-----Original Message-----
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mike Calautti
Sent: Tuesday, October 15, 2013 4:25 PM
To: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] stupid question
Your awesome !!!!
Interesting..
Well for one its claiming it cant contact the LDAP server...
But its calling a machine in our domain that I didn't know existed and
furthermore never mentioned in the ipa setup..
So I see it was searching the network...
Also..when doing research on installing, I saw that someone said to paste the
entries form the example DNS file to your existing DNS db file.
I didn't do that because I am just testing..
Would that affect it ?
Dns is correct for both IPA master/replica
Here is the log.
cat /var/log/ipaclient-install.log
2013-10-15T20:18:11Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': None, 'force': False, 'krb5_offline_passwords': True,
'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True,
'on_master': False, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server': None,
'principal': None, 'hostname': None, 'no_ac': False, 'unattended': None,
'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'realm_name': None,
'conf_ssh': True, 'server': None, 'prompt_password': False, 'permit': False,
'debug': False, 'preserve_sssd': False, 'uninstall': False}
2013-10-15T20:18:11Z DEBUG missing options might be asked for interactively
later 2013-10-15T20:18:11Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-10-15T20:18:11Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-10-15T20:18:11Z DEBUG [IPA Discovery] 2013-10-15T20:18:11Z DEBUG Starting IPA
discovery with domain=None, servers=None, hostname=freeiptest01.dev.com
2013-10-15T20:18:11Z DEBUG Start searching for LDAP SRV record in "dev.com"
(domain of the hostname) and its sub-domains 2013-10-15T20:18:11Z DEBUG Search DNS for
SRV record of _ldap._tcp.dev.com.
2013-10-15T20:18:11Z DEBUG No DNS record found 2013-10-15T20:18:11Z DEBUG
Search DNS for SRV record of _ldap._tcp.dev.com.
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:hqdc02.dev.com.}
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:hqdc.dev.com.}
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:drdc01.dev.com.}
2013-10-15T20:18:11Z DEBUG [Kerberos realm search] 2013-10-15T20:18:11Z DEBUG
Search DNS for TXT record of _kerberos.dev.com.
2013-10-15T20:18:11Z DEBUG No DNS record found 2013-10-15T20:18:11Z DEBUG [LDAP
server check] 2013-10-15T20:18:11Z DEBUG Verifying that hqdc02.dev.com (realm
None) is an IPA server 2013-10-15T20:18:11Z DEBUG Init LDAP connection with:
ldap://hqdc02.dev.com:389 2013-10-15T20:18:11Z DEBUG Search LDAP server for IPA
base DN
If I specify --server=rdsdev01 --domain=dev.com
I get
Failed to verify that rdsdev01 is an IPA Server.
This may mean that the remote server is not up or is not reachable due to
network or firewall settings.
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that
following ports are necessary for ipa-client working properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Installation failed. Rolling back changes.
IPA client is not configured on this system.
However there is no FW>. Iptables is not running.. and I can telnet to each of
those ports.
-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, October 15, 2013 4:11 PM
To: Mike Calautti; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] stupid question
Mike Calautti wrote:
I installed ipa-client..
I get this now.
ipa-client-install
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 2323, in <module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 2309, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1684, in install
ret = ds.search(domain=options.domain, servers=options.server,
hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file))
File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line
242, in search
ldapret = self.ipacheckldap(server, self.realm, ca_cert_path=ca_cert_path)
File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line
339, in ipacheckldap
basedn = get_ipa_basedn(lh)
File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 817, in
get_ipa_basedn
contexts = entries[0][1]['namingcontexts']
cat /etc/redhat-release
CentOS release 6.4 (Final)
Hmm. I'd take a look at /var/log/ipaclient-install.log to see what host it is
trying to enroll against. I have the feeling it is finding another host.
We fixed a bug post-6.4 related to case insensitivity and namingcontents. I
have the feeling the LDAP server you're connecting to isn't return it all as
lower case as we expect.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
