Hi,
I have also done this on a new f15 client and it also fails.
But its saying,
500 and not 401 which is the rhel6.1 failure.
"HTTP response code is 401, not 200" == RHEL61
"HTTP response code is 500, not 200" == FED15
==============
more fed15-install-error
[root@fed15-64-ws02 ~]# ipa-client-install --mkhomedir --server
vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
root : DEBUG /usr/sbin/ipa-client-install was invoked with options:
{'conf_ntp': True, 'domain': 'unix.vuw.ac.nz'
, 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit':
False, 'server': 'vuwunicoipamt01.unix.vuw.
ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False,
'debug': True, 'on_master': False, 'ntp_server'
: None, 'mkhomedir': True, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmpsyC9Zx/ca.crt
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-08-03 15:18:07--
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 779 [application/x-x509-ca-cert]
Saving to: “/tmp/tmpsyC9Zx/ca.crt”
0K 100% 111M=0s
2011-08-03 15:18:07 (111 MB/s) - “/tmp/tmpsyC9Zx/ca.crt” saved [779/779]
root : DEBUG Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
root : DEBUG Search rootdse
root : DEBUG Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base)
root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass':
['top', 'domain', 'pilotObject', 'nisDomainOb
ject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': [
'unix.vuw.ac.nz']})]
root : DEBUG Search for (objectClass=krbRealmContainer) in
dc=unix,dc=vuw,dc=ac,dc=nz(sub)
root : DEBUG Found:
[('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees':
['dc=unix,dc=vu
w,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes':
['aes256-cts:special', 'aes128-cts:special', 'des3-hma
c-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top',
'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScop
e': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal',
'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special
', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal',
'arcfour-hmac:special', 'des-hmac-sha1:normal'
, 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4',
'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMax
RenewableAge': ['604800']})]
root : DEBUG will use domain: unix.vuw.ac.nz
root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz
Discovery was successful!
root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ
root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
Hostname: fed15-64-ws02.unix.vuw.ac.nz
Realm: UNIX.VUW.AC.NZ
DNS Domain: unix.vuw.ac.nz
IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
root : DEBUG will use principal: admin
root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-08-03 15:18:12--
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 779 [application/x-x509-ca-cert]
Saving to: “/etc/ipa/ca.crt”
0K 100% 112M=0s
2011-08-03 15:18:12 (112 MB/s) - “/etc/ipa/ca.crt” saved [779/779]
root : DEBUG Writing Kerberos configuration to /tmp/tmpiFqnW9:
#File modified by ipa-client-install
[libdefaults]
default_realm = UNIX.VUW.AC.NZ
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
UNIX.VUW.AC.NZ = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.unix.vuw.ac.nz = UNIX.VUW.AC.NZ
unix.vuw.ac.nz = UNIX.VUW.AC.NZ
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Password for ad...@unix.vuw.ac.nz:
root : DEBUG args=kinit ad...@unix.vuw.ac.nz
root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz:
root : DEBUG stderr=
root : DEBUG args=/usr/sbin/ipa-join -s
vuwunicoipamt01.unix.vuw.ac.nz -d
root : DEBUG stdout=
root : DEBUG stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>fed15-64-ws02.unix.vuw.ac.nz</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>2.6.38.6-26.rc1.fc15.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
HTTP response code is 500, not 200
Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.
root : DEBUG args=kdestroy
root : DEBUG stdout=
root : DEBUG stderr=
[root@fed15-64-ws02 ~]#
=======================
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Wednesday, 3 August 2011 9:35 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] version mismatch while joining a client ?
