Our apps are running in a docker image based on Ubuntu 14.04 that cannot be
changed to redhat. We want to install freeipa-clietn within this docker so that
our app
Uses freeipa ldap as against default ldap.
The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine,
that why is why I am hoping making it run in a Ubun14.04 docker should also be
very much possible.
As you can see the things get stuck in not starting bus process properly(this
problem is not seen in ubuntu on plain machine). I cannot see much debug
statements by enabling —debug option in ipa-client-install.
Its not clear why this process doesn’t get started and what is missing in
container as against plain machine which is making this install fail.
I am on to this issue for 2 full days now. I am pasting whatever debug
statements I got during install, here:
Command
—————
ipa-client-install —domain=<ourdoamin> —server= <ourserver>
hostname=jupyterhub.com --no-ntp --no-dns-sshfp
Log (After Error starts to happen)
—————
Attached
My main suspect is dbus service unable to start in this container where it
launches on a plain machine.
-
Best,
Pawan
On 5/3/16, 2:03 PM, "Lukas Slebodnik" <lsleb...@redhat.com> wrote:
>On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>>Currently this is the error I m stuck with. There isn’t enough material
>>online to proceed further. Failure starts with bus error..
>>
>>Logs during ipa-client-install..
>>====================================
>>
>>Synchronizing time with KDC...
>>Password for service_...@eaz.ebayc3.com:
>>Successfully retrieved CA cert
>> Subject: CN=Certificate Authority,O=EAZ.EBAYC3.COM
>> Issuer: CN=Certificate Authority,O=EAZ.EBAYC3.COM
>> Valid From: Mon Dec 07 05:17:30 2015 UTC
>> Valid Until: Fri Dec 07 05:17:30 2035 UTC
>>
>>
>>Enrolled in IPA realm EAZ.EBAYC3.COM
>>Created /etc/ipa/default.conf
>>New SSSD config will be created
>>Configured /etc/sssd/sssd.conf
>>Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
>>dbus failed to start: Command '/usr/sbin/service dbus start ' returned
>>non-zero exit status 1
>I think the error message is clear.
>There was a problem with starting dbus service within a container.
>
>>certmonger failed to stop: [Errno 2] No such file or directory:
>>'/var/run/ipa/services.list'
>>certmonger request for host certificate failed
>>2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
>>.
>>
>>On 5/3/16, 1:45 AM, "Lukas Slebodnik" <lsleb...@redhat.com> wrote:
>>
>>>On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>>>>Thanks for your quick response. I am trying this on ubuntu.
>>>>
>>>>This is the bug I m facing right now:
>>>>https://lists.launchpad.net/freeipa/msg00236.html
>>>>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me.
>>>>There is no other material also
>>>>On how to fix this dbus error.
>>>>
>>>>root@jupyterhub:/# lsb_release -rd
>>>>Description: Ubuntu 14.04.4 LTS
>>>>Release: 14.04
>>>>root@jupyterhub:/#
>>>Do I understand it correctly that you want to build your own image
>>>based on ubuntu?
>>>
>>>If answer is yes then I would recommend to use ubuntu xenial (16.04).
>>>
>>>But the benefit of container technologies is that you can use
>>>image based on different distribution and therefore it would be the
>>>best if you could use https://hub.docker.com/r/fedora/sssd/
>>>(which was already mentioned.
>>>
>May I know why you do not want to use existing working contianer
>based on image fedora/sssd.
>
>You would save some time with troubleshooting things which were already solved.
>
>If you want a help then please provide more info.
>I assume you use docker and not lxd (based on subject)
>Please share details how did you build an image and how do you
>run container ...
