249c4; Domain=f18b.yzhang.redhat.com; Path=/ipa; Expires=Tue, 23 Apr 2013 19:24:14 GMT; Secure; HttpOnly'
2013-04-23T19:04:14Z DEBUG storing cookie 'ipa_session=6a5266d7c1308f6a8cc7b8985fb249c4; Domain=f18b.yzhang.redhat.com; Path=/ipa; Expires=Tue, 23 Apr 2013 19:24:14 GMT; Secure; HttpOnly' for principal host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:14Z DEBUG Process finished, return code=1
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=keyctl_search: Required key not available

2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=keyctl search @s user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM
2013-04-23T19:04:14Z DEBUG Process finished, return code=1
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=keyctl_search: Required key not available

2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=keyctl padd user ipa_session_cookie:host/f18a.yzhang.redhat.com@YZHANG.REDHAT.COM @s
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=350485715

2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Caught fault 4202 from server https://f18b.yzhang.redhat.com/ipa/xml: no modifications to be performed
2013-04-23T19:04:14Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt:
2013-04-23T19:04:14Z DEBUG zone yzhang.redhat.com.
update delete f18a.yzhang.redhat.com. IN SSHFP
send
update add f18a.yzhang.redhat.com. 1200 IN SSHFP 1 1 0A8516CF6D985972BB7B0A6F4B28585D9D61A50E
update add f18a.yzhang.redhat.com. 1200 IN SSHFP 2 1 A9E81A48DB6A9FC938B1FF4BE8792C390098CE1F
send

2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
2013-04-23T19:04:14Z DEBUG Process finished, return code=1
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server DNS/env.yzhang.redhat.com@YZHANG.REDHAT.COM not found in Kerberos database.

