-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I've been trying to document the domain trust process for the past two
days and I am seeing the same results no matter the configuration.

Basically I have nuked and rebuilt my environment several times and all
yields the same results.

Steps to reproduce

1, Clean install of RHEL 6.4
2, yum install ipa-server bind bind-dyndb-ldap
3, ipa-server-install --setup-dns
4, yum install ipa-server-trust-ad
5, kinit admin
6, ipa-adtrust-install

all the above steps work perfectly, however I thought the problem was an
issue in running "ipa trust-add" but I have just tried "ipa host-find"
and get the same output.

If someone is able to reproduce the issue to remove myself from the
equation that would be fantastic. Its either something I'm doing wrong
or there is a bug here somewhere.. (note, no problems at all with same
procedure with Fedora 18 and IPA 3.1)

output is below from adding "debug=true" to /etc/ipa/default.conf

[root@ds01 ~]# ipa host-find
ipa: DEBUG: importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
ipa: DEBUG: args=klist -V
ipa: DEBUG: stdout=Kerberos 5 version 1.10.3

ipa: DEBUG: stderr=
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:ad...@example.com
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available

ipa: DEBUG: failed to find session_cookie in persistent storage for
principal 'ad...@example.com'
ipa: INFO: trying https://ds01.example.com/ipa/xml
ipa: DEBUG: Created connection context.xmlclient
ipa: DEBUG: raw: host_find(None, all=False, raw=False, version=u'2.46')
ipa: DEBUG: host_find(None, all=False, raw=False, version=u'2.46',
pkey_only=False)
ipa: INFO: Forwarding 'host_find' to server
u'https://ds01.example.com/ipa/xml'
ipa: DEBUG: NSSConnection init ds01.example.com
ipa: DEBUG: Connecting: 10.0.1.11:0
ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False
Data:
        Version:       3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm:
            Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: CN=Certificate Authority,O=EXAMPLE.COM
        Validity:
            Not Before: Wed Mar 06 14:55:15 2013 UTC
            Not After:  Sat Mar 07 14:55:15 2015 UTC
        Subject: CN=ds01.example.com,O=EXAMPLE.COM
        Subject Public Key Info:
            Public Key Algorithm:
                Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:68:63:da:ad:0a:97:9a:5c:9c:41:c7:f3:02:ef:1b:
                    7f:8d:eb:e9:49:b0:f5:be:30:8a:1a:c5:5d:b9:77:1d:
                    4e:50:50:76:a3:11:a7:ae:a4:92:92:ea:9b:03:b1:13:
                    38:a1:d9:6c:80:e0:2a:75:83:ad:3a:bd:e6:3c:ae:3e:
                    fe:22:9f:48:41:85:a9:80:35:aa:af:e6:43:4e:d0:36:
                    b9:8a:ab:22:98:cf:14:67:7b:0b:46:0e:cd:97:a2:57:
                    6b:fc:04:c1:59:75:91:c6:f7:0c:a9:8c:ed:3e:35:0e:
                    06:03:99:83:78:45:0d:af:ce:db:b3:c4:a7:2f:44:0d:
                    06:0c:8f:29:0a:9b:d6:a1:4b:55:55:33:a5:0f:6a:87:
                    9c:64:59:7d:dc:e8:4c:13:0b:31:0e:b1:0d:52:88:db:
                    f3:84:0c:fc:71:bd:46:49:60:29:48:d2:00:0a:6a:a2:
                    75:fd:51:51:0b:d1:7d:8a:de:c6:96:61:71:7a:4a:d8:
                    d7:ae:16:2f:7c:61:73:34:98:bd:dc:0a:c4:36:04:98:
                    6b:ed:19:45:d6:94:c2:75:85:32:a1:20:06:6a:ec:ce:
                    f2:ef:35:b1:bc:08:e5:87:87:14:02:3e:62:5e:0e:c9:
                    a5:13:89:bd:c9:b3:fb:1e:3e:f0:e7:08:61:73:46:6f
                Exponent:
                    65537 (0x10001)
    Signed Extensions: (5)
        Name:     Certificate Authority Key Identifier
        Critical: False
        Key ID:
            ee:91:e7:1c:8b:37:ff:ce:ce:2a:5e:5b:9e:50:b2:87:
            8c:6e:7b:fa
        Serial Number: None
        General Names: [0 total]

        Name:     Authority Information Access
        Critical: False

        Name:     Certificate Key Usage
        Critical: True
        Usages:
            Digital Signature
            Non-Repudiation
            Key Encipherment
            Data Encipherment

