date:20190818

[Freeipa-users] Re: Could not chdir to home directory: Permission denied

2019-08-18 Thread Selman Keskin via FreeIPA-users


Any idea?

Sent from Mail for Windows 10

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: LDAP error while installing IPA client

2019-08-18 Thread Rob Crittenden via FreeIPA-users

Elhamsadat Azarian via FreeIPA-users wrote:
> Hi
> 
> i installed ipa server but when i try to install ipa-client, this error was 
> showed:
> Error checking LDAP: Operation error: 04DC: LdapErr: DSID-0C0907c2, 
> comment: In order to perform this operation a successful bind must be 
> completed on the connection.
> 
> it shows FQDN of my windows DNS Server instead of IPA server FQDN. and 
> produced an error that is attached.

Without knowing anything about your domain setup my guess is that you
used the same domain/realm for your IPA installation as for your AD
installation. You cannot do this. See the windows integration documentation.

The client is finding the advertised services via DNS and it looks like
it is talking to an AD server.

rob

> 
> Additional info:
> i have a windows DNS server.
> 
> Log file of ipaclient_intsall.log
> 2019-08-18T10:00:08Z DEBUG Logging to /var/log/ipaclient-install.log
> 2019-08-18T10:00:08Z DEBUG ipa-client-install was invoked with arguments [] 
> and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 
> 'ip_addresses': None, 'configure_firefox': False, 'realm_name': None, 
> 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 
> 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 
> 'domain_name': None, 'request_cert': False, 'fixed_primary': False, 'no_ac': 
> False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 
> 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 
> 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 
> 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 
> 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': 
> False, 'host_name': None, 'permit': False, 'automount_location': None, 
> 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': 
> False}
> 2019-08-18T10:00:08Z DEBUG IPA version 4.6.4-10.el7.centos.3
> 2019-08-18T10:00:08Z DEBUG Loading Index file from 
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2019-08-18T10:00:08Z DEBUG Starting external process
> 2019-08-18T10:00:08Z DEBUG args=/usr/sbin/selinuxenabled
> 2019-08-18T10:00:08Z DEBUG Process finished, return code=0
> 2019-08-18T10:00:08Z DEBUG stdout=
> 2019-08-18T10:00:08Z DEBUG stderr=
> 2019-08-18T10:00:08Z DEBUG Starting external process
> 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-enabled chronyd.service
> 2019-08-18T10:00:08Z DEBUG Process finished, return code=1
> 2019-08-18T10:00:08Z DEBUG stdout=disabled
> 
> 2019-08-18T10:00:08Z DEBUG stderr=
> 2019-08-18T10:00:08Z DEBUG Starting external process
> 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-active chronyd.service
> 2019-08-18T10:00:08Z DEBUG Process finished, return code=3
> 2019-08-18T10:00:08Z DEBUG stdout=inactive
> 
> 2019-08-18T10:00:08Z DEBUG stderr=
> 2019-08-18T10:00:08Z DEBUG [IPA Discovery]
> 2019-08-18T10:00:08Z DEBUG Starting IPA discovery with domain=None, 
> servers=None, hostname=ipacli-irvlt01.shs.dc
> 2019-08-18T10:00:08Z DEBUG Start searching for LDAP SRV record in "shs.dc" 
> (domain of the hostname) and its sub-domains
> 2019-08-18T10:00:08Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc
> 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc.
> 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc.
> 2019-08-18T10:00:10Z DEBUG [Kerberos realm search]
> 2019-08-18T10:00:10Z DEBUG Search DNS for TXT record of _kerberos.shs.dc
> 2019-08-18T10:00:10Z DEBUG DNS record not found: NXDOMAIN
> 2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _kerberos._udp.shs.dc
> 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp01.shs.dc.
> 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp02.shs.dc.
> 2019-08-18T10:00:10Z DEBUG [LDAP server check]
> 2019-08-18T10:00:10Z DEBUG Verifying that dc-irvwp02.shs.dc (realm None) is 
> an IPA server
> 2019-08-18T10:00:10Z DEBUG Init LDAP connection to: 
> ldap://dc-irvwp02.shs.dc:389
> 2019-08-18T10:00:10Z DEBUG Search LDAP server for IPA base DN
> 2019-08-18T10:00:10Z DEBUG Check if naming context 'DC=SHS,DC=DC' is for IPA
> 2019-08-18T10:00:10Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': 
> '04DC: LdapErr: DSID-0C0907C2, comment: In order to perform this 
> operation a successful bind must be completed on the connection., data 0, 
> v2580', 'desc': 'Operations error'}
> 2019-08-18T10:00:10Z ERROR Error checking LDAP: Operations error: 04DC: 
> LdapErr: DSID-0C0907C2, comment: In order to perform this operation a 
> successful bind must be completed on the connection., data 0, v2580
> 2019-08-18T10:00:10Z DEBUG Cannot connect to LDAP server. Check that minssf 
> is not enabled
> 2019-08-18T10:00:10Z DEBUG Assuming realm is the same as domain: SHS.DC
> 2019-08-18T10:00:10Z DEBUG Generated basedn from realm: dc=shs,dc=dc
> 2019-08-18T10:00:10Z DEBUG Discovery result: NO_TLS_LDAP; server=Non

