-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/09/2014 03:22 PM, Martin Kosek wrote:
> On 12/09/2014 10:48 AM, Niranjan M.R wrote:
>> On 12/09/2014 02:57 PM, thierry bordaz wrote:
>>> Hello,
>>
>>> Niranjan, may I have access to your test machine.
>>
>> It's a vm on my laptop. I am trying to reproduce on another VM
>> to which i can give access. I will provide the details of this VM as soon
>> as possible.
>>
>> Mean while i am providing ns-slapd access logs, ipa-logs and pkispawn logs.
>
> Thanks. I see no related errors in the DS errors log, I wonder if the
> suggested
>
> # systemctl status dirsrv@EXAMPLE-ORG.service
>
> would show anything interesting.
>
>>
>>
>>
>>> thanks
>>> theirry
>>
>>
>>> On 12/09/2014 10:01 AM, Martin Kosek wrote:
>>>> On 12/07/2014 03:01 PM, Niranjan M.R wrote:
>>>>> On 12/06/2014 12:24 AM, Dmitri Pal wrote:
>>>>>> Hello,
>>>>>> WE NEED HELP!
>>>>>> The biggest and the most interesting feature of FreeIPA 4.1.2 is support
>>>>>> for the two factor authentication using HOTP/TOTP compatible software
>>>>>> tokens like FreeOTP (open source compatible alternative to Google
>>>>>> Authenticator) and hardware tokens like Yubikeys. This feature allows
>>>>>> Kerberos and LDAP clients of a FreeIPA server to authenticate using the
>>>>>> normal account password as the first factor and an OTP token as a second
>>>>>> factor. For those environments where a 2FA solution is already in place,
>>>>>> FreeIPA can act as a proxy via RADIUS. More about this feature can be
>>>>>> read here.
>>>>>> http://www.freeipa.org/page/V4/OTP
>>>>>> If you want to see this feature in downstream distros sooner rather than
>>>>>> later we need your help!
>>>>>> Please give it a try and provide feedback. We really, really need it!
>>>>> I am unable to configure ipa-server with
>>>>> freeipa-server-4.1.2-1.fc20.x86_64, ipa-server-install fails with below
>>>>> error:
>>>>>
>>>>> Done configuring certificate server (pki-tomcatd).
>>>>> Configuring directory server (dirsrv): Estimated time 10 seconds
>>>>>[1/3]: configuring ssl for ds instance
>>>>>[2/3]: restarting directory server
>>>>> ipa : CRITICAL Failed to restart the directory server ([Errno 2]
>>>>> No such file or directory:
>>>>> '/etc/systemd/system/dirsrv.target.wants/dirsrv@EXAMPLE-ORG.service').
>>>>> See the installation log for details.
>>>>>[3/3]: adding CA certificate entry
>>>>> Done configuring directory server (dirsrv).
>>>>> CA did not start in 300.0s
>>>>>
>>>>>
>>>>> Versions used:
>>>>> ==
>>>>> freeipa-client-4.1.2-1.fc20.x86_64
>>>>> freeipa-server-4.1.2-1.fc20.x86_64
>>>>> libipa_hbac-1.12.2-2.fc20.x86_64
>>>>> libipa_hbac-python-1.12.2-2.fc20.x86_64
>>>>> sssd-ipa-1.12.2-2.fc20.x86_64
>>>>> device-mapper-multipath-0.4.9-56.fc20.x86_64
>>>>> python-iniparse-0.4-9.fc20.noarch
>>>>> freeipa-admintools-4.1.2-1.fc20.x86_64
>>>>> freeipa-python-4.1.2-1.fc20.x86_64
>>>>> 389-ds-base-libs-1.3.3.5-1.fc20.x86_64
>>>>> 389-ds-base-1.3.3.5-1.fc20.x86_64
>>>>>
>>>>> BaseOS:Fedora release 20 (Heisenbug)
>>>>>
>>>>>
>>>>> Steps to reproduce:
>>>>> ---
>>>>>
>>>>> 1. On Fedora-20 system, Used mkosek freeipa repo:
>>>>> [mkosek-freeipa]
>>>>> name=Copr repo for freeipa owned by mkosek
>>>>> baseurl=http://copr-be.cloud.fedoraproject.org/results/mkosek/freeipa/fedora-$releasever-$basearch/
>>>>> skip_if_unavailable=True
>>>>> gpgcheck=0
>>>>> enabled=1
>>>>>
>>>>> 2. Install freeipa-server packages from the above repo
>>>>>
>>>>> 3. Issue ipa-server-install
>>>>>
>>>>> [root@pkiserver1 ~]# ipa-server-install
>>>>>
>>>>> The log file for this installation can be found in
>>>>> /var/log/ipaserver-install.log
>>>>> =
