[Freeipa] [Bug 1769631] Re: freeipa-server installation/configuration problem on s390x
ok that looks normal, and 389 should do the right thing now but something is still missing and I don't know what.. but the bug isn't in freeipa itself so moving it over to 389 for now if you have a way to test SASL/GSSAPI on the architecture that'd be good ** Package changed: freeipa (Ubuntu) => 389-ds-base (Ubuntu) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769631 Title: freeipa-server installation/configuration problem on s390x Status in Ubuntu on IBM z Systems: New Status in 389-ds-base package in Ubuntu: New Bug description: Problem desctriptin for following already Fix Releaed Bug: https://bugzilla.linux.ibm.com/show_bug.cgi?id=166796 https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1764744 The package is still failing to configure root@fipas1:~# ipa-server-install --allow-zone-overlap The log file for this installation can be found in /var/log/ipaserver-install.log == This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the NTP client (chronyd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure the KDC to enable PKINIT To accept the default shown in brackets, press the Enter key. WARNING: conflicting time synchronization service 'ntp' will be disabled in favor of chronyd Do you want to configure integrated DNS (BIND)? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [fipas1.rgy.net]: Warning: skipping DNS resolution of host fipas1.rgy.net The domain name has been determined based on the host name. Please confirm the domain name [rgy.net]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [RGY.NET]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Checking DNS domain rgy.net., please wait ... Do you want to configure DNS forwarders? [yes]: no No DNS forwarders configured Do you want to search for missing reverse zones? [yes]: no The IPA Master Server will be configured with: Hostname: fipas1.rgy.net IP address(es): 192.168.122.50 Domain name:rgy.net Realm name: RGY.NET The CA will be configured with: Subject DN: CN=Certificate Authority,O=RGY.NET Subject base: O=RGY.NET Chaining: self-signed BIND DNS server will be configured to serve IPA domain with: Forwarders: No forwarders Forward policy: only Reverse zone(s): No reverse zone Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Synchronizing time Using default chrony configuration. Time synchronization was successful. Configuring directory server (dirsrv). Estimated time: 30 seconds [1/44]: creating directory server instance [2/44]: enabling ldapi [3/44]: configure autobind for root [4/44]: stopping directory server [5/44]: updating configuration in dse.ldif [6/44]: starting directory server [error] ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method) ipapython.admintool: ERRORInsufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method) ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information root@fipas1:~# I had run an apt update in advance of installing freeipa and after adding the canonical staging repository root@fipas1:~# apt update Hit:1 http://ppa.launchpad.net/canonical-x/x-staging/ubuntu bionic InRelease Hit:2 http://ports.ubuntu.com/ubuntu-ports bionic InRelease Hit:3 http://ports.ubuntu.com/ubuntu-ports bionic-updates InRelease Hit:4 http://ports.ubuntu.com/ubuntu-ports bionic-backports InRelease Hit:5 http://ports.ubuntu.com/ubuntu-ports bionic-security InRelease Reading package lists... Done Building
[Freeipa] [Bug 1769631] Re: freeipa-server installation/configuration problem on s390x
what do you have in /usr/lib/s390x-linux-gnu/sasl2 ? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769631 Title: freeipa-server installation/configuration problem on s390x Status in Ubuntu on IBM z Systems: New Status in freeipa package in Ubuntu: New Bug description: Problem desctriptin for following already Fix Releaed Bug: https://bugzilla.linux.ibm.com/show_bug.cgi?id=166796 https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1764744 The package is still failing to configure root@fipas1:~# ipa-server-install --allow-zone-overlap The log file for this installation can be found in /var/log/ipaserver-install.log == This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the NTP client (chronyd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure the KDC to enable PKINIT To accept the default shown in brackets, press the Enter key. WARNING: conflicting time synchronization service 'ntp' will be disabled in favor of chronyd Do you want to configure integrated DNS (BIND)? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [fipas1.rgy.net]: Warning: skipping DNS resolution of host fipas1.rgy.net The domain name has been determined based on the host name. Please confirm the domain name [rgy.net]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [RGY.NET]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Checking DNS domain rgy.net., please wait ... Do you want to configure DNS forwarders? [yes]: no No DNS forwarders configured Do you want to search for missing reverse zones? [yes]: no The IPA Master Server will be configured with: Hostname: fipas1.rgy.net IP address(es): 192.168.122.50 Domain name:rgy.net Realm name: RGY.NET The CA will be configured with: Subject DN: CN=Certificate Authority,O=RGY.NET Subject base: O=RGY.NET Chaining: self-signed BIND DNS server will be configured to serve IPA domain with: Forwarders: No forwarders Forward policy: only Reverse zone(s): No reverse zone Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Synchronizing time Using default chrony configuration. Time synchronization was successful. Configuring directory server (dirsrv). Estimated time: 30 seconds [1/44]: creating directory server instance [2/44]: enabling ldapi [3/44]: configure autobind for root [4/44]: stopping directory server [5/44]: updating configuration in dse.ldif [6/44]: starting directory server [error] ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method) ipapython.admintool: ERRORInsufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method) ipapython.admintool: ERRORThe ipa-server-install command failed. See /var/log/ipaserver-install.log for more information root@fipas1:~# I had run an apt update in advance of installing freeipa and after adding the canonical staging repository root@fipas1:~# apt update Hit:1 http://ppa.launchpad.net/canonical-x/x-staging/ubuntu bionic InRelease Hit:2 http://ports.ubuntu.com/ubuntu-ports bionic InRelease Hit:3 http://ports.ubuntu.com/ubuntu-ports bionic-updates InRelease Hit:4 http://ports.ubuntu.com/ubuntu-ports bionic-backports InRelease Hit:5 http://ports.ubuntu.com/ubuntu-ports bionic-security InRelease Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. root@fipas1:~# End of the install log contains 2018-04-26T14:31:25Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@RGY-NET.service'] 2018-04-26T14:31:25Z DEBUG Process