2013-04-23T19:04:14Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1
2013-04-23T19:04:14Z WARNING Could not update DNS SSHFP records.
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl list-unit-files --full
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=UNIT FILE                                   STATE   
proc-sys-fs-binfmt_misc.automount           static  
dev-hugepages.mount                         static  
dev-mqueue.mount                            static  
proc-fs-nfsd.mount                          static  
proc-sys-fs-binfmt_misc.mount               static  
sys-fs-fuse-connections.mount               static  
sys-kernel-config.mount                     static  
sys-kernel-debug.mount                      static  
tmp.mount                                   static  
var-lib-nfs-rpc_pipefs.mount                static  
cups.path                                   enabled 
systemd-ask-password-console.path           static  
systemd-ask-password-plymouth.path          static  
systemd-ask-password-wall.path              static  
abrt-ccpp.service                           enabled 
abrt-oops.service                           enabled 
abrt-vmcore.service                         enabled 
abrt-xorg.service                           enabled 
abrtd.service                               enabled 
accounts-daemon.service                     enabled 
alsa-restore.service                        static  
alsa-store.service                          static  
arp-ethers.service                          disabled
atd.service                                 enabled 
auditd.service                              enabled 
autofs.service                              disabled
autovt@.service                             disabled
blk-availability.service                    disabled
bluetooth.service                           enabled 
canberra-system-bootup.service              disabled
canberra-system-shutdown-reboot.service     disabled
canberra-system-shutdown.service            disabled
capi.service                                disabled
certmonger.service                          enabled 
chrony-wait.service                         disabled
chronyd.service                             enabled 
colord.service                              static  
configure-printer@.service                  static  
console-getty.service                       disabled
console-kit-daemon.service                  disabled
console-kit-log-system-restart.service      static  
console-kit-log-system-start.service        static  
console-kit-log-system-stop.service         static  
console-shell.service                       disabled
crond.service                               enabled 
cups.service                                enabled 
cvs@.service                                static  
dbus-org.bluez.service                      enabled 
dbus-org.fedoraproject.FirewallD1.service   enabled 
dbus-org.freedesktop.hostname1.service      static  
dbus-org.freedesktop.locale1.service        static  
dbus-org.freedesktop.login1.service         static  
dbus-org.freedesktop.NetworkManager.service enabled 
dbus-org.freedesktop.timedate1.service      static  
dbus.service                                static  
debug-shell.service                         disabled
display-manager.service                     enabled 
dm-event.service                            disabled
dnsmasq.service                             disabled
dracut-cmdline.service                      static  
dracut-initqueue.service                    static  
dracut-pre-pivot.service                    static  
dracut-pre-trigger.service                  static  
dracut-pre-udev.service                     static  
dracut-shutdown.service                     static  
emergency.service                           static  
fedora-autorelabel-mark.service             static  
fedora-autorelabel.service                  static  
fedora-configure.service                    static  
fedora-import-state.service                 static  
fedora-loadmodules.service                  static  
fedora-readonly.service                     static  
fedora-storage-init-late.service            static  
fedora-storage-init.service                 static  
firewalld.service                           enabled 
firstboot-graphical.service                 disabled
getty@.service                              enabled 
halt-local.service                          static  
initrd-switch-root.service                  static  
irda.service                                disabled
irqbalance.service                          enabled 
isdn.service                                disabled
lightdm.service                             enabled 
lvm2-lvmetad.service                        disabled
lvm2-monitor.service                        enabled 
mcelog.service                              enabled 
mdmon@.service                              static  
mdmonitor.service                           enabled 
messagebus.service                          static  
NetworkManager-wait-online.service          enabled 
NetworkManager.service                      enabled 
nfs-blkmap.service                          disabled
nfs-idmap.service                           disabled
nfs-lock.service                            disabled
nfs-mountd.service                          disabled
nfs-rquotad.service                         disabled
nfs-secure-server.service                   disabled
nfs-secure.service                          disabled
nfs-server.service                          disabled
nfs.service                                 disabled
nfslock.service                             disabled
nscd.service                                enabled 
nslcd.service                               disabled
ntpd.service                                disabled
ntpdate.service                             disabled
openvpn@.service                            disabled
packagekit-offline-update.service           enabled 
pcscd.service                               static  
plymouth-halt.service                       static  
plymouth-kexec.service                      static  
plymouth-poweroff.service                   static  
plymouth-quit-wait.service                  static  
plymouth-quit.service                       static  
plymouth-read-write.service                 static  
plymouth-reboot.service                     static  
plymouth-start.service                      static  
plymouth-switch-root.service                static  
polkit.service                              static  
pppoe-server.service                        disabled
psacct.service                              disabled
quotaon.service                             static  
rc-local.service                            static  
rdisc.service                               disabled
rescue.service                              static  
rngd.service                                enabled 
rpcbind.service                             enabled 
rpcgssd.service                             disabled
