Thanks Florence,
I ran ipa-adtrust-install again, but this time with the `--debug` option, but I
don't really see the reason for the error:
[12/25]: adding RID bases
ipaserver.install.adtrustinstance: DEBUG
[LDAPEntry(ipapython.dn.DN('cn=IPA.MYDOMAIN_id_range,cn=ranges,cn=etc,dc=ipa,dc=mydomain'),
{'ipaSecondaryBaseRID': [b'100000000'], 'ipaBaseRID': ['0'], 'objectClass':
[b'top', b'ipaIDrange', b'ipaDomainIDRange'], 'cn': [b'IPA.MYDOMAIN_id_range'],
'ipaBaseID': [b'1987000000'], 'ipaIDRangeSize': [b'200000'], 'ipaRangeType':
[b'ipa-local']})]
ipaserver.install.adtrustinstance: DEBUG []
ipaserver.install.service: DEBUG RID bases already set, nothing to do
RID bases already set, nothing to do
ipaserver.install.service: DEBUG step duration: smb __add_rid_bases 0.00 sec
ipaserver.install.service: DEBUG [13/25]: updating Kerberos config
[13/25]: updating Kerberos config
ipaserver.install.service: DEBUG 'dns_lookup_kdc' already set to 'true',
nothing to do.
'dns_lookup_kdc' already set to 'true', nothing to do.
ipaserver.install.service: DEBUG step duration: smb __update_krb5_conf 0.00
sec
ipaserver.install.service: DEBUG [14/25]: activating CLDAP plugin
[14/25]: activating CLDAP plugin
ipaserver.install.service: DEBUG CLDAP plugin already configured, nothing to
do
CLDAP plugin already configured, nothing to do
ipaserver.install.service: DEBUG step duration: smb __add_cldap_module 0.00
sec
ipaserver.install.service: DEBUG [15/25]: activating sidgen task
[15/25]: activating sidgen task
ipaserver.install.service: DEBUG Sidgen task plugin already configured,
nothing to do
Sidgen task plugin already configured, nothing to do
ipaserver.install.service: DEBUG step duration: smb __add_sidgen_task 0.00
sec
ipaserver.install.service: DEBUG [16/25]: map BUILTIN\Guests to nobody
group
[16/25]: map BUILTIN\Guests to nobody group
ipaserver.install.adtrustinstance: DEBUG Map BUILTIN\Guests to a group
'nobody'
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/usr/bin/net', '-s', '/dev/null',
'groupmap', 'add', 'sid=S-1-5-32-546', 'unixgroup=nobody', 'type=builtin']
ipapython.ipautil: DEBUG Process finished, return code=255
ipapython.ipautil: DEBUG stdout=Unix group nobody already mapped to SID
S-1-5-32-546
ipapython.ipautil: DEBUG stderr=
ipaserver.install.service: DEBUG step duration: smb __map_Guests_to_nobody
0.07 sec
ipaserver.install.service: DEBUG [17/25]: configuring smbd to start on boot
[17/25]: configuring smbd to start on boot
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'is-enabled', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=1
ipapython.ipautil: DEBUG stdout=disabled
ipapython.ipautil: DEBUG stderr=
ipalib.sysrestore: DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
ipalib.sysrestore: DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'unmask', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'disable', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipapython.ipaldap: DEBUG update_entry modlist [(0, 'ipaconfigstring',
[b'configuredService'])]
ipaserver.install.service: DEBUG service ADTRUST has all config values set
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'unmask', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'disable', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipapython.ipaldap: DEBUG update_entry modlist [(0, 'ipaconfigstring',
[b'configuredService'])]
ipaserver.install.service: DEBUG service EXTID has all config values set
ipaserver.install.service: DEBUG step duration: smb __enable 1.58 sec
ipaserver.install.service: DEBUG [18/25]: enabling trusted domains support
for older clients via Schema Compatibility plugin
[18/25]: enabling trusted domains support for older clients via Schema
Compatibility plugin
ipaserver.install.service: DEBUG step duration: smb __enable_compat_tree
0.00 sec
ipaserver.install.service: DEBUG [19/25]: restarting Directory Server to
take MS PAC and LDAP plugins changes into account
[19/25]: restarting Directory Server to take MS PAC and LDAP plugins changes
into account
ipalib.backend: DEBUG Destroyed connection context.ldap2_140433696891056
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'restart',
'[email protected]']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipaplatform.base.services: DEBUG Restart of [email protected]
complete
ipalib.backend: DEBUG Created connection context.ldap2_140433696891056
ipaserver.install.service: DEBUG step duration: smb __restart_dirsrv 3.46 sec
ipaserver.install.service: DEBUG [20/25]: adding fallback group
[20/25]: adding fallback group
ipapython.ipaldap: DEBUG flushing ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket
from SchemaCache
ipapython.ipaldap: DEBUG retrieving schema for SchemaCache
url=ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket
conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fb9440e57e0>
ipaserver.install.service: DEBUG Fallback group already set, nothing to do
Fallback group already set, nothing to do
ipaserver.install.service: DEBUG step duration: smb __add_fallback_group
0.25 sec
ipaserver.install.service: DEBUG [21/25]: adding Default Trust View
[21/25]: adding Default Trust View
ipaserver.install.service: DEBUG Default Trust View already exists.