        Name:     Extended Key Usage
        Critical: False
        Usages:
            TLS Web Server Authentication Certificate
            TLS Web Client Authentication Certificate

        Name:     Certificate Subject Key ID
        Critical: False
        Data:
            b2:de:43:35:0d:ab:02:03:c7:d0:b4:cf:bb:bd:06:37:
            79:fd:58:e6

    Signature:
        Signature Algorithm:
            Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Signature:
            72:dc:84:fd:65:d3:72:6b:6a:5c:b0:fb:6b:51:db:28:
            bf:d7:69:e5:ea:ec:a0:3d:1a:b9:50:b6:82:1c:38:9b:
            70:3c:0e:c4:ba:c7:05:92:12:b6:b5:e5:c9:b3:fc:d0:
            30:80:f2:32:d6:c1:68:56:c1:ae:c5:b6:b3:1a:ce:04:
            4a:fb:68:5c:25:11:a9:44:41:b8:1b:75:d5:29:2c:12:
            5d:c8:2a:10:ab:88:ce:ee:50:dc:9c:7a:3b:62:10:97:
            26:10:49:d7:ea:7a:3e:de:d8:c4:65:bf:e7:a1:57:77:
            d0:35:94:13:54:1c:ec:05:e8:ba:23:6e:f3:19:c4:99:
            73:d2:3a:56:38:e4:4b:a2:ea:d4:e4:43:64:c8:19:de:
            91:5f:e5:85:11:7b:86:3e:ed:92:96:63:42:3c:f1:8b:
            8b:96:10:d1:0c:4d:6c:57:ac:3d:b4:b0:03:de:45:10:
            0c:8a:c7:c9:57:5c:8a:09:11:94:c3:f2:48:6e:1a:10:
            ac:60:34:3d:03:0a:b6:bd:79:18:ca:67:06:d9:36:a2:
            31:6d:a3:f6:d3:66:02:27:fc:12:b4:1f:df:b7:5d:19:
            d2:42:11:53:39:0c:dd:32:82:98:a0:5d:26:1b:78:c5:
            15:9e:71:53:b2:2b:fb:58:80:60:b9:4b:d6:3a:a2:e8
        Fingerprint (MD5):
            ce:83:b5:4a:ae:27:c0:dd:f4:67:a5:53:3b:3a:2f:aa
        Fingerprint (SHA1):
            2f:49:8e:05:18:1b:fa:6a:5f:13:4d:1a:96:7c:36:e1:
            65:c8:bc:d3
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for "CN=ds01.example.com,O=EXAMPLE.COM"
ipa: DEBUG: handshake complete, peer = 10.0.1.11:443
ipa: DEBUG: Caught fault 907 from server
https://ds01.example.com/ipa/xml: cannot connect to
u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: cannot connect to
u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down
[root@ds01 ~]#


Any thoughts?

Dale


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJROF0zAAoJEAJsWS61tB+qhHAQAJCsK+Z4Y/jBc/5mqO7QVxpS
O7RPkiKLEn5+Wi43+sC/kdfVIjUL9blQwq6IgRMupkM/SD7aZ/0wWd+PoTL63n7p
y/HZu7pc4FF7QrVrmijRW9mHiF4LeACXtSvwjEjKYmtV6b+dDRcF/wYaQoR07mkH
bq2P+D5e9i7Cc4Tcpnap5e2sn4Lg4cQmsFvm20CA51WEhRI2UupEvUhhni8hHO4K
Z8uU3GvMAzNjJyMQNZCiaFm3/NKbaeZzHploYdPBh4OZCOON7zTjGbgWnpFjirRz
m1XEC6mlHUyeyaR5ACNmWiGKWYHh7OoBX4Zgr9pda0GynDxE978c87LDRBqjTb7E
VdPiY3vquETbgvD9Jk107vQaGGUFuxWCAYKR4lpY+shW8vIEI1bYiJbVRmyLmTms
9vQ1JkYqttKd4/jJj7YVVxvyOcCDngG7igFvpszGcTm/7zw1+n90j8zKgqUulzmP
+2DOF/HqlCbz7L4mS2Bqeur5jR3lA0iVfaPImkMRSe8vS/Ccs7tTECuuKbmfSa79
2jqwkvhHUWV5+PTObser5UVV9wNVf9f/Ri6IpzlmelFxb9RhYZAt+HY6tJPoF1qw
kOdN48nSxLcTv4wXaTEDmKEEO8OEvP6JTR8S+497dOIfdZtVof6vAnKSY7AlHkmL
3XVL2oxyeuLkckcoXYX1
=SWoo
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to