rpcidmapd.service                           disabled
rpcsvcgssd.service                          disabled
rsyslog.service                             enabled 
rtkit-daemon.service                        enabled 
saslauthd.service                           disabled
sendmail.service                            enabled 
serial-getty@.service                       static  
single.service                              static  
sm-client.service                           enabled 
smartd.service                              enabled 
snmpd.service                               disabled
snmptrapd.service                           disabled
spice-vdagentd.service                      enabled 
sshd.service                                enabled 
sssd.service                                disabled
svnserve.service                            disabled
syslog.service                              enabled 
systemd-ask-password-console.service        static  
systemd-ask-password-plymouth.service       static  
systemd-ask-password-wall.service           static  
systemd-binfmt.service                      static  
systemd-fsck-root.service                   static  
systemd-fsck@.service                       static  
systemd-halt.service                        static  
systemd-hibernate.service                   static  
systemd-hostnamed.service                   static  
systemd-hybrid-sleep.service                static  
systemd-initctl.service                     static  
systemd-journal-flush.service               static  
systemd-journal-gatewayd.service            static  
systemd-journald.service                    static  
systemd-kexec.service                       static  
systemd-localed.service                     static  
systemd-logind.service                      static  
systemd-modules-load.service                static  
systemd-poweroff.service                    static  
systemd-quotacheck.service                  static  
systemd-random-seed-load.service            static  
systemd-random-seed-save.service            static  
systemd-readahead-collect.service           enabled 
systemd-readahead-done.service              static  
systemd-readahead-drop.service              enabled 
systemd-readahead-replay.service            enabled 
systemd-reboot.service                      static  
systemd-remount-fs.service                  static  
systemd-shutdownd.service                   static  
systemd-suspend.service                     static  
systemd-sysctl.service                      static  
systemd-timedated.service                   static  
systemd-tmpfiles-clean.service              static  
systemd-tmpfiles-setup.service              static  
systemd-udev-settle.service                 static  
systemd-udev-trigger.service                static  
systemd-udevd.service                       static  
systemd-update-utmp-runlevel.service        static  
systemd-update-utmp-shutdown.service        static  
systemd-user-sessions.service               static  
systemd-vconsole-setup.service              static  
udevadm-cleanup-db.service                  static  
udisks2.service                             static  
upower.service                              disabled
usbmuxd.service                             static  
user@.service                               static  
wpa_supplicant.service                      disabled
ypbind.service                              disabled
cups.socket                                 enabled 
cvs.socket                                  disabled
dbus.socket                                 static  
dm-event.socket                             enabled 
lvm2-lvmetad.socket                         enabled 
nscd.socket                                 enabled 
pcscd.socket                                enabled 
rpcbind.socket                              enabled 
syslog.socket                               static  
systemd-initctl.socket                      static  
systemd-journal-gatewayd.socket             disabled
systemd-journald.socket                     static  
systemd-shutdownd.socket                    static  
systemd-udevd-control.socket                static  
systemd-udevd-kernel.socket                 static  
basic.target                                static  
bluetooth.target                            static  
cryptsetup.target                           static  
ctrl-alt-del.target                         disabled
cvs.target                                  static  
default.target                              enabled 
emergency.target                            static  
final.target                                static  
getty.target                                static  
graphical.target                            disabled
halt.target                                 disabled
hibernate.target                            static  
http-daemon.target                          static  
hybrid-sleep.target                         static  
initrd-switch-root.target                   static  
kexec.target                                disabled
local-fs-pre.target                         static  
local-fs.target                             static  
mail-transfer-agent.target                  static  
multi-user.target                           enabled 
network.target                              static  
nfs.target                                  disabled
nss-lookup.target                           static  
nss-user-lookup.target                      static  
poweroff.target                             disabled
printer.target                              static  
reboot.target                               disabled
remote-fs-pre.target                        static  
remote-fs.target                            enabled 
rescue.target                               disabled
rpcbind.target                              static  
runlevel0.target                            disabled
runlevel1.target                            disabled
runlevel2.target                            disabled
runlevel3.target                            disabled
runlevel4.target                            disabled
runlevel5.target                            disabled
runlevel6.target                            disabled
shutdown.target                             static  
sigpwr.target                               static  
sleep.target                                static  
smartcard.target                            static  
sockets.target                              static  
sound.target                                static  
spice-vdagentd.target                       static  
suspend.target                              static  
swap.target                                 static  
sysinit.target                              static  
syslog.target                               static  
system-update.target                        static  
time-sync.target                            static  
umount.target                               static  
systemd-readahead-done.timer                static  
systemd-tmpfiles-clean.timer                static

