-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all
I've been trying to document the domain trust process for the past two days and I am seeing the same results no matter the configuration. Basically I have nuked and rebuilt my environment several times and all yields the same results. Steps to reproduce 1, Clean install of RHEL 6.4 2, yum install ipa-server bind bind-dyndb-ldap 3, ipa-server-install --setup-dns 4, yum install ipa-server-trust-ad 5, kinit admin 6, ipa-adtrust-install all the above steps work perfectly, however I thought the problem was an issue in running "ipa trust-add" but I have just tried "ipa host-find" and get the same output. If someone is able to reproduce the issue to remove myself from the equation that would be fantastic. Its either something I'm doing wrong or there is a bug here somewhere.. (note, no problems at all with same procedure with Fedora 18 and IPA 3.1) output is below from adding "debug=true" to /etc/ipa/default.conf [root@ds01 ~]# ipa host-find ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: args=klist -V ipa: DEBUG: stdout=Kerberos 5 version 1.10.3 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:[email protected] ipa: DEBUG: stdout= ipa: DEBUG: stderr=keyctl_search: Required key not available ipa: DEBUG: failed to find session_cookie in persistent storage for principal '[email protected]' ipa: INFO: trying https://ds01.example.com/ipa/xml ipa: DEBUG: Created connection context.xmlclient ipa: DEBUG: raw: host_find(None, all=False, raw=False, version=u'2.46') ipa: DEBUG: host_find(None, all=False, raw=False, version=u'2.46', pkey_only=False) ipa: INFO: Forwarding 'host_find' to server u'https://ds01.example.com/ipa/xml' ipa: DEBUG: NSSConnection init ds01.example.com ipa: DEBUG: Connecting: 10.0.1.11:0 ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=EXAMPLE.COM Validity: Not Before: Wed Mar 06 14:55:15 2013 UTC Not After: Sat Mar 07 14:55:15 2015 UTC Subject: CN=ds01.example.com,O=EXAMPLE.COM Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:68:63:da:ad:0a:97:9a:5c:9c:41:c7:f3:02:ef:1b: 7f:8d:eb:e9:49:b0:f5:be:30:8a:1a:c5:5d:b9:77:1d: 4e:50:50:76:a3:11:a7:ae:a4:92:92:ea:9b:03:b1:13: 38:a1:d9:6c:80:e0:2a:75:83:ad:3a:bd:e6:3c:ae:3e: fe:22:9f:48:41:85:a9:80:35:aa:af:e6:43:4e:d0:36: b9:8a:ab:22:98:cf:14:67:7b:0b:46:0e:cd:97:a2:57: 6b:fc:04:c1:59:75:91:c6:f7:0c:a9:8c:ed:3e:35:0e: 06:03:99:83:78:45:0d:af:ce:db:b3:c4:a7:2f:44:0d: 06:0c:8f:29:0a:9b:d6:a1:4b:55:55:33:a5:0f:6a:87: 9c:64:59:7d:dc:e8:4c:13:0b:31:0e:b1:0d:52:88:db: f3:84:0c:fc:71:bd:46:49:60:29:48:d2:00:0a:6a:a2: 75:fd:51:51:0b:d1:7d:8a:de:c6:96:61:71:7a:4a:d8: d7:ae:16:2f:7c:61:73:34:98:bd:dc:0a:c4:36:04:98: 