Introduction: We are currently using the Altlinux system, and the freeipa package is maintained in the repository provided at https://packages.altlinux.org/en/p10/srpms/freeipa/. To meet our specific requirements, I decided to create a container package based on the Altlinux p10 distribution. However, I have now encountered a problem while trying to install ipa-client inside the container. It seems that I am not receiving a session cookie for some reason. Although the logs indicate that the Ticket Granting Ticket (TGT) is successfully issued and stored at /etc/ipa/.dns_ccache (TGT for the host principal), there is a warning stating that the ipa_session cookie cannot be found. As a result, the request to /ipa/json fails with a 401 error.
Despite the fact that this distribution is not based on RHEL and therefore not officially supported, I would appreciate any guidance. Precisely what should happen in normal sutiation without error. Any hints on where to investigate in the source code would also be helpful. ipaclient-install logs: https://pastebin.com/8NbieLK3 the error part is: >2023-07-12T03:50:08Z DEBUG Initializing principal >host/ipamaster.ipa-test.novalocal@IPA-TEST-NOTLIKEDOMAIN.NOVALOCAL using >keytab /data/etc/krb5.keytab >2023-07-12T03:50:08Z DEBUG using ccache /etc/ipa/.dns_ccache >2023-07-12T03:50:08Z DEBUG Attempt 1/5: success >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/bin/certutil', '-d', >'/tmp/tmpgi6acve3', '-N', '-f', '/tmp/tmpgi6acve3/pwdfile.txt', '-@', >'/tmp/tmpgi6acve3/pwdfile.txt'] >2023-07-12T03:50:08Z DEBUG Process finished, return code=0 >2023-07-12T03:50:08Z DEBUG stdout= >2023-07-12T03:50:08Z DEBUG stderr= >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/sbin/selinuxenabled'] >2023-07-12T03:50:08Z DEBUG Process execution failed >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/sbin/selinuxenabled'] >2023-07-12T03:50:08Z DEBUG Process execution failed >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/sbin/selinuxenabled'] >2023-07-12T03:50:08Z DEBUG Process execution failed >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/sbin/selinuxenabled'] >2023-07-12T03:50:08Z DEBUG Process execution failed >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/sbin/selinuxenabled'] >2023-07-12T03:50:08Z DEBUG Process execution failed >2023-07-12T03:50:08Z DEBUG Starting external process >2023-07-12T03:50:08Z DEBUG args=['/usr/bin/certutil', '-d', >'sql:/tmp/tmpgi6acve3', '-A', '-n', 'CA certificate 1', '-t', 'C,,', '-a', >'-f', '/tmp/tmpgi6acve3/pwdfile.txt'] >2023-07-12T03:50:08Z DEBUG Process finished, return code=0 >2023-07-12T03:50:08Z DEBUG stdout= >2023-07-12T03:50:08Z DEBUG stderr= >2023-07-12T03:50:08Z DEBUG failed to find session_cookie in persistent storage >for principal >'host/ipamaster.ipa-test.novalocal@IPA-TEST-NOTLIKEDOMAIN.NOVALOCAL' >2023-07-12T03:50:08Z DEBUG trying https://ipamaster.ipa-test.novalocal/ipa/json >2023-07-12T03:50:08Z DEBUG Created connection context.rpcclient_139827748309840 >2023-07-12T03:50:08Z DEBUG [try 1]: Forwarding 'schema' to json server >'https://ipamaster.ipa-test.novalocal/ipa/json' >2023-07-12T03:50:08Z DEBUG ENTERING SINGLE_REQUEST >2023-07-12T03:50:08Z DEBUG HOST:i (ipamaster.ipa-test.novalocal) >2023-07-12T03:50:08Z DEBUG HANDLER: (/ipa/json) >2023-07-12T03:50:08Z DEBUG REQUEST_BODY: (b'{"method": "schema", "params": >[[], {"version": "2.170"}], "id": 0}') >2023-07-12T03:50:08Z DEBUG New HTTP connection (ipamaster.ipa-test.novalocal) >2023-07-12T03:50:08Z DEBUG HTTP connection destroyed >(ipamaster.ipa-test.novalocal) >Traceback (most recent call last): > File > "/usr/lib64/python3/site-packages/ipaclient/remote_plugins/__init__.py", line > 120, in get_package > plugins = api._remote_plugins >AttributeError: 'API' object has no attribute '_remote_plugins' > >During handling of the above exception, another exception occurred: > >Traceback (most recent call last): > File "/usr/lib64/python3/site-packages/ipalib/rpc.py", line 727, in > single_request > if not self._auth_complete(response): > File "/usr/lib64/python3/site-packages/ipalib/rpc.py", line 673, in > _auth_complete > raise errors.KerberosError( >ipalib.errors.KerberosError: No valid Negotiate header in server response >2023-07-12T03:50:08Z DEBUG Destroyed connection >context.rpcclient_139827748309840 >2023-07-12T03:50:08Z DEBUG File >"/usr/lib64/python3/site-packages/ipapython/admintool.py", line 180, in execute _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
