Hi, Installing FreeIPA server fails on Ubuntu 18.04 with the following messages. (( I should say: still failing. I haven't had much luck with it. ))
---------------------8X-----------------8X------------------ Restarting named Updating DNS system records ipapython.dnsutil: ERROR DNS query for usrv1.ijtest.nl. 1 failed: The DNS operation timed out after 30.0004618168 seconds ipaserver.dns_data_management: ERROR unable to resolve host name usrv1.ijtest.nl. to IP address, ipa-ca DNS record will be incomplete ---------------------8X-----------------8X------------------ Notice, I should say that the installation process reports that all went well. It completes the whole installation, ending with ---------------------8X-----------------8X------------------ ... New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://usrv1.ijtest.nl/ipa/json [try 1]: Forwarding 'schema' to json server 'https://usrv1.ijtest.nl/ipa/json' trying https://usrv1.ijtest.nl/ipa/session/json [try 1]: Forwarding 'ping' to json server 'https://usrv1.ijtest.nl/ipa/session/json' [try 1]: Forwarding 'ca_is_enabled' to json server 'https://usrv1.ijtest.nl/ipa/session/json' Systemwide CA database updated. [try 1]: Forwarding 'host_mod' to json server 'https://usrv1.ijtest.nl/ipa/session/json' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config /etc/ssh/sshd_config not found, skipping configuration Configuring ijtest.nl as NIS domain. Client configuration complete. The ipa-client-install command was successful ============================================================================== Setup complete ---------------------8X-----------------8X------------------ However, bind (named) is not running. ---------------------8X-----------------8X------------------ root@usrv1:~# netstat -tulpen | grep -w 53 tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 101 127902 88/systemd-resolved udp 35328 0 127.0.0.53:53 0.0.0.0:* 101 127901 88/systemd-resolved ---------------------8X-----------------8X------------------ Also, when I access the IPA server using a browser it fails with Login failed due to an unknown reason. In /var/log/apache2/error.log there is this: ---------------------8X-----------------8X------------------ [Thu Sep 06 12:00:28.720410 2018] [wsgi:error] [pid 6137:tid 140075658061568] [remote 10.83.0.11:38596] ipa: INFO: [jsonserver_kerb] host/[email protected]: schema(version=u'2.170'): SUCCESS [Thu Sep 06 12:01:00.010427 2018] [:warn] [pid 6140:tid 140076243191552] [client 10.83.0.11:38608] failed to set perms (3140) on file (/var/run/ipa/ccaches/[email protected])!, referer: https://usrv1.ijtest.nl/ipa/xml [Thu Sep 06 12:01:00.099271 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 10.83.0.11:38608] ipa: INFO: [jsonserver_session] host/[email protected]: ping(): SUCCESS [Thu Sep 06 12:01:00.101695 2018] [:warn] [pid 6140:tid 140076130498304] [client 10.83.0.11:38608] failed to set perms (3140) on file (/var/run/ipa/ccaches/[email protected])!, referer: https://usrv1.ijtest.nl/ipa/xml [Thu Sep 06 12:01:00.273013 2018] [wsgi:error] [pid 6137:tid 140075658061568] [remote 10.83.0.11:38608] ipa: INFO: [jsonserver_session] host/[email protected]: ca_is_enabled(version=u'2.107'): SUCCESS [Thu Sep 06 12:01:02.805635 2018] [:warn] [pid 6140:tid 140076234798848] [client 10.83.0.11:38608] failed to set perms (3140) on file (/var/run/ipa/ccaches/[email protected])!, referer: https://usrv1.ijtest.nl/ipa/xml [Thu Sep 06 12:01:02.999541 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 10.83.0.11:38608] ipa: INFO: [jsonserver_session] host/[email protected]: host_mod(u'usrv1.ijtest.nl', ipasshpubkey=(), updatedns=False, version=u'2.26'): EmptyModlist [Thu Sep 06 13:02:22.125841 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] mod_wsgi (pid=6138): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Thu Sep 06 13:02:22.125877 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] Traceback (most recent call last): [Thu Sep 06 13:02:22.125898 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/share/ipa/wsgi.py", line 57, in application [Thu Sep 06 13:02:22.125961 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] return api.Backend.wsgi_dispatch(environ, start_response) [Thu Sep 06 13:02:22.125972 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 265, in __call__ [Thu Sep 06 13:02:22.128833 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] return self.route(environ, start_response) [Thu Sep 06 13:02:22.128846 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 277, in route [Thu Sep 06 13:02:22.128860 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] return app(environ, start_response) [Thu Sep 06 13:02:22.128872 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 935, in __call__ [Thu Sep 06 13:02:22.128881 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] self.kinit(user_principal, password, ipa_ccache_name) [Thu Sep 06 13:02:22.128886 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 971, in kinit [Thu Sep 06 13:02:22.128892 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM], [Thu Sep 06 13:02:22.128898 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipalib/install/kinit.py", line 125, in kinit_armor [Thu Sep 06 13:02:22.133878 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] run(args, env=env, raiseonerr=True, capture_error=True) [Thu Sep 06 13:02:22.133892 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 572, in run [Thu Sep 06 13:02:22.138435 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] p.returncode, arg_string, output_log, error_log [Thu Sep 06 13:02:22.138488 2018] [wsgi:error] [pid 6138:tid 140075658061568] [remote 172.16.16.30:38014] CalledProcessError: CalledProcessError(Command ['/usr/bin/kinit', '-n', '-c', '/var/run/ipa/ccaches/armor_6138', '-X', 'X509_anchors=FILE:/var/lib/krb5kdc/kdc.crt', '-X', 'X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem'] returned non-zero exit status 1: "kinit: Pre-authentication failed: Cannot open file '/var/lib/krb5kdc/kdc.crt': Permission denied while getting initial credentials\\n") ---------------------8X-----------------8X------------------ -- Kees _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