6b:ed:19:45:d6:94:c2:75:85:32:a1:20:06:6a:ec:ce: f2:ef:35:b1:bc:08:e5:87:87:14:02:3e:62:5e:0e:c9: a5:13:89:bd:c9:b3:fb:1e:3e:f0:e7:08:61:73:46:6f Exponent: 65537 (0x10001) Signed Extensions: (5) Name: Certificate Authority Key Identifier Critical: False Key ID: ee:91:e7:1c:8b:37:ff:ce:ce:2a:5e:5b:9e:50:b2:87: 8c:6e:7b:fa Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: Certificate Subject Key ID Critical: False Data: b2:de:43:35:0d:ab:02:03:c7:d0:b4:cf:bb:bd:06:37: 79:fd:58:e6 Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 72:dc:84:fd:65:d3:72:6b:6a:5c:b0:fb:6b:51:db:28: bf:d7:69:e5:ea:ec:a0:3d:1a:b9:50:b6:82:1c:38:9b: 70:3c:0e:c4:ba:c7:05:92:12:b6:b5:e5:c9:b3:fc:d0: 30:80:f2:32:d6:c1:68:56:c1:ae:c5:b6:b3:1a:ce:04: 4a:fb:68:5c:25:11:a9:44:41:b8:1b:75:d5:29:2c:12: 5d:c8:2a:10:ab:88:ce:ee:50:dc:9c:7a:3b:62:10:97: 26:10:49:d7:ea:7a:3e:de:d8:c4:65:bf:e7:a1:57:77: d0:35:94:13:54:1c:ec:05:e8:ba:23:6e:f3:19:c4:99: 73:d2:3a:56:38:e4:4b:a2:ea:d4:e4:43:64:c8:19:de: 91:5f:e5:85:11:7b:86:3e:ed:92:96:63:42:3c:f1:8b: 8b:96:10:d1:0c:4d:6c:57:ac:3d:b4:b0:03:de:45:10: 0c:8a:c7:c9:57:5c:8a:09:11:94:c3:f2:48:6e:1a:10: ac:60:34:3d:03:0a:b6:bd:79:18:ca:67:06:d9:36:a2: 31:6d:a3:f6:d3:66:02:27:fc:12:b4:1f:df:b7:5d:19: d2:42:11:53:39:0c:dd:32:82:98:a0:5d:26:1b:78:c5: 15:9e:71:53:b2:2b:fb:58:80:60:b9:4b:d6:3a:a2:e8 Fingerprint (MD5): ce:83:b5:4a:ae:27:c0:dd:f4:67:a5:53:3b:3a:2f:aa Fingerprint (SHA1): 2f:49:8e:05:18:1b:fa:6a:5f:13:4d:1a:96:7c:36:e1: 65:c8:bc:d3 ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=ds01.example.com,O=EXAMPLE.COM" ipa: DEBUG: handshake complete, peer = 10.0.1.11:443 ipa: DEBUG: Caught fault 907 from server https://ds01.example.com/ipa/xml: cannot connect to u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: cannot connect to u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down [root@ds01 ~]# Any thoughts? Dale -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJROF0zAAoJEAJsWS61tB+qhHAQAJCsK+Z4Y/jBc/5mqO7QVxpS O7RPkiKLEn5+Wi43+sC/kdfVIjUL9blQwq6IgRMupkM/SD7aZ/0wWd+PoTL63n7p y/HZu7pc4FF7QrVrmijRW9mHiF4LeACXtSvwjEjKYmtV6b+dDRcF/wYaQoR07mkH bq2P+D5e9i7Cc4Tcpnap5e2sn4Lg4cQmsFvm20CA51WEhRI2UupEvUhhni8hHO4K Z8uU3GvMAzNjJyMQNZCiaFm3/NKbaeZzHploYdPBh4OZCOON7zTjGbgWnpFjirRz m1XEC6mlHUyeyaR5ACNmWiGKWYHh7OoBX4Zgr9pda0GynDxE978c87LDRBqjTb7E VdPiY3vquETbgvD9Jk107vQaGGUFuxWCAYKR4lpY+shW8vIEI1bYiJbVRmyLmTms 9vQ1JkYqttKd4/jJj7YVVxvyOcCDngG7igFvpszGcTm/7zw1+n90j8zKgqUulzmP +2DOF/HqlCbz7L4mS2Bqeur5jR3lA0iVfaPImkMRSe8vS/Ccs7tTECuuKbmfSa79 2jqwkvhHUWV5+PTObser5UVV9wNVf9f/Ri6IpzlmelFxb9RhYZAt+HY6tJPoF1qw kOdN48nSxLcTv4wXaTEDmKEEO8OEvP6JTR8S+497dOIfdZtVof6vAnKSY7AlHkmL 3XVL2oxyeuLkckcoXYX1 =SWoo -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
