Andrew Meyer via FreeIPA-users wrote:
> I am trying to add another client in my main location and getting the
> following information:
> [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net
> --realm=stl1.example.net --mkhomedir --enable-dns-updates
> Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> Skip infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> Provide your IPA server name (ex: ipa.example.com): ^CThe
> ipa-client-install command failed. See /var/log/ipaclient-install.log
> for more information
> [user@freeipa01 ipa]$
>
>
> [user@freeipa01 ~]$ sudo ipa-client-install --domain=example.net
> --realm=example.net --mkhomedir --enable-dns-updates
> Skip infra-test-ipa.example.net: cannot verify if this is an IPA server
> Skip infra-test-ipa2.example.net: cannot verify if this is an IPA server
> Skip freeipa03.east.example.net: cannot verify if this is an IPA server
> Skip freeipa01.east.example.net: cannot verify if this is an IPA server
> Provide your IPA server name (ex: ipa.example.com): ^CThe
> ipa-client-install command failed. See /var/log/ipaclient-install.log
> for more information
> [user@freeipa01 ~]$
>
> I have checked my /etc/resolv.conf and made sure that they are pointed
> at the current local FreeIPA nameservers/resolvers.
>
> Here is the output /var/log/ipaclient-install.log
>
> [user@freeipa01 ~]$ sudo cat /var/log/ipaclient-install.log
> 2018-03-06T20:29:32Z DEBUG Logging to /var/log/ipaclient-install.log
> 2018-03-06T20:29:32Z DEBUG ipa-client-install was invoked with arguments
> [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose':
> False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name':
> 'stl1.example.net', 'force_ntpd': False, 'on_master': False,
> 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None,
> 'keytab': None, 'no_ntp': False, 'domain_name': 'stl1.example.net',
> 'request_cert': False, 'fixed_primary': False, 'no_ac': False,
> 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False,
> 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': True,
> 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False,
> 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir':
> None, 'unattended': False, 'quiet': False, 'nisdomain': None,
> 'prompt_password': False, 'host_name': None, 'permit': False,
> 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True,
> 'log_file': None, 'uninstall': False}
> 2018-03-06T20:29:32Z DEBUG IPA version 4.5.0-22.el7.centos
> 2018-03-06T20:29:32Z DEBUG Loading Index file from
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/usr/sbin/selinuxenabled
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=1
> 2018-03-06T20:29:32Z DEBUG stdout=
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-enabled chronyd.service
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=1
> 2018-03-06T20:29:32Z DEBUG stdout=disabled
>
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:32Z DEBUG Starting external process
> 2018-03-06T20:29:32Z DEBUG args=/bin/systemctl is-active chronyd.service
> 2018-03-06T20:29:32Z DEBUG Process finished, return code=3
> 2018-03-06T20:29:32Z DEBUG stdout=unknown
>
> 2018-03-06T20:29:32Z DEBUG stderr=
> 2018-03-06T20:29:37Z DEBUG [IPA Discovery]
> 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with
> domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
> _ldap._tcp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
> 2018-03-06T20:29:37Z DEBUG Kerberos realm forced
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
> _kerberos._udp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [LDAP server check]
> 2018-03-06T20:29:37Z DEBUG Verifying that
> infra-test-ipa.example.net.stl1.example.net (realm stl1.example.net) is
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
> ldap://infra-test-ipa.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
> 'ldap://infra-test-ipa.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip
> infra-test-ipa.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Verifying that
> infra-test-ipa2.example.net.stl1.example.net (realm stl1.example.net) is
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
> ldap://infra-test-ipa2.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
> 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip
> infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER;
> server=None, domain=stl1.example.net,
> kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net,
> basedn=None
> 2018-03-06T20:29:37Z DEBUG Validated servers:
> 2018-03-06T20:29:37Z DEBUG No LDAP server found
> 2018-03-06T20:29:37Z DEBUG [IPA Discovery]
> 2018-03-06T20:29:37Z DEBUG Starting IPA discovery with
> domain=stl1.example.net, servers=None, hostname=freeipa01.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search for LDAP SRV record in stl1.example.net
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
> _ldap._tcp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 389
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [Kerberos realm search]
> 2018-03-06T20:29:37Z DEBUG Search DNS for TXT record of
> _kerberos.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: "GATEWAYBLEND.NET"
> 2018-03-06T20:29:37Z DEBUG Search DNS for SRV record of
> _kerberos._udp.stl1.example.net
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
> infra-test-ipa.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG DNS record found: 0 100 88
> infra-test-ipa2.example.net.stl1.example.net.
> 2018-03-06T20:29:37Z DEBUG [LDAP server check]
> 2018-03-06T20:29:37Z DEBUG Verifying that
> infra-test-ipa.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
> ldap://infra-test-ipa.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
> 'ldap://infra-test-ipa.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip
> infra-test-ipa.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Verifying that
> infra-test-ipa2.example.net.stl1.example.net (realm GATEWAYBLEND.NET) is
> an IPA server
> 2018-03-06T20:29:37Z DEBUG Init LDAP connection to:
> ldap://infra-test-ipa2.example.net.stl1.example.net:389
> 2018-03-06T20:29:37Z DEBUG LDAP Error: cannot connect to
> 'ldap://infra-test-ipa2.example.net.stl1.example.net:389':
> 2018-03-06T20:29:37Z WARNING Skip
> infra-test-ipa2.example.net.stl1.example.net: LDAP server is not
> responding, unable to verify if this is an IPA server
> 2018-03-06T20:29:37Z DEBUG Discovery result: NO_LDAP_SERVER;
> server=None, domain=stl1.example.net,
> kdc=infra-test-ipa.example.net.stl1.example.net,infra-test-ipa2.example.net.stl1.example.net,
> basedn=None
> 2018-03-06T20:29:37Z DEBUG Validated servers:
> 2018-03-06T20:29:37Z DEBUG IPA Server not found
> 2018-03-06T20:29:37Z DEBUG DNS discovery failed to find the IPA Server
> 2018-03-06T20:29:44Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
> execute
> return_value = self.run()
> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 333, in run
> cfgr.run()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 366, in run
> self.validate()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 375, in validate
> for _nothing in self._validator():
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 458, in _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
> step()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 636, in _configure
> next(validator)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 434, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 458, in _handle_validate_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 521, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 518, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 453, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 424, in __runner
> step()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
> for _nothing in self._installer(self.parent):
> File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
> line 3619, in main
> install_check(self)
> File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py",
> line 2158, in install_check
> allow_empty=False)
> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> 901, in user_input
> ret = input("%s: " % prompt)
>
> 2018-03-06T20:29:44Z DEBUG The ipa-client-install command failed,
> exception: KeyboardInterrupt:
> 2018-03-06T20:29:44Z ERROR The ipa-client-install command failed. See
> /var/log/ipaclient-install.log for more information
> [user@freeipa01 ~]$
>
> I did have a realm for stl1.example.net but removed that and the DNS
> zone. I have other servers that are freeipa01.$location.exmaple.net
> that joined just fine.
>
> Am I doing something wrong?
Those SRV records must be cached in DNS somewhere if you've deleted the
zone. The client is finding them using DNS discovery.
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