>
>LS
{\rtf1\ansi\ansicpg1252\cocoartf1404\cocoasubrtf460
{\fonttbl\f0\fnil\fcharset0 AndaleMono;}
{\colortbl;\red255\green255\blue255;\red47\green255\blue18;}
\margl1440\margr1440\vieww10800\viewh8400\viewkind0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0
\f0\fs38 \cf2 \cb0 \CocoaLigature0 New SSSD config will be created\
Configured /etc/sssd/sssd.conf\
Starting external process\
args=/usr/bin/certutil -A -d sql:/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt\
Process finished, return code=0\
stdout=\
stderr=\
Backing up system configuration file '/etc/krb5.conf'\
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'\
Starting external process\
args=keyctl get_persistent @s 0\
Process finished, return code=2\
stdout=\
stderr=Unknown command\
\
Writing Kerberos configuration to /etc/krb5.conf:\
#File modified by ipa-client-install\
\
includedir /var/lib/sss/pubconf/krb5.include.d/\
\
[libdefaults]\
default_realm = EAZ.EBAYC3.COM\
dns_lookup_realm = false\
dns_lookup_kdc = false\
rdns = false\
ticket_lifetime = 24h\
forwardable = yes\
\
[realms]\
EAZ.EBAYC3.COM = \{\
kdc = ipa01-756700.lvs01.eaz.ebayc3.com:88\
master_kdc = ipa01-756700.lvs01.eaz.ebayc3.com:88\
admin_server = ipa01-756700.lvs01.eaz.ebayc3.com:749\
default_domain = lvs01.eaz.ebayc3.com\
pkinit_anchors = FILE:/etc/ipa/ca.crt\
\}\
\
[domain_realm]\
.lvs01.eaz.ebayc3.com = EAZ.EBAYC3.COM\
lvs01.eaz.ebayc3.com = EAZ.EBAYC3.COM\
.com = EAZ.EBAYC3.COM\
com = EAZ.EBAYC3.COM\
\
Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
failed to find session_cookie in persistent storage for principal 'host/jupyterhub....@eaz.ebayc3.com'\
trying https://ipa01-756700.lvs01.eaz.ebayc3.com/ipa/xml\
Created connection context.xmlclient\
Try RPC connection\
Forwarding 'ping' to server 'https://ipa01-756700.lvs01.eaz.ebayc3.com/ipa/xml'\
NSSConnection init ipa01-756700.lvs01.eaz.ebayc3.com\
Connecting: 10.103.178.70:0\
auth_certificate_callback: check_sig=True is_server=False\
Data:\
Version: 3 (0x2)\
Serial Number: 13 (0xd)\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Issuer: CN=Certificate Authority,O=EAZ.EBAYC3.COM\
Validity:\
Not Before: Mon Dec 07 11:48:52 2015 UTC\
Not After : Thu Dec 07 11:48:52 2017 UTC\
Subject: CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM\
Subject Public Key Info:\
Public Key Algorithm:\
Algorithm: PKCS #1 RSA Encryption\
RSA Public Key:\
Modulus:\
f4:51:2a:4d:75:42:81:49:38:60:28:0a:a5:a2:ee:27:\
a9:dd:38:62:7d:48:0f:39:94:31:97:f9:9d:5b:65:f6:\
45:74:6f:fd:bc:b8:ab:60:c4:88:34:b8:83:c2:dc:7c:\
23:28:db:56:07:3b:6f:95:cd:fa:77:a7:24:79:1e:02:\
85:df:45:4f:36:25:4d:d0:45:44:d3:52:bf:80:3a:d3:\
f2:32:22:ec:95:25:20:ed:ba:88:50:6f:fe:de:61:20:\
a0:6a:af:18:e1:7b:19:b4:91:27:03:43:2a:42:70:be:\
89:3d:74:87:91:9f:21:f6:e6:38:78:79:3b:35:50:6a:\
af:6d:28:f6:e9:ee:0c:99:87:db:35:d8:30:db:83:d7:\
c1:1d:7c:18:c3:be:49:c7:a0:de:46:46:08:4d:87:0d:\
f5:03:28:36:83:cf:c3:85:18:a0:a8:10:25:b1:40:90:\
