Installing IPA server 3.3.3-2 on F20 failed with the following error:
Realm: REDHAT.COM DNS Domain: redhat.com IPA Server: vm-059.idm.lab.bos.redhat.com BaseDN: dc=redhat,dc=com New SSSD config will be created Configured /etc/sssd/sssd.conf Cannot connect to the server due to generic error: cannot connect to 'https://vm-059.idm.lab.bos.redhat.com/ipa/xml': Internal Server Error Installation failed. As this is IPA server, changes will not be rolled back. ipa : DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1226, in main sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e)) ipa : DEBUG The ipa-server-install command failed, exception: SystemExit: Configuration of client side components failed! ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain redhat.com --server vm-059.idm.lab.bos.redhat.com --realm REDHAT.COM --hostname vm-059.idm.lab.bos.redhat.com' returned non-zero exit status 1 Configuration of client side components failed! ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain redhat.com --server vm-059.idm.lab.bos.redhat.com --realm REDHAT.COM --hostname vm-059.idm.lab.bos.redhat.com' returned non-zero exit status 1
Per rcrit's advise, I set the LogLevel in /etc/httpd/conf.d/nss.conf to "debug", then restarted httpd (it took a while to restart). "kinit admin" worked, but "ipa --delegate user-show admin" failed with Internal Server Error. Here is the content of the error_log:
[Thu Nov 21 17:34:19.972143 2013] [:info] [pid 15620] Connection to child 2 established (server vm-059.idm.lab.bos.redhat.com:443, client 10.16.78.59) [Thu Nov 21 17:34:19.986524 2013] [:info] [pid 15620] Initial (No.1) HTTPS request received for child 2 (server vm-059.idm.lab.bos.redhat.com:443) [Thu Nov 21 17:34:19.989027 2013] [authz_core:debug] [pid 15620] mod_authz_core.c(802): [client 10.16.78.59:51298] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:19.990021 2013] [authz_core:debug] [pid 15620] mod_authz_core.c(802): [client 10.16.78.59:51298] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:19.990803 2013] [auth_kerb:debug] [pid 15620] src/mod_auth_kerb.c(1954): [client 10.16.78.59:51298] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:19.991613 2013] [auth_kerb:debug] [pid 15620] src/mod_auth_kerb.c(1295): [client 10.16.78.59:51298] Acquiring creds for HTTP@vm-059.idm.lab.bos.redhat.com, referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:20.016547 2013] [auth_kerb:error] [pid 15620] [client 10.16.78.59:51298] Could not get default Kerberos ccache: No credentials cache found (-1765328189), referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:20.018608 2013] [auth_kerb:debug] [pid 15620] src/mod_auth_kerb.c(1617): [client 10.16.78.59:51298] Failed to obtain credentials for s4u2proxy, referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:20.023655 2013] [auth_kerb:debug] [pid 15620] src/mod_auth_kerb.c(1155): [client 10.16.78.59:51298] GSS-API major_status:000d0000, minor_status:96c73a8d, referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:20.024942 2013] [auth_kerb:error] [pid 15620] [client 10.16.78.59:51298] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Can't find client principal HTTP/vm-059.idm.lab.bos.redhat.com@REDHAT.COM in cache collection), referer: https://vm-059.idm.lab.bos.redhat.com/ipa/xml [Thu Nov 21 17:34:20.031025 2013] [:info] [pid 15620] Connection to child 2 closed (server vm-059.idm.lab.bos.redhat.com:443, client 10.16.78.59)
The same problem still happens even after using the actual domain name of the machine:
Realm: IDM.LAB.BOS.REDHAT.COM DNS Domain: idm.lab.bos.redhat.com IPA Server: vm-059.idm.lab.bos.redhat.com BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com New SSSD config will be created Configured /etc/sssd/sssd.conf Cannot connect to the server due to generic error: cannot connect to 'https://vm-059.idm.lab.bos.redhat.com/ipa/xml': Internal Server Error Installation failed. As this is IPA server, changes will not be rolled back.
Note that the problem seems to be machine specific. On another machine the installation works with a fake domain (e.g. example.com).
It would be nice if we can investigate the problem. Probably there's a missing minimum library requirement, or something like that. It's a lower priority though.
Metadata Update from @edewata: - Issue assigned to tbabej - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.