261 unit files listed.

2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl restart nscd.service
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=
2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl is-active nscd.service
2013-04-23T19:04:14Z DEBUG Process finished, return code=0
2013-04-23T19:04:14Z DEBUG stdout=active

2013-04-23T19:04:14Z DEBUG stderr=
2013-04-23T19:04:14Z DEBUG Starting external process
2013-04-23T19:04:14Z DEBUG args=/bin/systemctl enable nscd.service
2013-04-23T19:04:15Z DEBUG Process finished, return code=0
2013-04-23T19:04:15Z DEBUG stdout=
2013-04-23T19:04:15Z DEBUG stderr=
2013-04-23T19:04:15Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-04-23T19:04:15Z DEBUG Starting external process
2013-04-23T19:04:15Z DEBUG args=/usr/sbin/authconfig --enableforcelegacy --update --enableldap
2013-04-23T19:04:40Z DEBUG Process finished, return code=0
2013-04-23T19:04:40Z DEBUG stdout=
2013-04-23T19:04:40Z DEBUG stderr=
2013-04-23T19:04:40Z INFO LDAP enabled
2013-04-23T19:04:40Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-04-23T19:04:40Z DEBUG Starting external process
2013-04-23T19:04:40Z DEBUG args=/usr/sbin/authconfig --enablekrb5 --nostart --update
2013-04-23T19:04:41Z DEBUG Process finished, return code=0
2013-04-23T19:04:41Z DEBUG stdout=
2013-04-23T19:04:41Z DEBUG stderr=
2013-04-23T19:04:41Z INFO Kerberos 5 enabled
2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/pam_ldap.conf'
2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:41Z INFO LDAP configured using configuration file(s) /etc/pam_ldap.conf
2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/nslcd.conf'
2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:41Z DEBUG Starting external process
2013-04-23T19:04:41Z DEBUG args=/bin/systemctl list-unit-files --full
2013-04-23T19:04:41Z DEBUG Process finished, return code=0
2013-04-23T19:04:41Z DEBUG stdout=UNIT FILE                                   STATE   
proc-sys-fs-binfmt_misc.automount           static  
dev-hugepages.mount                         static  
dev-mqueue.mount                            static  
proc-fs-nfsd.mount                          static  
proc-sys-fs-binfmt_misc.mount               static  
sys-fs-fuse-connections.mount               static  
sys-kernel-config.mount                     static  
sys-kernel-debug.mount                      static  
tmp.mount                                   static  
var-lib-nfs-rpc_pipefs.mount                static  
cups.path                                   enabled 
systemd-ask-password-console.path           static  
systemd-ask-password-plymouth.path          static  
systemd-ask-password-wall.path              static  
abrt-ccpp.service                           enabled 
abrt-oops.service                           enabled 
abrt-vmcore.service                         enabled 
abrt-xorg.service                           enabled 
abrtd.service                               enabled 
accounts-daemon.service                     enabled 
alsa-restore.service                        static  
alsa-store.service                          static  
arp-ethers.service                          disabled
atd.service                                 enabled 
auditd.service                              enabled 
autofs.service                              disabled
autovt@.service                             disabled
blk-availability.service                    disabled
bluetooth.service                           enabled 
canberra-system-bootup.service              disabled
canberra-system-shutdown-reboot.service     disabled
canberra-system-shutdown.service            disabled
capi.service                                disabled
certmonger.service                          enabled 
chrony-wait.service                         disabled
chronyd.service                             enabled 
colord.service                              static  
configure-printer@.service                  static  
console-getty.service                       disabled
console-kit-daemon.service                  disabled
console-kit-log-system-restart.service      static  
console-kit-log-system-start.service        static  
console-kit-log-system-stop.service         static  
console-shell.service                       disabled
crond.service                               enabled 
cups.service                                enabled 
cvs@.service                                static  
dbus-org.bluez.service                      enabled 
dbus-org.fedoraproject.FirewallD1.service   enabled 
dbus-org.freedesktop.hostname1.service      static  
dbus-org.freedesktop.locale1.service        static  
dbus-org.freedesktop.login1.service         static  
dbus-org.freedesktop.NetworkManager.service enabled 
dbus-org.freedesktop.timedate1.service      static  
dbus.service                                static  
debug-shell.service                         disabled
display-manager.service                     enabled 
dm-event.service                            disabled
dnsmasq.service                             disabled
dracut-cmdline.service                      static  
dracut-initqueue.service                    static  
dracut-pre-pivot.service                    static  
dracut-pre-trigger.service                  static  
dracut-pre-udev.service                     static  
dracut-shutdown.service                     static  
emergency.service                           static  
fedora-autorelabel-mark.service             static  
fedora-autorelabel.service                  static  
fedora-configure.service                    static  
fedora-import-state.service                 static  
fedora-loadmodules.service                  static  
fedora-readonly.service                     static  
fedora-storage-init-late.service            static  
fedora-storage-init.service                 static  
firewalld.service                           enabled 
firstboot-graphical.service                 disabled
getty@.service                              enabled 
halt-local.service                          static  
initrd-switch-root.service                  static  
irda.service                                disabled
irqbalance.service                          enabled 
isdn.service                                disabled
lightdm.service                             enabled 
lvm2-lvmetad.service                        disabled
lvm2-monitor.service                        enabled 
mcelog.service                              enabled 
mdmon@.service                              static  
mdmonitor.service                           enabled 
messagebus.service                          static  
NetworkManager-wait-online.service          enabled 
NetworkManager.service                      enabled 
nfs-blkmap.service                          disabled
nfs-idmap.service                           disabled
nfs-lock.service                            disabled
nfs-mountd.service                          disabled
nfs-rquotad.service                         disabled
nfs-secure-server.service                   disabled
nfs-secure.service                          disabled
nfs-server.service                          disabled
nfs.service                                 disabled
nfslock.service                             disabled
nscd.service                                enabled 
nslcd.service                               enabled 
ntpd.service                                disabled
ntpdate.service                             disabled
openvpn@.service                            disabled
packagekit-offline-update.service           enabled 
pcscd.service                               static  
plymouth-halt.service                       static  
plymouth-kexec.service                      static  
plymouth-poweroff.service                   static  
plymouth-quit-wait.service                  static  