Default Trust View already exists.
ipaserver.install.service: DEBUG step duration: smb __add_default_trust_view
0.00 sec
ipaserver.install.service: DEBUG [22/25]: setting SELinux booleans
[22/25]: setting SELinux booleans
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/usr/sbin/selinuxenabled']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/usr/sbin/getsebool', 'samba_portmapper']
ipapython.ipautil: DEBUG Process finished, return code=0
ipapython.ipautil: DEBUG stdout=samba_portmapper --> on
ipapython.ipautil: DEBUG stderr=
ipalib.sysrestore: DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
ipalib.sysrestore: DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
ipaserver.install.service: DEBUG step duration: smb
__configure_selinux_for_smbd 0.01 sec
ipaserver.install.service: DEBUG [23/25]: starting CIFS services
[23/25]: starting CIFS services
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/bin/systemctl', 'start', 'smb.service']
ipapython.ipautil: DEBUG Process finished, return code=1
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=Job for smb.service failed because the
control process exited with error code.
See "systemctl status smb.service" and "journalctl -xeu smb.service" for
details.
ipaserver.install.adtrustinstance: CRITICAL CIFS services failed to start
ipaserver.install.service: DEBUG step duration: smb __start 0.12 sec
ipaserver.install.service: DEBUG [24/25]: adding SIDs to existing users
and groups
[24/25]: adding SIDs to existing users and groups
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=['/usr/bin/ldapmodify', '-v', '-f',
'/tmp/tmp5rp8yzq6', '-H', 'ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket', '-Y',
'EXTERNAL']
ipapython.ipautil: DEBUG Process finished, return code=1
ipapython.ipautil: DEBUG stdout=add objectClass:
top
extensibleObject
add cn:
sidgen
add nsslapd-basedn:
dc=ipa,dc=mydomain
add delay:
0
adding new entry "cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config"
ipapython.ipautil: DEBUG stderr=ldap_initialize(
ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_add: Operations error (1)
ipaserver.install.service: CRITICAL Failed to load ipa-sidgen-task-run.ldif:
CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
'/tmp/tmp5rp8yzq6', '-H', 'ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket', '-Y',
'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket/??base )\nSASL/EXTERNAL
authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n')
ipaserver.install.adtrustinstance: WARNING Exception occured during SID
generation: CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f',
'/tmp/tmp5rp8yzq6', '-H', 'ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket', '-Y',
'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize(
ldapi://%2Frun%2Fslapd-IPA-MYDOMAIN.socket/??base )\nSASL/EXTERNAL
authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add:
Operations error (1)\n')
ipaserver.install.service: DEBUG step duration: smb __add_sids 0.01 sec
ipaserver.install.service: DEBUG [25/25]: restarting smbd
[25/25]: restarting smbd
ipaserver.install.service: DEBUG step duration: smb __restart_smb 0.00 sec
ipaserver.install.service: DEBUG Done configuring CIFS.
Done configuring CIFS.
On the slapd-log, I see this:
[04/Apr/2022:20:07:54.828098373 +0200] - ERR - attrcrypt_init - All prepared
ciphers are not available. Please disable attribute encryption.
[04/Apr/2022:20:07:54.844695320 +0200] - ERR - schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server startup!
[04/Apr/2022:20:07:54.856522312 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=groups,cn=compat,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.856929472 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=computers,cn=compat,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.857286367 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=ng,cn=compat,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.857672999 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target ou=sudoers,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.858007707 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=users,cn=compat,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.858348091 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.858638364 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.858950689 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.859255492 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.859553514 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.859861969 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.860156797 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.860440335 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.860731517 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.861042554 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.861348651 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=vaults,cn=kra,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.868233352 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.868647453 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=mydomain does not exist
[04/Apr/2022:20:07:54.985338170 +0200] - WARN - NSACLPlugin - acl_parse - The
ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[04/Apr/2022:20:07:54.989418976 +0200] - INFO - slapi_vattrspi_regattr -
Because krbPwdPolicyReference is a new registered virtual attribute ,
nsslapd-ignore-virtual-attrs was set to 'off'
[04/Apr/2022:20:07:54.990156062 +0200] - ERR - cos-plugin - cos_dn_defs_cb -
Skipping CoS Definition cn=Password Policy,cn=accounts,dc=ipa,dc=mydomain--no
CoS Templates found, which should be added before the CoS Definition.
[04/Apr/2022:20:07:55.034170781 +0200] - ERR - schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[04/Apr/2022:20:07:55.037033585 +0200] - INFO - slapd_daemon - slapd started.
Listening on All Interfaces port 389 for LDAP requests
[04/Apr/2022:20:07:55.037335986 +0200] - INFO - slapd_daemon - Listening on All
Interfaces port 636 for LDAPS requests
[04/Apr/2022:20:07:55.037547183 +0200] - INFO - slapd_daemon - Listening on
/var/run/slapd-IPA-MYDOMAIN.socket for LDAPI requests
[04/Apr/2022:20:07:55.442844902 +0200] - ERR - get_ranges - [file
ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct.
[04/Apr/2022:20:07:55.443441310 +0200] - ERR - sidgen_task_add - [file
ipa_sidgen_task.c, line 283]: Cannot find ranges.
[04/Apr/2022:20:07:55.443923241 +0200] - ERR - ipa_sidgen_add_post_op - [file
ipa_sidgen.c, line 128]: Missing target entry.
[04/Apr/2022:20:08:00.047149067 +0200] - ERR - schema-compat-plugin - warning:
no entries set up under cn=ng, cn=compat,dc=ipa,dc=mydomain
[04/Apr/2022:20:08:00.054062694 +0200] - ERR - schema-compat-plugin - warning:
no entries set up under cn=computers, cn=compat,dc=ipa,dc=mydomain
[04/Apr/2022:20:08:00.055120875 +0200] - ERR - schema-compat-plugin - Finished
plugin initialization.
Does it point to something?
Best,
Francis
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
