Your awesome !!!!
Interesting..
Well for one its claiming it cant contact the LDAP server...
But its calling a machine in our domain that I didn't know existed and
furthermore never mentioned in the ipa setup..
So I see it was searching the network...
Also..when doing research on installing, I saw that someone said to paste the
entries form the example DNS file to your existing DNS db file.
I didn't do that because I am just testing..
Would that affect it ?
Dns is correct for both IPA master/replica
Here is the log.
cat /var/log/ipaclient-install.log
2013-10-15T20:18:11Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': None, 'force': False, 'krb5_offline_passwords': True,
'primary': False, 'mkhomedir': False, 'create_sshfp': True, 'conf_sshd': True,
'on_master': False, 'conf_ntp': True, 'ca_cert_file': None, 'ntp_server': None,
'principal': None, 'hostname': None, 'no_ac': False, 'unattended': None,
'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'realm_name': None,
'conf_ssh': True, 'server': None, 'prompt_password': False, 'permit': False,
'debug': False, 'preserve_sssd': False, 'uninstall': False}
2013-10-15T20:18:11Z DEBUG missing options might be asked for interactively
later
2013-10-15T20:18:11Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-10-15T20:18:11Z DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2013-10-15T20:18:11Z DEBUG [IPA Discovery]
2013-10-15T20:18:11Z DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=freeiptest01.dev.com
2013-10-15T20:18:11Z DEBUG Start searching for LDAP SRV record in "dev.com"
(domain of the hostname) and its sub-domains
2013-10-15T20:18:11Z DEBUG Search DNS for SRV record of _ldap._tcp.dev.com.
2013-10-15T20:18:11Z DEBUG No DNS record found
2013-10-15T20:18:11Z DEBUG Search DNS for SRV record of _ldap._tcp.dev.com.
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:hqdc02.dev.com.}
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:hqdc.dev.com.}
2013-10-15T20:18:11Z DEBUG DNS record found:
DNSResult::name:_ldap._tcp.dev.com.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:drdc01.dev.com.}
2013-10-15T20:18:11Z DEBUG [Kerberos realm search]
2013-10-15T20:18:11Z DEBUG Search DNS for TXT record of _kerberos.dev.com.
2013-10-15T20:18:11Z DEBUG No DNS record found
2013-10-15T20:18:11Z DEBUG [LDAP server check]
2013-10-15T20:18:11Z DEBUG Verifying that hqdc02.dev.com (realm None) is an IPA
server
2013-10-15T20:18:11Z DEBUG Init LDAP connection with: ldap://hqdc02.dev.com:389
2013-10-15T20:18:11Z DEBUG Search LDAP server for IPA base DN
If I specify --server=rdsdev01 --domain=dev.com
I get
Failed to verify that rdsdev01 is an IPA Server.
This may mean that the remote server is not up or is not reachable due to
network or firewall settings.
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly
after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Installation failed. Rolling back changes.
IPA client is not configured on this system.
However there is no FW>. Iptables is not running.. and I can telnet to each of
those ports.
-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, October 15, 2013 4:11 PM
To: Mike Calautti; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] stupid question
Mike Calautti wrote:
> I installed ipa-client..
>
> I get this now.
>
> ipa-client-install
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 2323, in <module>
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 2309, in main
> rval = install(options, env, fstore, statestore)
> File "/usr/sbin/ipa-client-install", line 1684, in install
> ret = ds.search(domain=options.domain, servers=options.server,
> hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file))
> File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line
> 242, in search
> ldapret = self.ipacheckldap(server, self.realm,
> ca_cert_path=ca_cert_path)
> File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line
> 339, in ipacheckldap
> basedn = get_ipa_basedn(lh)
> File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 817, in
> get_ipa_basedn
> contexts = entries[0][1]['namingcontexts']
>
> cat /etc/redhat-release
> CentOS release 6.4 (Final)
Hmm. I'd take a look at /var/log/ipaclient-install.log to see what host it is
trying to enroll against. I have the feeling it is finding another host.
We fixed a bug post-6.4 related to case insensitivity and namingcontents. I
have the feeling the LDAP server you're connecting to isn't return it all as
lower case as we expect.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
