On Tue, Dec 18, 2012 at 03:56:27PM -0500, John Dennis wrote: > On 12/18/2012 03:30 PM, Sumit Bose wrote: > >On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote: > >>On 12/18/2012 01:26 PM, Andre Rodrigues wrote: > >>>Hi all, > >>>I'm testing AD trust following this how to: > >>>http://www.freeipa.org/page/IPAv3_testing_AD_trust > >>>but when I set "ipa dnszone-add" I get this: > >>>[root@m ~] ipa dnszone-add <AD.DOMAIN> --name-server=<AD.NAME > >>><http://AD.NAME>> --admin-email=<MY.EMAIL> --force --forwarder=<AD.IP> > >>>–forward-policy=only > >>>ipa: ERROR: unable to parse cookie header > >>>'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=<IPA.DOMAIN>; > >>>Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:33 GMT; Secure; HttpOnly': > >>>unable to parse expires datetime 'Thu, 18 Dec 2012 13:54:33' > >> > >>This is an error message from something I wrote. I can't explain why > >>it can't parse the expires cookie attribute because using the value > >>cited in the error message it parses just fine. The only thing I can > >>think of is that the time module was not imported in cookie.py, but > >>in my copy of the file it is imported. > >> > >>However one thing I did immediately notice, the cookie has > >>Domain=<IPA.DOMAIN>, that's not valid, it's supposed to be a FQDN. > >>What is the value of xmlrpc_uri in your /etc/ipa/default.conf? > >> > >>> > >>>and when I set "ipa trust-add" I get the following error: > >>>[root@m ~] ipa trust-add --type=ad <AD.DOMAIN> --admin Adminstrator > >>>--password > >>>Active directory domain administrator's password: > >>>ipa: ERROR: unable to parse cookie header > >>>'ipa_session=7d6aeb2c92ff3197a9d3c04421f6ba15; Domain=<IPA.DOMAIN>; > >>>Path=/ipa; Expires=Tue, 18 Dec 2012 18:32:05 GMT; Secure; HttpOnly': > >>>unable to parse expires datetime 'Tue, 18 Dec 2012 18:32:05' > >> > >>Sorry, someone else will have to help you with the below: > > > >I guess this error message is just triggered by the cookie error. > > In theory no, the inability to process a cookie should do nothing > other than log the fact, everything else should proceed as normal > (without cookies you just get slower performance, but it should > continue to work).
John you are right, there are some issues in the F18 spec file, https://bugzilla.redhat.com/show_bug.cgi?id=888754 and https://bugzilla.redhat.com/show_bug.cgi?id=866969. Andre, as a workaround until the packages are fixed please call yum install m2crypto service httpd restart HTH bye, Sumit > > However, the values in the cookie show something is very wrong with > the configuration. > > Please provide the contents of /etc/ipa/default.conf. > > Do you have a .ipa/default.conf file set? If so that overrides the > values in /etc/ipa/default.conf. If you have that as well please > provide that as well. > > Adding verbose debugging information will help. Add the -d option to > the ipa command to turn on debug level information and capture the > output. Those messages will help us diagnose the problem. > > > > >bye, > >Sumit > > > >> > >>>ipa: ERROR: Cannot perform join operation without Samba 4 support > >>>installed. > >>> Make sure you have installed > >>>server-trust-ad sub-package of IPA > >>> > >>>but I have the server-trust-ad installed:-- > > > -- > John Dennis <jden...@redhat.com> > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users