[Freeipa-users] Re: freeipa client working on ubuntu 16.04 but not 14.04
Thanks, I'm sure it was a versioning issue as the server is 4.5, and i see the default ubuntu 14.04 packages i was using were 3.3. Using the repo Jochen Mentioned I can install 4.0 on ubuntu 14.04 but I will get the below errors in the log during install, is this still due to 4.0 being too far behind the server's 4.5 and i'll need to build from source? It's complaining about the certificate but i've followed the instructions here https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1635568/comments/6 and added the root certificate to the NSS DB (which fixed the same error on the centos fallback server I setup) , and based on the following errors I think it may be having other issues and complaining the cert as a by product "Cannot connect to the server due to generic error: cannot connect to ' https://rd-freeipa1.redacted.net/ipa/json': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. Installation failed. Rolling back changes. dbus failed to start: Command ''/usr/sbin/service' 'dbus' 'start' ''' returned non-zero exit status 1 certmonger failed to start: Command ''/usr/sbin/service' 'certmonger' 'start' ''' returned non-zero exit status 1 " I also get these in the freeipa install log "2018-01-05T20:38:53Z ERROR dbus failed to start: Command ''/usr/sbin/service' 'dbus' 'start' ''' returned non-zero exit status 1 2018-01-05T20:38:53Z DEBUG Starting external process 2018-01-05T20:38:53Z DEBUG args='/usr/sbin/service' 'certmonger' 'start' '' 2018-01-05T20:38:53Z DEBUG Process finished, return code=1 2018-01-05T20:38:53Z DEBUG stdout= 2018-01-05T20:38:53Z DEBUG stderr=start: Job is already running: certmonger 2018-01-05T20:38:53Z ERROR certmonger failed to start: Command ''/usr/sbin/service' 'certmonger' 'start' ''' returned non-zero exit status 1 2018-01-05T20:38:53Z DEBUG Starting external process 2018-01-05T20:38:53Z DEBUG args='/usr/sbin/service' 'certmonger' 'status' '' 2018-01-05T20:38:53Z DEBUG Process finished, return code=0 2018-01-05T20:38:53Z DEBUG stdout=certmonger start/running, process 7415 " On Thu, Jan 4, 2018 at 2:34 PM, Jochen Hein wrote: > Cody Rathgeber via FreeIPA-users > writes: > > > I'm trying to deploy freeipa to an environment running a mix of ubuntu > > 16.04 and 14.04 servers. > > on 16.04 the servers join and can pull down users no problem, on 14.04 > when > > joining it'll throw a > > > > "Unable to find 'admin' user with 'getent passwd ad...@redacted.net'!:" > > What packages do you use on 14.04? I'm using the packages from > ppa:freeipa/4.0. What's your IPA server release? > > There were also reports about sssd problems: > https://www.redhat.com/archives/freeipa-users/2017-January/msg00190.html > > Jochen > > -- > This space is intentionally left blank. > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: freeipa client working on ubuntu 16.04 but not 14.04
Thanks, Here's what I get in the sssd nss log with debug level set to 6; (Thu Jan 4 14:35:56 2018) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [*] from [] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [*@redacted.net] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x417c90:1:*@redacted.net] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [redacted.net][4097][1][name=*] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x417c90:1:*@redacted.net] (Thu Jan 4 14:35:56 2018) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline Now i know the data provider is up because the 16.04 machines can get to it, all the "redacted.net"s are the proper domain, the clients can resolve everything fine. is the using default domain [(null)] At the top something I should be worried about? kinit admin username also works so I know kerberos is working fine. On Thu, Jan 4, 2018 at 2:20 PM, Rob Crittenden wrote: > Cody Rathgeber via FreeIPA-users wrote: > > Hello, > > > > I'm trying to deploy freeipa to an environment running a mix of ubuntu > > 16.04 and 14.04 servers. > > on 16.04 the servers join and can pull down users no problem, on 14.04 > > when joining it'll throw a > > > > "Unable to find 'admin' user with 'getent passwd ad...@redacted.net > > <mailto:ad...@redacted.net>'!:" > > > > > > And sure enough getent passwd won't pull details, and thus no accounts > > can be pulled down as far as I can tell. > > > > It works on every 16.04 machine and fails on every 14.04. Anyone have > > any tips/ideas on how i'd go about troubleshooting this? This is with > > doing an apt-get install freeipa-client and ipa-client-install. > > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html > > rob > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] freeipa client working on ubuntu 16.04 but not 14.04
Hello, I'm trying to deploy freeipa to an environment running a mix of ubuntu 16.04 and 14.04 servers. on 16.04 the servers join and can pull down users no problem, on 14.04 when joining it'll throw a "Unable to find 'admin' user with 'getent passwd ad...@redacted.net'!:" And sure enough getent passwd won't pull details, and thus no accounts can be pulled down as far as I can tell. It works on every 16.04 machine and fails on every 14.04. Anyone have any tips/ideas on how i'd go about troubleshooting this? This is with doing an apt-get install freeipa-client and ipa-client-install. Thanks! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