[Freeipa-users] LDAP error while installing IPA client

2019-08-18 Thread Elhamsadat Azarian via FreeIPA-users

Hi

i installed ipa server but when i try to install ipa-client, this error was 
showed:
Error checking LDAP: Operation error: 04DC: LdapErr: DSID-0C0907c2, 
comment: In order to perform this operation a successful bind must be completed 
on the connection.

it shows FQDN of my windows DNS Server instead of IPA server FQDN. and produced 
an error that is attached.

Additional info:
i have a windows DNS server.

Log file of ipaclient_intsall.log
2019-08-18T10:00:08Z DEBUG Logging to /var/log/ipaclient-install.log
2019-08-18T10:00:08Z DEBUG ipa-client-install was invoked with arguments [] and 
options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 
'ip_addresses': None, 'configure_firefox': False, 'realm_name': None, 
'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 
'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 
'domain_name': None, 'request_cert': False, 'fixed_primary': False, 'no_ac': 
False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 
'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 
'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 
'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 
'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': 
False, 'host_name': None, 'permit': False, 'automount_location': None, 
'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False}
2019-08-18T10:00:08Z DEBUG IPA version 4.6.4-10.el7.centos.3
2019-08-18T10:00:08Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/usr/sbin/selinuxenabled
2019-08-18T10:00:08Z DEBUG Process finished, return code=0
2019-08-18T10:00:08Z DEBUG stdout=
2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-08-18T10:00:08Z DEBUG Process finished, return code=1
2019-08-18T10:00:08Z DEBUG stdout=disabled

2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-active chronyd.service
2019-08-18T10:00:08Z DEBUG Process finished, return code=3
2019-08-18T10:00:08Z DEBUG stdout=inactive

2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG [IPA Discovery]
2019-08-18T10:00:08Z DEBUG Starting IPA discovery with domain=None, 
servers=None, hostname=ipacli-irvlt01.shs.dc
2019-08-18T10:00:08Z DEBUG Start searching for LDAP SRV record in "shs.dc" 
(domain of the hostname) and its sub-domains
2019-08-18T10:00:08Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG [Kerberos realm search]
2019-08-18T10:00:10Z DEBUG Search DNS for TXT record of _kerberos.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record not found: NXDOMAIN
2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _kerberos._udp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp02.shs.dc.
2019-08-18T10:00:10Z DEBUG [LDAP server check]
2019-08-18T10:00:10Z DEBUG Verifying that dc-irvwp02.shs.dc (realm None) is an 
IPA server
2019-08-18T10:00:10Z DEBUG Init LDAP connection to: ldap://dc-irvwp02.shs.dc:389
2019-08-18T10:00:10Z DEBUG Search LDAP server for IPA base DN
2019-08-18T10:00:10Z DEBUG Check if naming context 'DC=SHS,DC=DC' is for IPA
2019-08-18T10:00:10Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': 
'04DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation 
a successful bind must be completed on the connection., data 0, v2580', 'desc': 
'Operations error'}
2019-08-18T10:00:10Z ERROR Error checking LDAP: Operations error: 04DC: 
LdapErr: DSID-0C0907C2, comment: In order to perform this operation a 
successful bind must be completed on the connection., data 0, v2580
2019-08-18T10:00:10Z DEBUG Cannot connect to LDAP server. Check that minssf is 
not enabled
2019-08-18T10:00:10Z DEBUG Assuming realm is the same as domain: SHS.DC
2019-08-18T10:00:10Z DEBUG Generated basedn from realm: dc=shs,dc=dc
2019-08-18T10:00:10Z DEBUG Discovery result: NO_TLS_LDAP; server=None, 
domain=shs.dc, kdc=dc-irvwp01.shs.dc,dc-irvwp02.shs.dc, basedn=dc=shs,dc=dc
2019-08-18T10:00:10Z DEBUG Validated servers: dc-irvwp02.shs.dc
2019-08-18T10:00:10Z DEBUG will use discovered domain: shs.dc
2019-08-18T10:00:10Z DEBUG Start searching for LDAP SRV record in "shs.dc" 
(Validating DNS Discovery) and its sub-domains
2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irv

[Freeipa-users] Re: Could not chdir to home directory: Permission denied

[Freeipa-users] Re: LDAP error while installing IPA client

[Freeipa-users] LDAP error while installing IPA client

3 matches

Site Navigation

Mail list logo

Footer information