43:d4:a1:ac:da:30:da:3e:c3:6a:85:23:3b:a9:f6:fd:\
e0:d9:a6:dc:0c:84:72:dd:52:c4:d8:b9:28:f6:09:00:\
83:34:8c:7c:f3:c0:79:13:a8:d2:e9:b5:4c:8d:b1:3c:\
42:38:c6:4b:7c:8b:6c:88:21:1c:0c:d3:b9:01:da:47:\
4d:53:0a:50:22:36:0f:e5:51:d4:ba:9d:54:07:11:4d\
Exponent: 65537 (0x10001)\
Signed Extensions: (6)\
Name: Certificate Authority Key Identifier\
Critical: False\
Key ID:\
c4:7d:7d:62:92:ad:03:3e:d5:46:41:a4:8e:34:45:0d:\
8b:f4:f0:35\
Serial Number: None\
General Names: [0 total]\
\
Name: Authority Information Access\
Critical: False\
\
Name: Certificate Key Usage\
Critical: True\
Usages:\
Digital Signature\
Non-Repudiation\
Key Encipherment\
Data Encipherment\
\
Name: Extended Key Usage\
Critical: False\
Usages:\
TLS Web Server Authentication Certificate\
TLS Web Client Authentication Certificate\
\
Name: CRL Distribution Points\
Critical: False\
CRL Distribution Points: [1 total]\
Point [1]:\
General Names: [1 total]\
http://ipa-ca.lvs01.eaz.ebayc3.com/ipa/crl/MasterCRL.bin\
Issuer: Directory Name: CN=Certificate Authority,O=ipaca\
Reasons: ()\
\
Name: Certificate Subject Key ID\
Critical: False\
Data:\
7e:c5:f0:c2:a8:16:8e:c9:81:6e:c9:ab:63:65:7a:11:\
0c:76:d7:6d\
\
Signature:\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Signature:\
4b:c6:af:da:f9:cb:18:cc:63:c2:8c:3a:0c:73:7e:f1:\
8f:76:3f:30:5f:5b:85:89:df:c2:30:eb:99:13:1b:f0:\
d3:0e:76:2c:81:ae:55:27:2f:82:2e:7e:22:f1:9c:dd:\
a4:7f:97:e1:86:6f:b0:f2:44:7e:58:a0:79:77:34:fb:\
85:9e:19:e8:32:25:1f:83:22:34:51:9e:8f:4d:00:f0:\
83:eb:b5:da:28:59:3f:40:03:67:a9:98:e4:73:0d:5a:\
54:4f:21:71:a9:bd:a5:84:b6:3b:cb:75:c5:b4:c2:46:\
c3:cc:83:55:94:ee:66:e8:63:14:9c:6e:f4:dd:d5:e9:\
53:99:30:97:83:90:35:b1:71:f9:85:f7:6a:d0:b9:8a:\
5c:d9:e5:69:d0:b7:e9:cd:3c:a5:9c:23:9d:b1:3e:60:\
13:9b:a3:9c:83:92:f5:97:e3:a0:0c:12:3f:1b:ef:11:\
d1:1a:c0:b3:e4:f8:48:09:11:75:1f:8b:a2:4a:f3:c7:\
2c:41:ff:08:b0:7a:3d:43:51:e5:68:5c:6f:e0:5b:20:\
ad:5b:c5:02:ff:a0:1d:9e:90:a3:1c:dc:9c:52:3e:4d:\
da:12:c4:65:87:b2:69:d1:be:ed:6b:45:18:fe:7b:3d:\
9f:d1:67:bd:3e:5f:8f:bf:7f:40:31:88:79:9b:37:48\
Fingerprint (MD5):\
49:36:96:10:36:47:d9:12:38:24:a7:b9:84:b7:9f:b6\
Fingerprint (SHA1):\
55:77:b2:15:fa:03:d9:73:75:27:a6:f1:0f:e5:0b:af:\
0a:72:f8:c2\
approved_usage = SSLServer intended_usage = SSLServer\
cert valid True for "CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM"\
handshake complete, peer = 10.103.178.70:443\
received Set-Cookie 'ipa_session=46d12a243823b25a5ce8d6574946559d; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly'\
storing cookie 'ipa_session=46d12a243823b25a5ce8d6574946559d; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly' for principal host/jupyterhub....@eaz.ebayc3.com\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl padd user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com @s\
Process finished, return code=1\
stdout=\
stderr=add_key: Operation not permitted\
\