plymouth-quit.service                       static  
plymouth-read-write.service                 static  
plymouth-reboot.service                     static  
plymouth-start.service                      static  
plymouth-switch-root.service                static  
polkit.service                              static  
pppoe-server.service                        disabled
psacct.service                              disabled
quotaon.service                             static  
rc-local.service                            static  
rdisc.service                               disabled
rescue.service                              static  
rngd.service                                enabled 
rpcbind.service                             enabled 
rpcgssd.service                             disabled
rpcidmapd.service                           disabled
rpcsvcgssd.service                          disabled
rsyslog.service                             enabled 
rtkit-daemon.service                        enabled 
saslauthd.service                           disabled
sendmail.service                            enabled 
serial-getty@.service                       static  
single.service                              static  
sm-client.service                           enabled 
smartd.service                              enabled 
snmpd.service                               disabled
snmptrapd.service                           disabled
spice-vdagentd.service                      enabled 
sshd.service                                enabled 
sssd.service                                disabled
svnserve.service                            disabled
syslog.service                              enabled 
systemd-ask-password-console.service        static  
systemd-ask-password-plymouth.service       static  
systemd-ask-password-wall.service           static  
systemd-binfmt.service                      static  
systemd-fsck-root.service                   static  
systemd-fsck@.service                       static  
systemd-halt.service                        static  
systemd-hibernate.service                   static  
systemd-hostnamed.service                   static  
systemd-hybrid-sleep.service                static  
systemd-initctl.service                     static  
systemd-journal-flush.service               static  
systemd-journal-gatewayd.service            static  
systemd-journald.service                    static  
systemd-kexec.service                       static  
systemd-localed.service                     static  
systemd-logind.service                      static  
systemd-modules-load.service                static  
systemd-poweroff.service                    static  
systemd-quotacheck.service                  static  
systemd-random-seed-load.service            static  
systemd-random-seed-save.service            static  
systemd-readahead-collect.service           enabled 
systemd-readahead-done.service              static  
systemd-readahead-drop.service              enabled 
systemd-readahead-replay.service            enabled 
systemd-reboot.service                      static  
systemd-remount-fs.service                  static  
systemd-shutdownd.service                   static  
systemd-suspend.service                     static  
systemd-sysctl.service                      static  
systemd-timedated.service                   static  
systemd-tmpfiles-clean.service              static  
systemd-tmpfiles-setup.service              static  
systemd-udev-settle.service                 static  
systemd-udev-trigger.service                static  
systemd-udevd.service                       static  
systemd-update-utmp-runlevel.service        static  
systemd-update-utmp-shutdown.service        static  
systemd-user-sessions.service               static  
systemd-vconsole-setup.service              static  
udevadm-cleanup-db.service                  static  
udisks2.service                             static  
upower.service                              disabled
usbmuxd.service                             static  
user@.service                               static  
wpa_supplicant.service                      disabled
ypbind.service                              disabled
cups.socket                                 enabled 
cvs.socket                                  disabled
dbus.socket                                 static  
dm-event.socket                             enabled 
lvm2-lvmetad.socket                         enabled 
nscd.socket                                 enabled 
pcscd.socket                                enabled 
rpcbind.socket                              enabled 
syslog.socket                               static  
systemd-initctl.socket                      static  
systemd-journal-gatewayd.socket             disabled
systemd-journald.socket                     static  
systemd-shutdownd.socket                    static  
systemd-udevd-control.socket                static  
systemd-udevd-kernel.socket                 static  
basic.target                                static  
bluetooth.target                            static  
cryptsetup.target                           static  
ctrl-alt-del.target                         disabled
cvs.target                                  static  
default.target                              enabled 
emergency.target                            static  
final.target                                static  
getty.target                                static  
graphical.target                            disabled
halt.target                                 disabled
hibernate.target                            static  
http-daemon.target                          static  
hybrid-sleep.target                         static  
initrd-switch-root.target                   static  
kexec.target                                disabled
local-fs-pre.target                         static  
local-fs.target                             static  
mail-transfer-agent.target                  static  
multi-user.target                           enabled 
network.target                              static  
nfs.target                                  disabled
nss-lookup.target                           static  
nss-user-lookup.target                      static  
poweroff.target                             disabled
printer.target                              static  
reboot.target                               disabled
remote-fs-pre.target                        static  
remote-fs.target                            enabled 
rescue.target                               disabled
rpcbind.target                              static  
runlevel0.target                            disabled
runlevel1.target                            disabled
runlevel2.target                            disabled
runlevel3.target                            disabled
runlevel4.target                            disabled
runlevel5.target                            disabled
runlevel6.target                            disabled
shutdown.target                             static  
sigpwr.target                               static  
sleep.target                                static  
smartcard.target                            static  
sockets.target                              static  
sound.target                                static  
spice-vdagentd.target                       static  
suspend.target                              static  
swap.target                                 static  
sysinit.target                              static  
syslog.target                               static  
system-update.target                        static  
time-sync.target                            static  
umount.target                               static  
systemd-readahead-done.timer                static  
systemd-tmpfiles-clean.timer                static