Hi,
Client
==========
rhel61-64cl04.unix.vuw.ac.nz
Linux rhel61-64cl04.unix.vuw.ac.nz 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20
14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
ipa-client-2.0.0-23.el6_1.1.x86_64
libcurl-7.19.7-26.el6.x86_64
Red Hat Enterprise Linux Client release 6.1 (Santiago)
==========
Server
==========
Linux vuwunicoipamt01 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT
2011 x86_64 x86_64 x86_64 GNU/Linux
libcurl-7.19.7-26.el6_1.1.x86_64
ipa-client-2.0.0-23.el6_1.1.x86_64
ipa-server-2.0.0-23.el6_1.1.x86_64
Red Hat Enterprise Linux Server release 6.1 (Santiago)
==========
install output
==========
[root@rhel61-64cl04 ~]# ipa-client-install --mkhomedir --server
vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
root : DEBUG /usr/sbin/ipa-client-install was invoked with options:
{'conf_ntp': True, 'domain': 'unix.vuw.ac.nz', 'uninstall': False, 'force':
False, 'sssd': True, 'hostname': None, 'permit': False, 'server':
'vuwunicoipamt01.unix.vuw.ac.nz', 'prompt_password': False, 'realm_name': None,
'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None,
'mkhomedir': True, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmpaaTaqF/ca.crt
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-08-03 09:01:14--
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 779 [application/x-x509-ca-cert]
Saving to: `/tmp/tmpaaTaqF/ca.crt'
0K 100% 132M=0s
2011-08-03 09:01:14 (132 MB/s) - `/tmp/tmpaaTaqF/ca.crt' saved [779/779]
root : DEBUG Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
root : DEBUG Search rootdse
root : DEBUG Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base)
root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass':
['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'],
'info': ['IPA V2.0'], 'associatedDomain': ['unix.vuw.ac.nz'], 'dc': ['unix'],
'nisDomain': ['unix.vuw.ac.nz']})]
root : DEBUG Search for (objectClass=krbRealmContainer) in
dc=unix,dc=vuw,dc=ac,dc=nz(sub)
root : DEBUG Found:
[('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees':
['dc=unix,dc=vuw,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'],
'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special',
'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top',
'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'],
'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
'krbMaxRenewableAge': ['604800']})]
root : DEBUG will use domain: unix.vuw.ac.nz
root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz
Discovery was successful!
root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ
root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
Hostname: rhel61-64cl04.unix.vuw.ac.nz
Realm: UNIX.VUW.AC.NZ
DNS Domain: unix.vuw.ac.nz
IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
root : DEBUG will use principal: admin
root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-08-03 09:01:22--
http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 779 [application/x-x509-ca-cert]
Saving to: `/etc/ipa/ca.crt'
0K 100% 96.5M=0s
2011-08-03 09:01:22 (96.5 MB/s) - `/etc/ipa/ca.crt' saved [779/779]
Password for ad...@unix.vuw.ac.nz:
root : DEBUG args=kinit ad...@unix.vuw.ac.nz
root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz:
root : DEBUG stderr=
root : DEBUG args=/usr/sbin/ipa-join -s
vuwunicoipamt01.unix.vuw.ac.nz -d
root : DEBUG stdout=
root : DEBUG stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>rhel61-64cl04.unix.vuw.ac.nz</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>2.6.32-131.6.1.el6.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
HTTP response code is 401, not 200
Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.
root : DEBUG args=kdestroy
root : DEBUG stdout=
root : DEBUG stderr=
[root@rhel61-64cl04 ~]#
==========
Error log
==========
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [error] Exception KeyError:
KeyError(140510308317152,) in <module 'threading' from
'/usr/lib64/python2.6/threading.pyc'> ignored
[Wed Aug 03 09:04:57 2011] [notice] caught SIGTERM, shutting down
[Wed Aug 03 09:04:58 2011] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:s0
[Wed Aug 03 09:04:58 2011] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Wed Aug 03 09:04:58 2011] [notice] Digest: generating secret for digest
authentication ...
[Wed Aug 03 09:04:58 2011] [notice] Digest: done
[Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Compiled for Python/2.6.2.
[Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Runtime using Python/2.6.6.
[Wed Aug 03 09:04:59 2011] [notice] Apache/2.2.15 (Unix) DAV/2
mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6
configured -- resuming normal operations
[Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
[Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
==========
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 3 August 2011 1:48 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] version mismatch while joining a client ?
Steven Jones wrote:
>
> Yes....enrolement now fails, previous messages I attached show that I think,
> it used to work.
>
> History, I had to remove all my working IPA clients due to a disk space
> problem on our SAN (we didnt have any). So I managed to keep the working IPA
> server and 2 x RHEL5 64 bit servers and the one un-configured template of
> RHEL6.1 64bit client I had. This I used to make client side clones off
> previously and connected them to IPA server and they worked.
>
> So lastweek I went back and with a running ipa server, I cloned in the old
> client/template and got the mis-match, so I put them on the production
> network and patched, same mismatch problem.
>
> I can do a sosreport of the old template I think and the client to look at
> the differences if that helps.
I'm having a hard time following exactly what you are doing, on what
machine. I think we need to be more systematic.
Can you choose a machine to act as the client and provide the following:
- distro and architecture (e.g. RHEL 6.1 on x86_64)
- rpm -q curl libcurl
- rpm -q ipa-client
On the IPA server:
- rpm -q ipa-server
Start with a client that is not enrolled. If it has previously been
enrolled run: ipa-client-install --uninstall -U
Now run ipa-client-install and answer the questions as appropriate for
your install.
If it fails please provide the following:
- any stdout you get from the client install
- attach the full /var/log/ipaclient-install.log
- attach the last 100 lines from /var/log/httpd/error_log from the IPA
server
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
