Your also going to have to create the folder /etc/pki/nssdb or the script will also fail. That trick cost me a day of farting around
On Saturday, May 18, 2013, Willie Slepecki wrote: > Do a --help on the script. I specify every parameter. When I trust the > script to discover anything on ubuntu it fails. Even the host name. > > On Saturday, May 18, 2013, Endre Karlson wrote: > > So I am trying to enrull Ubuntu into FreeIPA. > > But I am getting a number of issues: > 1. DNS autodiscovery isn't working. > 2. certutils fails at the end? > > In my setup I currently have 1 IPA server running DNS and all of it. > > What can be wrong? > > Endre. > > sudo ipa-client-install -d --enable-dns-updates > root : DEBUG /usr/sbin/ipa-client-install was invoked with > options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': > False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, > 'preserve_sssd': False, 'server': None, 'prompt_password': False, > 'mkhomedir': False, 'dns_updates': True, 'permit': False, 'debug': True, > 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': > None, 'principal': None} > root : DEBUG missing options might be asked for interactively > later > > root : DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > root : DEBUG Loading StateFile from > '/var/lib/ipa-client/sysrestore/sysrestore.state' > root : DEBUG [ipadnssearchldap(coretrek.net)] > root : DEBUG [ipadnssearchldap(net)] > root : DEBUG [ipadnssearchldap(coretrek.net)] > root : DEBUG [ipadnssearchldap(net)] > root : DEBUG Domain not found > DNS discovery failed to determine your DNS domain > Provide the domain name of your IPA server (ex: example.com): coretrek.net > root : DEBUG will use domain: coretrek.net > > root : DEBUG [ipadnssearchldap] > root : DEBUG IPA Server not found > DNS discovery failed to find the IPA Server > Provide your IPA server name (ex: ipa.example.com): > st-vidm001.coretrek.net > root : DEBUG will use server: st-vidm001.coretrek.net > > root : DEBUG [ipadnssearchkrb] > root : DEBUG [ipacheckldap] > root : DEBUG args=/usr/bin/wget -O /tmp/tmp1RBeGA/ca.crt -T 15 > -t 2 http://st-vidm001.coretrek.net/ipa/config/ca.crt > root : DEBUG stdout= > root : DEBUG stderr=--2013-05-18 18:40:05-- > http://st-vidm001.coretrek.net/ipa/config/ca.crt > Resolving st-vidm001.coretrek.net (st-vidm001.coretrek.net)... > 172.16.200.5 > Connecting to st-vidm001.coretrek.net > (st-vidm001.coretrek.net)|172.16.200.5|:80... > connected. > HTTP request sent, awaiting response... 200 OK > Length: 1321 (1.3K) [application/x-x509-ca-cert] > Saving to: `/tmp/tmp1RBeGA/ca.crt' > > 0K . 100% 69.1M=0s > > 2013-05-18 18:40:05 (69.1 MB/s) - `/tmp/tmp1RBeGA/ca.crt' saved [1321/1321] > > > root : DEBUG Init ldap with: ldap://st-vidm001.coretrek.net:389 > root : DEBUG Search LDAP server for IPA base DN > root : DEBUG Check if naming context 'dc=coretrek,dc=net' is for > IPA > root : DEBUG Naming context 'dc=coretrek,dc=net' is a valid IPA > context > root : DEBUG Search for (objectClass=krbRealmContainer) in > dc=coretrek,dc=net(sub) > root : DEBUG Found: > [('cn=CORETREK.NET,cn=kerberos,dc=coretrek,dc=net', > {'krbSubTrees': ['dc=coretrek,dc=net'], 'cn': ['CO <http://CORETREK.NET> > > -- > You want it fast, cheap, or right. Pick two!! > -- You want it fast, cheap, or right. Pick two!!
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users