Forwarding 'env' to server 'https://ipa01-756700.lvs01.eaz.ebayc3.com/ipa/xml'\
NSSConnection init ipa01-756700.lvs01.eaz.ebayc3.com\
Connecting: 10.103.178.70:0\
auth_certificate_callback: check_sig=True is_server=False\
Data:\
Version: 3 (0x2)\
Serial Number: 13 (0xd)\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Issuer: CN=Certificate Authority,O=EAZ.EBAYC3.COM\
Validity:\
Not Before: Mon Dec 07 11:48:52 2015 UTC\
Not After : Thu Dec 07 11:48:52 2017 UTC\
Subject: CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM\
Subject Public Key Info:\
Public Key Algorithm:\
Algorithm: PKCS #1 RSA Encryption\
RSA Public Key:\
Modulus:\
f4:51:2a:4d:75:42:81:49:38:60:28:0a:a5:a2:ee:27:\
a9:dd:38:62:7d:48:0f:39:94:31:97:f9:9d:5b:65:f6:\
45:74:6f:fd:bc:b8:ab:60:c4:88:34:b8:83:c2:dc:7c:\
23:28:db:56:07:3b:6f:95:cd:fa:77:a7:24:79:1e:02:\
85:df:45:4f:36:25:4d:d0:45:44:d3:52:bf:80:3a:d3:\
f2:32:22:ec:95:25:20:ed:ba:88:50:6f:fe:de:61:20:\
a0:6a:af:18:e1:7b:19:b4:91:27:03:43:2a:42:70:be:\
89:3d:74:87:91:9f:21:f6:e6:38:78:79:3b:35:50:6a:\
af:6d:28:f6:e9:ee:0c:99:87:db:35:d8:30:db:83:d7:\
c1:1d:7c:18:c3:be:49:c7:a0:de:46:46:08:4d:87:0d:\
f5:03:28:36:83:cf:c3:85:18:a0:a8:10:25:b1:40:90:\
43:d4:a1:ac:da:30:da:3e:c3:6a:85:23:3b:a9:f6:fd:\
e0:d9:a6:dc:0c:84:72:dd:52:c4:d8:b9:28:f6:09:00:\
83:34:8c:7c:f3:c0:79:13:a8:d2:e9:b5:4c:8d:b1:3c:\
42:38:c6:4b:7c:8b:6c:88:21:1c:0c:d3:b9:01:da:47:\
4d:53:0a:50:22:36:0f:e5:51:d4:ba:9d:54:07:11:4d\
Exponent: 65537 (0x10001)\
Signed Extensions: (6)\
Name: Certificate Authority Key Identifier\
Critical: False\
Key ID:\
c4:7d:7d:62:92:ad:03:3e:d5:46:41:a4:8e:34:45:0d:\
8b:f4:f0:35\
Serial Number: None\
General Names: [0 total]\
\
Name: Authority Information Access\
Critical: False\
\
Name: Certificate Key Usage\
Critical: True\
Usages:\
Digital Signature\
Non-Repudiation\
Key Encipherment\
Data Encipherment\
\
Name: Extended Key Usage\
Critical: False\
Usages:\
TLS Web Server Authentication Certificate\
TLS Web Client Authentication Certificate\
\
Name: CRL Distribution Points\
Critical: False\
CRL Distribution Points: [1 total]\
Point [1]:\
General Names: [1 total]\
http://ipa-ca.lvs01.eaz.ebayc3.com/ipa/crl/MasterCRL.bin\
Issuer: Directory Name: CN=Certificate Authority,O=ipaca\
Reasons: ()\
\
Name: Certificate Subject Key ID\
Critical: False\
Data:\
7e:c5:f0:c2:a8:16:8e:c9:81:6e:c9:ab:63:65:7a:11:\
0c:76:d7:6d\
\
Signature:\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Signature:\
4b:c6:af:da:f9:cb:18:cc:63:c2:8c:3a:0c:73:7e:f1:\
8f:76:3f:30:5f:5b:85:89:df:c2:30:eb:99:13:1b:f0:\
d3:0e:76:2c:81:ae:55:27:2f:82:2e:7e:22:f1:9c:dd:\
a4:7f:97:e1:86:6f:b0:f2:44:7e:58:a0:79:77:34:fb:\
85:9e:19:e8:32:25:1f:83:22:34:51:9e:8f:4d:00:f0:\
83:eb:b5:da:28:59:3f:40:03:67:a9:98:e4:73:0d:5a:\
54:4f:21:71:a9:bd:a5:84:b6:3b:cb:75:c5:b4:c2:46:\
c3:cc:83:55:94:ee:66:e8:63:14:9c:6e:f4:dd:d5:e9:\
53:99:30:97:83:90:35:b1:71:f9:85:f7:6a:d0:b9:8a:\
5c:d9:e5:69:d0:b7:e9:cd:3c:a5:9c:23:9d:b1:3e:60:\
