On 04/07/2018 05:46 PM, lejeczek via FreeIPA-users wrote:
hi
I'm trying to install a client that would very rarely succeed, 9 out of
10 fails, I run these installations in series.
When it fails it does it this way:
..
Failed to obtain host TGT: Major (851968): Unspecified GSS failure.
Minor code may provide more information, Minor (2529638936):
Preauthentication failed
But when it succeed that replica installation would always fail, always
the same way, like:
..
[28/40]: adding sasl mappings to the directory
[29/40]: updating schema
ipa : CRITICAL Failed to load schema-update.ldif: Command
'/usr/bin/ldapmodify -v -f /usr/share/ipa/schema-update.ldif -H
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket -Y EXTERNAL' returned
non-zero exit status 50
[error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f
/usr/share/ipa/schema-update.ldif -H
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket -Y EXTERNAL' returned
non-zero exit status 50
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
..
in log:
..
2018-04-07T15:34:24Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_modify: Insufficient access (50)
additional info: Insufficient 'write' privilege to the
'objectClasses' attribute of entry 'cn=schema'.
2018-04-07T15:34:24Z CRITICAL Failed to load schema-update.ldif: Command
'/usr/bin/ldapmodify -v -f /usr/share/ipa/schema-update.ldif -H
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket -Y EXTERNAL' returned
non-zero exit status 50
2018-04-07T15:34:24Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 494, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
490, in __update_schema
self._ldap_mod("schema-update.ldif")
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 308, in _ldap_mod
ipautil.run(args, nolog=nologlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
512, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/usr/bin/ldapmodify -v -f
/usr/share/ipa/schema-update.ldif -H
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket -Y EXTERNAL' returned
non-zero exit status 50
2018-04-07T15:34:24Z DEBUG [error] CalledProcessError: Command
'/usr/bin/ldapmodify -v -f /usr/share/ipa/schema-update.ldif -H
ldapi://%2Fvar%2Frun%2Fslapd-PRIVATE.socket -Y EXTERNAL' returned
non-zero exit status 50
...
How I exec commands:
$ ipa-client-install --principal=admin --password=pass#diradm
--force-join -U && ipa-replica-install --setup-dns --no-forwarders
--admin-password=pass#diradm -U
How is possible to troubleshoot this?
many thanks
Hi,
the issue looks like bugzilla 1538184 [1]. Did you define a 'root' user
in FreeIPA with uid=0/gid=0?
Flo
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1538184
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
