Re Martin. Here we are for the ipaclient-install.log :
### 2016-01-20T14:55:48Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': '<MYDOMAIN>', 'force': False, 'realm_name': '<MYREALM>', 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': True, 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False, 'on_master': False, 'ntp_server': None, 'nisdomain': None, 'no_nisdomain': False, 'principal': 'admin', 'hostname': '<FQDN IPA CLIENT>', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': False, 'force_join': False, 'ca_cert_file': None, 'server': ['<FQDN IPA SERVER>'], 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False} 2016-01-20T14:55:48Z DEBUG missing options might be asked for interactively later 2016-01-20T14:55:48Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-20T14:55:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2016-01-20T14:55:48Z DEBUG [IPA Discovery] 2016-01-20T14:55:48Z DEBUG Starting IPA discovery with domain=<MYDOMAIN>, servers=['<FQDN IPA SERVER>'], hostname=<FQDN IPA CLIENT> 2016-01-20T14:55:48Z DEBUG Server and domain forced 2016-01-20T14:55:48Z DEBUG [Kerberos realm search] 2016-01-20T14:55:48Z DEBUG Search DNS for TXT record of _kerberos.<MYDOMAIN>. 2016-01-20T14:55:48Z DEBUG No DNS record found 2016-01-20T14:55:48Z DEBUG [LDAP server check] 2016-01-20T14:55:48Z DEBUG Verifying that <FQDN IPA SERVER> (realm None) is an IPA server 2016-01-20T14:55:48Z DEBUG Init LDAP connection with: ldap://<FQDN IPA SERVER>:389 2016-01-20T14:55:48Z DEBUG LDAP Error: Anonymous access not allowed 2016-01-20T14:55:48Z DEBUG Assuming realm is the same as domain: <MYDOMAIN> 2016-01-20T14:55:48Z DEBUG Generated basedn from realm: dc=<domainoftheservers> 2016-01-20T14:55:48Z DEBUG Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=<MYDOMAIN>, kdc=None, basedn=<domainoftheservers> 2016-01-20T14:55:48Z DEBUG Validated servers: <FQDN IPA SERVER> 2016-01-20T14:55:48Z DEBUG will use discovered domain: <MYDOMAIN> 2016-01-20T14:55:48Z DEBUG Using servers from command line, disabling DNS discovery 2016-01-20T14:55:48Z DEBUG will use provided server: <FQDN IPA SERVER> 2016-01-20T14:55:48Z DEBUG will use discovered realm: <MYDOMAIN> 2016-01-20T14:55:48Z ERROR The provided realm name [<MYREALM>] does not match discovered one [<MYDOMAIN>] 2016-01-20T14:55:48Z DEBUG (<MYDOMAIN>: Assumed same as domain) 2016-01-20T14:55:48Z ERROR Installation failed. Rolling back changes. 2016-01-20T14:55:48Z ERROR IPA client is not configured on this system. ### Best regards. Bahan On Wed, Jan 20, 2016 at 1:52 PM, Martin Kosek <mko...@redhat.com> wrote: > Adding freeipa-users back, so that others can benefit from the answer. > > Can you please attach a full ipaclient-install.log DEBUG log somewhere so > that > we can get the full context of the bug? You may also want to open a RHEL-6 > Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only > maintained > in RHEL-6.x. > > Thanks, > Martin > > On 01/20/2016 01:39 PM, bahan w wrote: > > Hello Martin ! > > > > Thanks for your answer, Martin ! > > > > I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately > I > > still have the same error message. > > > > # rpm -qa | grep ipa-client > > ipa-client-3.0.0-47.el6.x86_64 > > > > And in ipa-client-install.log : > > ### > > 2016-01-20T12:38:14Z DEBUG [LDAP server check] > > 2016-01-20T12:38:14Z DEBUG Verifying that <fqdn ipa server> (realm None) > is > > an IPA server > > 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap://<fqdn ipa > > server>:389 > > 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed > > ### > > > > Best regards. > > > > Bahan > > > > > > On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek <mko...@redhat.com> wrote: > > > >> On 01/20/2016 12:08 PM, bahan w wrote: > >>> Hello ! > >>> > >>> I send you this mail because of the following topic. > >>> > >>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous > >>> access for security reasons. > >>> > >>> But now, I have a problem when I try to enroll a new host. > >>> > >>> Here is the command I try : > >>> ### > >>> ipa-client-install --domain=<mydomain> --realm=<myrealm> --server=<fqdn > >>> ipaserver> --principal=admin --password=<PASSWORD FOR IPA ADMIN> > >>> --mkhomedir --hostname=<fqdn server> --no-ntp --no-ssh --no-sshd > >>> --unattended > >>> ### > >>> > >>> And here is the error message : > >>> ### > >>> 2016-01-20T11:06:44Z DEBUG Verifying that <fqdn ipaserver> (realm None) > >> is > >>> an IPA server > >>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://<fqdn ipa > >>> server>:389 > >>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed > >>> ### > >>> > >>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous > acces > >>> disabled ? > >>> > >>> Best regards. > >>> > >>> Bahan > >> > >> Hello, > >> > >> This looks like > >> https://bugzilla.redhat.com/show_bug.cgi?id=922843 > >> > >> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and > >> later). > >> > >> HTH, > >> Martin > >> > >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project