Derek Moore wrote:
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work (mostly) properly again last night.
But I still cannot get the XML-RPC server to function properly, the end
of the install script fails on /usr/sbin/ipa-client-install:
ipalib.errors.NetworkError: cannot connect to
'https://ds1.hackunix.org/ipa/xml': Internal Server Error
I can't get passed the "No credentials cache found" error in Apache. The
credentials cache it's looking for is httpd's keytab?
We're fighting some issues with changes in support libraries.
If you have openldap-2.4.35-3, the default value of SASL_NOCANON changed
to on (at our request ironically) which breaks ldapi requests, which we
also use. For 3.1.x and 3.2pre1 or beta1 I believe the only solution is
to downgrade openldap. We are working with upstream and have provided a
patch to the Fedora maintainer to mitigate this but it is yet unresolved.
If you have krb5 1.11.2-4 then you need to add KRB5CCNAME=/tmp/krb5cc_48
to the end of /etc/sysconfig/httpd. The ccache format was changed to DIR
and mod_auth_kerb doesn't support this yet. This fix should work with
any version of IPA.
Freeipa-devel mailing list