13:9b:a3:9c:83:92:f5:97:e3:a0:0c:12:3f:1b:ef:11:\
d1:1a:c0:b3:e4:f8:48:09:11:75:1f:8b:a2:4a:f3:c7:\
2c:41:ff:08:b0:7a:3d:43:51:e5:68:5c:6f:e0:5b:20:\
ad:5b:c5:02:ff:a0:1d:9e:90:a3:1c:dc:9c:52:3e:4d:\
da:12:c4:65:87:b2:69:d1:be:ed:6b:45:18:fe:7b:3d:\
9f:d1:67:bd:3e:5f:8f:bf:7f:40:31:88:79:9b:37:48\
Fingerprint (MD5):\
49:36:96:10:36:47:d9:12:38:24:a7:b9:84:b7:9f:b6\
Fingerprint (SHA1):\
55:77:b2:15:fa:03:d9:73:75:27:a6:f1:0f:e5:0b:af:\
0a:72:f8:c2\
approved_usage = SSLServer intended_usage = SSLServer\
cert valid True for "CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM"\
handshake complete, peer = 10.103.178.70:443\
received Set-Cookie 'ipa_session=9a857d2188502e696a79253d4b51d4a9; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly'\
storing cookie 'ipa_session=9a857d2188502e696a79253d4b51d4a9; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly' for principal host/jupyterhub....@eaz.ebayc3.com\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl padd user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com @s\
Process finished, return code=1\
stdout=\
stderr=add_key: Operation not permitted\
\
Starting external process\
args=/usr/sbin/service dbus status \
Process finished, return code=1\
stdout=\
stderr=dbus: unrecognized service\
\
Starting external process\
args=/usr/sbin/service dbus start \
Process finished, return code=1\
stdout=\
stderr=dbus: unrecognized service\
\
dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1\
Starting external process\
args=/usr/sbin/service certmonger restart \
Process finished, return code=0\
stdout= * Restarting Certmonger certmonger\
...fail!\
\
stderr=Error connecting to D-Bus.\
\
Starting external process\
args=/usr/sbin/service certmonger status \
Process finished, return code=3\
stdout= * certmonger is not running\
\
stderr=\
Starting external process\
args=/usr/sbin/service certmonger restart \
Process finished, return code=0\
stdout= * Restarting Certmonger certmonger\
...fail!\
\
stderr=Error connecting to D-Bus.\
\
Starting external process\
args=/usr/sbin/service certmonger status \
Process finished, return code=3\
stdout= * certmonger is not running\
\
stderr=\
Starting external process\
args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - jupyterhub.com -N CN=jupyterhub.com,O=EAZ.EBAYC3.COM -K host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=Error connecting to DBus.\
Please verify that the message bus (D-Bus) service is running.\
\
stderr=\
certmonger request for host certificate failed\
Forwarding 'host_mod' to server 'https://ipa01-756700.lvs01.eaz.ebayc3.com/ipa/xml'\
NSSConnection init ipa01-756700.lvs01.eaz.ebayc3.com\
Connecting: 10.103.178.70:0\
auth_certificate_callback: check_sig=True is_server=False\
Data:\
Version: 3 (0x2)\
Serial Number: 13 (0xd)\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Issuer: CN=Certificate Authority,O=EAZ.EBAYC3.COM\
Validity:\
Not Before: Mon Dec 07 11:48:52 2015 UTC\