261 unit files listed.

2013-04-23T19:04:41Z DEBUG stderr=
2013-04-23T19:04:41Z DEBUG Starting external process
2013-04-23T19:04:41Z DEBUG args=/bin/systemctl restart nslcd.service
2013-04-23T19:04:41Z DEBUG Process finished, return code=1
2013-04-23T19:04:41Z DEBUG stdout=
2013-04-23T19:04:41Z DEBUG stderr=Job for nslcd.service failed. See 'systemctl status nslcd.service' and 'journalctl -xn' for details.

2013-04-23T19:04:41Z ERROR nslcd failed to restart: Command '/bin/systemctl restart nslcd.service' returned non-zero exit status 1
2013-04-23T19:04:41Z DEBUG Starting external process
2013-04-23T19:04:41Z DEBUG args=/bin/systemctl enable nslcd.service
2013-04-23T19:04:41Z DEBUG Process finished, return code=0
2013-04-23T19:04:41Z DEBUG stdout=
2013-04-23T19:04:41Z DEBUG stderr=
2013-04-23T19:04:41Z INFO NSLCD configured using configuration file(s) /etc/nslcd.conf
2013-04-23T19:04:41Z DEBUG Backing up system configuration file '/etc/openldap/ldap.conf'
2013-04-23T19:04:41Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:41Z INFO Configured /etc/openldap/ldap.conf
2013-04-23T19:04:41Z DEBUG Starting external process
2013-04-23T19:04:41Z DEBUG args=getent passwd admin
2013-04-23T19:04:41Z DEBUG Process finished, return code=2
2013-04-23T19:04:41Z DEBUG stdout=
2013-04-23T19:04:41Z DEBUG stderr=
2013-04-23T19:04:42Z DEBUG Starting external process
2013-04-23T19:04:42Z DEBUG args=getent passwd admin
2013-04-23T19:04:42Z DEBUG Process finished, return code=2
2013-04-23T19:04:42Z DEBUG stdout=
2013-04-23T19:04:42Z DEBUG stderr=
2013-04-23T19:04:43Z DEBUG Starting external process
2013-04-23T19:04:43Z DEBUG args=getent passwd admin
2013-04-23T19:04:43Z DEBUG Process finished, return code=2
2013-04-23T19:04:43Z DEBUG stdout=
2013-04-23T19:04:43Z DEBUG stderr=
2013-04-23T19:04:44Z DEBUG Starting external process
2013-04-23T19:04:44Z DEBUG args=getent passwd admin
2013-04-23T19:04:44Z DEBUG Process finished, return code=2
2013-04-23T19:04:44Z DEBUG stdout=
2013-04-23T19:04:44Z DEBUG stderr=
2013-04-23T19:04:45Z DEBUG Starting external process
2013-04-23T19:04:45Z DEBUG args=getent passwd admin
2013-04-23T19:04:45Z DEBUG Process finished, return code=2
2013-04-23T19:04:45Z DEBUG stdout=
2013-04-23T19:04:45Z DEBUG stderr=
2013-04-23T19:04:46Z DEBUG Starting external process
2013-04-23T19:04:46Z DEBUG args=getent passwd admin
2013-04-23T19:04:46Z DEBUG Process finished, return code=2
2013-04-23T19:04:46Z DEBUG stdout=
2013-04-23T19:04:46Z DEBUG stderr=
2013-04-23T19:04:47Z DEBUG Starting external process
2013-04-23T19:04:47Z DEBUG args=getent passwd admin
2013-04-23T19:04:47Z DEBUG Process finished, return code=2
2013-04-23T19:04:47Z DEBUG stdout=
2013-04-23T19:04:47Z DEBUG stderr=
2013-04-23T19:04:48Z DEBUG Starting external process
2013-04-23T19:04:48Z DEBUG args=getent passwd admin
2013-04-23T19:04:48Z DEBUG Process finished, return code=2
2013-04-23T19:04:48Z DEBUG stdout=
2013-04-23T19:04:48Z DEBUG stderr=
2013-04-23T19:04:49Z DEBUG Starting external process
2013-04-23T19:04:49Z DEBUG args=getent passwd admin
2013-04-23T19:04:49Z DEBUG Process finished, return code=2
2013-04-23T19:04:49Z DEBUG stdout=
2013-04-23T19:04:49Z DEBUG stderr=
2013-04-23T19:04:50Z DEBUG Starting external process
2013-04-23T19:04:50Z DEBUG args=getent passwd admin
2013-04-23T19:04:50Z DEBUG Process finished, return code=2
2013-04-23T19:04:50Z DEBUG stdout=
2013-04-23T19:04:50Z DEBUG stderr=
2013-04-23T19:04:51Z ERROR Unable to find 'admin' user with 'getent passwd admin'!
2013-04-23T19:04:51Z INFO Recognized configuration: NSLCD
2013-04-23T19:04:51Z DEBUG Backing up system configuration file '/etc/ssh/ssh_config'
2013-04-23T19:04:51Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:52Z INFO Configured /etc/ssh/ssh_config
2013-04-23T19:04:52Z DEBUG Backing up system configuration file '/etc/ssh/sshd_config'
2013-04-23T19:04:52Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-04-23T19:04:52Z INFO Configured /etc/ssh/sshd_config
2013-04-23T19:04:52Z DEBUG Starting external process
2013-04-23T19:04:52Z DEBUG args=/bin/systemctl is-active sshd.service
2013-04-23T19:04:52Z DEBUG Process finished, return code=0
2013-04-23T19:04:52Z DEBUG stdout=active

