Hi, I have also done this on a new f15 client and it also fails.
But its saying, 500 and not 401 which is the rhel6.1 failure. "HTTP response code is 401, not 200" == RHEL61 "HTTP response code is 500, not 200" == FED15 ============== more fed15-install-error [root@fed15-64-ws02 ~]# ipa-client-install --mkhomedir --server vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz' , 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw. ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server' : None, 'mkhomedir': True, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG [ipacheckldap] root : DEBUG args=/usr/bin/wget -O /tmp/tmpsyC9Zx/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2011-08-03 15:18:07-- http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 779 [application/x-x509-ca-cert] Saving to: “/tmp/tmpsyC9Zx/ca.crt” 0K 100% 111M=0s 2011-08-03 15:18:07 (111 MB/s) - “/tmp/tmpsyC9Zx/ca.crt” saved [779/779] root : DEBUG Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389 root : DEBUG Search rootdse root : DEBUG Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base) root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainOb ject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': [ 'unix.vuw.ac.nz']})] root : DEBUG Search for (objectClass=krbRealmContainer) in dc=unix,dc=vuw,dc=ac,dc=nz(sub) root : DEBUG Found: [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees': ['dc=unix,dc=vu w,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hma c-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScop e': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special ', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal' , 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMax RenewableAge': ['604800']})] root : DEBUG will use domain: unix.vuw.ac.nz root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz Discovery was successful! root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz Hostname: fed15-64-ws02.unix.vuw.ac.nz Realm: UNIX.VUW.AC.NZ DNS Domain: unix.vuw.ac.nz IPA Server: vuwunicoipamt01.unix.vuw.ac.nz BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin root : DEBUG will use principal: admin root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2011-08-03 15:18:12-- http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 779 [application/x-x509-ca-cert] Saving to: “/etc/ipa/ca.crt” 0K 100% 112M=0s 2011-08-03 15:18:12 (112 MB/s) - “/etc/ipa/ca.crt” saved [779/779] root : DEBUG Writing Kerberos configuration to /tmp/tmpiFqnW9: #File modified by ipa-client-install [libdefaults] default_realm = UNIX.VUW.AC.NZ dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] UNIX.VUW.AC.NZ = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .unix.vuw.ac.nz = UNIX.VUW.AC.NZ unix.vuw.ac.nz = UNIX.VUW.AC.NZ [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Password for ad...@unix.vuw.ac.nz: root : DEBUG args=kinit ad...@unix.vuw.ac.nz root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz: root : DEBUG stderr= root : DEBUG args=/usr/sbin/ipa-join -s vuwunicoipamt01.unix.vuw.ac.nz -d root : DEBUG stdout= root : DEBUG stderr=XML-RPC CALL: <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n <methodName>join</methodName>\r\n <params>\r\n <param><value><array><data>\r\n <value><string>fed15-64-ws02.unix.vuw.ac.nz</string></value>\r\n </data></array></value></param>\r\n <param><value><struct>\r\n <member><name>nsosversion</name>\r\n <value><string>2.6.38.6-26.rc1.fc15.x86_64</string></value></member>\r\n <member><name>nshardwareplatform</name>\r\n <value><string>x86_64</string></value></member>\r\n </struct></value></param>\r\n </params>\r\n </methodCall>\r\n HTTP response code is 500, not 200 Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. root : DEBUG args=kdestroy root : DEBUG stdout= root : DEBUG stderr= [root@fed15-64-ws02 ~]# ======================= regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Wednesday, 3 August 2011 9:35 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? Hi, Client ========== rhel61-64cl04.unix.vuw.ac.nz Linux rhel61-64cl04.unix.vuw.ac.nz 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux ipa-client-2.0.0-23.el6_1.1.x86_64 libcurl-7.19.7-26.el6.x86_64 Red Hat Enterprise Linux Client release 6.1 (Santiago) ========== Server ========== Linux vuwunicoipamt01 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux libcurl-7.19.7-26.el6_1.1.x86_64 ipa-client-2.0.0-23.el6_1.1.x86_64 ipa-server-2.0.0-23.el6_1.1.x86_64 Red Hat Enterprise Linux Server release 6.1 (Santiago) ========== install output ========== [root@rhel61-64cl04 ~]# ipa-client-install --mkhomedir --server vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz', 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw.ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir': True, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG [ipacheckldap] root : DEBUG args=/usr/bin/wget -O /tmp/tmpaaTaqF/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2011-08-03 09:01:14-- http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 779 [application/x-x509-ca-cert] Saving to: `/tmp/tmpaaTaqF/ca.crt' 0K 100% 132M=0s 2011-08-03 09:01:14 (132 MB/s) - `/tmp/tmpaaTaqF/ca.crt' saved [779/779] root : DEBUG Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389 root : DEBUG Search rootdse root : DEBUG Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base) root : DEBUG Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': ['unix.vuw.ac.nz']})] root : DEBUG Search for (objectClass=krbRealmContainer) in dc=unix,dc=vuw,dc=ac,dc=nz(sub) root : DEBUG Found: [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees': ['dc=unix,dc=vuw,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] root : DEBUG will use domain: unix.vuw.ac.nz root : DEBUG will use server: vuwunicoipamt01.unix.vuw.ac.nz Discovery was successful! root : DEBUG will use cli_realm: UNIX.VUW.AC.NZ root : DEBUG will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz Hostname: rhel61-64cl04.unix.vuw.ac.nz Realm: UNIX.VUW.AC.NZ DNS Domain: unix.vuw.ac.nz IPA Server: vuwunicoipamt01.unix.vuw.ac.nz BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin root : DEBUG will use principal: admin root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2011-08-03 09:01:22-- http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236 Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 779 [application/x-x509-ca-cert] Saving to: `/etc/ipa/ca.crt' 0K 100% 96.5M=0s 2011-08-03 09:01:22 (96.5 MB/s) - `/etc/ipa/ca.crt' saved [779/779] Password for ad...@unix.vuw.ac.nz: root : DEBUG args=kinit ad...@unix.vuw.ac.nz root : DEBUG stdout=Password for ad...@unix.vuw.ac.nz: root : DEBUG stderr= root : DEBUG args=/usr/sbin/ipa-join -s vuwunicoipamt01.unix.vuw.ac.nz -d root : DEBUG stdout= root : DEBUG stderr=XML-RPC CALL: <?xml version="1.0" encoding="UTF-8"?>\r\n <methodCall>\r\n <methodName>join</methodName>\r\n <params>\r\n <param><value><array><data>\r\n <value><string>rhel61-64cl04.unix.vuw.ac.nz</string></value>\r\n </data></array></value></param>\r\n <param><value><struct>\r\n <member><name>nsosversion</name>\r\n <value><string>2.6.32-131.6.1.el6.x86_64</string></value></member>\r\n <member><name>nshardwareplatform</name>\r\n <value><string>x86_64</string></value></member>\r\n </struct></value></param>\r\n </params>\r\n </methodCall>\r\n HTTP response code is 401, not 200 Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. root : DEBUG args=kdestroy root : DEBUG stdout= root : DEBUG stderr= [root@rhel61-64cl04 ~]# ========== Error log ========== [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored [Wed Aug 03 09:04:57 2011] [notice] caught SIGTERM, shutting down [Wed Aug 03 09:04:58 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Wed Aug 03 09:04:58 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Aug 03 09:04:58 2011] [notice] Digest: generating secret for digest authentication ... [Wed Aug 03 09:04:58 2011] [notice] Digest: done [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Compiled for Python/2.6.2. [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Runtime using Python/2.6.6. [Wed Aug 03 09:04:59 2011] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6 configured -- resuming normal operations [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START *** [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START *** ========== regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 3 August 2011 1:48 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? Steven Jones wrote: > > Yes....enrolement now fails, previous messages I attached show that I think, > it used to work. > > History, I had to remove all my working IPA clients due to a disk space > problem on our SAN (we didnt have any). So I managed to keep the working IPA > server and 2 x RHEL5 64 bit servers and the one un-configured template of > RHEL6.1 64bit client I had. This I used to make client side clones off > previously and connected them to IPA server and they worked. > > So lastweek I went back and with a running ipa server, I cloned in the old > client/template and got the mis-match, so I put them on the production > network and patched, same mismatch problem. > > I can do a sosreport of the old template I think and the client to look at > the differences if that helps. I'm having a hard time following exactly what you are doing, on what machine. I think we need to be more systematic. Can you choose a machine to act as the client and provide the following: - distro and architecture (e.g. RHEL 6.1 on x86_64) - rpm -q curl libcurl - rpm -q ipa-client On the IPA server: - rpm -q ipa-server Start with a client that is not enrolled. If it has previously been enrolled run: ipa-client-install --uninstall -U Now run ipa-client-install and answer the questions as appropriate for your install. If it fails please provide the following: - any stdout you get from the client install - attach the full /var/log/ipaclient-install.log - attach the last 100 lines from /var/log/httpd/error_log from the IPA server rob _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users