Not After : Thu Dec 07 11:48:52 2017 UTC\
Subject: CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM\
Subject Public Key Info:\
Public Key Algorithm:\
Algorithm: PKCS #1 RSA Encryption\
RSA Public Key:\
Modulus:\
f4:51:2a:4d:75:42:81:49:38:60:28:0a:a5:a2:ee:27:\
a9:dd:38:62:7d:48:0f:39:94:31:97:f9:9d:5b:65:f6:\
45:74:6f:fd:bc:b8:ab:60:c4:88:34:b8:83:c2:dc:7c:\
23:28:db:56:07:3b:6f:95:cd:fa:77:a7:24:79:1e:02:\
85:df:45:4f:36:25:4d:d0:45:44:d3:52:bf:80:3a:d3:\
f2:32:22:ec:95:25:20:ed:ba:88:50:6f:fe:de:61:20:\
a0:6a:af:18:e1:7b:19:b4:91:27:03:43:2a:42:70:be:\
89:3d:74:87:91:9f:21:f6:e6:38:78:79:3b:35:50:6a:\
af:6d:28:f6:e9:ee:0c:99:87:db:35:d8:30:db:83:d7:\
c1:1d:7c:18:c3:be:49:c7:a0:de:46:46:08:4d:87:0d:\
f5:03:28:36:83:cf:c3:85:18:a0:a8:10:25:b1:40:90:\
43:d4:a1:ac:da:30:da:3e:c3:6a:85:23:3b:a9:f6:fd:\
e0:d9:a6:dc:0c:84:72:dd:52:c4:d8:b9:28:f6:09:00:\
83:34:8c:7c:f3:c0:79:13:a8:d2:e9:b5:4c:8d:b1:3c:\
42:38:c6:4b:7c:8b:6c:88:21:1c:0c:d3:b9:01:da:47:\
4d:53:0a:50:22:36:0f:e5:51:d4:ba:9d:54:07:11:4d\
Exponent: 65537 (0x10001)\
Signed Extensions: (6)\
Name: Certificate Authority Key Identifier\
Critical: False\
Key ID:\
c4:7d:7d:62:92:ad:03:3e:d5:46:41:a4:8e:34:45:0d:\
8b:f4:f0:35\
Serial Number: None\
General Names: [0 total]\
\
Name: Authority Information Access\
Critical: False\
\
Name: Certificate Key Usage\
Critical: True\
Usages:\
Digital Signature\
Non-Repudiation\
Key Encipherment\
Data Encipherment\
\
Name: Extended Key Usage\
Critical: False\
Usages:\
TLS Web Server Authentication Certificate\
TLS Web Client Authentication Certificate\
\
Name: CRL Distribution Points\
Critical: False\
CRL Distribution Points: [1 total]\
Point [1]:\
General Names: [1 total]\
http://ipa-ca.lvs01.eaz.ebayc3.com/ipa/crl/MasterCRL.bin\
Issuer: Directory Name: CN=Certificate Authority,O=ipaca\
Reasons: ()\
\
Name: Certificate Subject Key ID\
Critical: False\
Data:\
7e:c5:f0:c2:a8:16:8e:c9:81:6e:c9:ab:63:65:7a:11:\
0c:76:d7:6d\
\
Signature:\
Signature Algorithm:\
Algorithm: PKCS #1 SHA-256 With RSA Encryption\
Signature:\
4b:c6:af:da:f9:cb:18:cc:63:c2:8c:3a:0c:73:7e:f1:\
8f:76:3f:30:5f:5b:85:89:df:c2:30:eb:99:13:1b:f0:\
d3:0e:76:2c:81:ae:55:27:2f:82:2e:7e:22:f1:9c:dd:\
a4:7f:97:e1:86:6f:b0:f2:44:7e:58:a0:79:77:34:fb:\
85:9e:19:e8:32:25:1f:83:22:34:51:9e:8f:4d:00:f0:\
83:eb:b5:da:28:59:3f:40:03:67:a9:98:e4:73:0d:5a:\
54:4f:21:71:a9:bd:a5:84:b6:3b:cb:75:c5:b4:c2:46:\
c3:cc:83:55:94:ee:66:e8:63:14:9c:6e:f4:dd:d5:e9:\
53:99:30:97:83:90:35:b1:71:f9:85:f7:6a:d0:b9:8a:\
5c:d9:e5:69:d0:b7:e9:cd:3c:a5:9c:23:9d:b1:3e:60:\
13:9b:a3:9c:83:92:f5:97:e3:a0:0c:12:3f:1b:ef:11:\
d1:1a:c0:b3:e4:f8:48:09:11:75:1f:8b:a2:4a:f3:c7:\
2c:41:ff:08:b0:7a:3d:43:51:e5:68:5c:6f:e0:5b:20:\
ad:5b:c5:02:ff:a0:1d:9e:90:a3:1c:dc:9c:52:3e:4d:\
da:12:c4:65:87:b2:69:d1:be:ed:6b:45:18:fe:7b:3d:\
9f:d1:67:bd:3e:5f:8f:bf:7f:40:31:88:79:9b:37:48\
Fingerprint (MD5):\
49:36:96:10:36:47:d9:12:38:24:a7:b9:84:b7:9f:b6\
Fingerprint (SHA1):\