2013-04-23T19:04:52Z DEBUG stderr=
2013-04-23T19:04:52Z DEBUG Starting external process
2013-04-23T19:04:52Z DEBUG args=/bin/systemctl restart sshd.service
2013-04-23T19:04:52Z DEBUG Process finished, return code=0
2013-04-23T19:04:52Z DEBUG stdout=
2013-04-23T19:04:52Z DEBUG stderr=
2013-04-23T19:04:52Z DEBUG Starting external process
2013-04-23T19:04:52Z DEBUG args=/bin/systemctl is-active sshd.service
2013-04-23T19:04:52Z DEBUG Process finished, return code=0
2013-04-23T19:04:52Z DEBUG stdout=active

2013-04-23T19:04:52Z DEBUG stderr=
2013-04-23T19:04:52Z INFO Client configuration complete.
[root@f18a (F-i386) install-client-cli]

nslcd is failing to start. It doesn't like this line:

map group uniqueMember member

# systemctl status -a nslcd
nslcd.service - Naming services LDAP client daemon.
          Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled)
          Active: failed (Result: exit-code) since Tue 2013-04-30 12:07:21 EDT; 6s ago
         Process: 5003 ExecStart=/usr/sbin/nslcd (code=exited, status=1/FAILURE)
        Main PID: 4968 (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/nslcd.service

Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Starting Naming services LDAP client daemon....
Apr 30 12:07:21 rawhide2.greyoak.com nslcd[5003]: nslcd: /etc/nslcd.conf:8: unknown attribute to map: 'uniqueMember'
Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: nslcd.service: control process exited, code=exited status=1
Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Failed to start Naming services LDAP client daemon..
Apr 30 12:07:21 rawhide2.greyoak.com systemd[1]: Unit nslcd.service entered failed state

It appears that 'uniqueMember' became 'member' by default between the 0.8.3 and 0.8.4 releases.

Metadata Update from @yizhangid:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)

7 years ago

Login to comment on this ticket.

Metadata