55:77:b2:15:fa:03:d9:73:75:27:a6:f1:0f:e5:0b:af:\
0a:72:f8:c2\
approved_usage = SSLServer intended_usage = SSLServer\
cert valid True for "CN=ipa01-756700.lvs01.eaz.ebayc3.com,O=EAZ.EBAYC3.COM"\
handshake complete, peer = 10.103.178.70:443\
received Set-Cookie 'ipa_session=b8a0d9d7906d94aa16fcca4a9f6be276; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly'\
storing cookie 'ipa_session=b8a0d9d7906d94aa16fcca4a9f6be276; Domain=ipa01-756700.lvs01.eaz.ebayc3.com; Path=/ipa; Expires=Tue, 03 May 2016 21:44:01 GMT; Secure; HttpOnly' for principal host/jupyterhub....@eaz.ebayc3.com\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl search @s user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com\
Process finished, return code=1\
stdout=\
stderr=keyctl_search: Operation not permitted\
\
Starting external process\
args=keyctl padd user ipa_session_cookie:host/jupyterhub....@eaz.ebayc3.com @s\
Process finished, return code=1\
stdout=\
stderr=add_key: Operation not permitted\
\
Caught fault 4202 from server https://ipa01-756700.lvs01.eaz.ebayc3.com/ipa/xml: no modifications to be performed\
Starting external process\
args=/usr/sbin/service nscd status\
Process finished, return code=0\
stdout= * Status of Name Service Cache Daemon service: \
* running.\
\
stderr=\
Starting external process\
args=/usr/sbin/service nscd stop \
Process finished, return code=0\
stdout= * Stopping Name Service Cache Daemon nscd\
...done.\
\
stderr=\
Failed to stop the nscd daemon\
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'\
Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'\
Starting external process\
args=/usr/sbin/pam-auth-update --force --package\
Process finished, return code=0\
stdout=\
stderr=debconf: unable to initialize frontend: Dialog\
debconf: (TERM is not set, so the dialog frontend is not usable.)\
debconf: falling back to frontend: Readline\
\
SSSD enabled\
Starting external process\
args=/usr/sbin/service sssd restart \
Process finished, return code=1\
stdout=\
stderr=sssd: unrecognized service\
\
SSSD service restart was unsuccessful.\
Backing up system configuration file '/etc/ldap/ldap.conf'\
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'\
Configured /etc/openldap/ldap.conf\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Starting external process\
args=getent passwd ad...@lvs01.eaz.ebayc3.com\
Process finished, return code=2\
stdout=\
stderr=\
Unable to find 'admin' user with 'getent passwd ad...@lvs01.eaz.ebayc3.com'!\
Recognized configuration: SSSD\
Changed configuration of /etc/ldap.conf to use hardcoded server name: ipa01-756700.lvs01.eaz.ebayc3.com\
Backing up system configuration file '/etc/ssh/ssh_config'\
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'\
Configured /etc/ssh/ssh_config\
/etc/ssh/sshd_config not found, skipping configuration\
Client configuration complete.\
}
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project