[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
I can update this with the fact that an install with 4.5.4-0.fc26 goes well on F26! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
Does this still exists ? I have the same on a 4.6.1 install, ipa-certupdate seems to fail. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
I've attached httpd/error_log-20170922.gz I did not look at that file before, so I can't say that it's changed. I've also attached the ipaclient-install.log.gz On 09/25/17 08:56, Rob Crittenden wrote: > John R. Shannon wrote: >> I upgraded to 4.6.1 today. The same problem persists. > > You get the same error in /var/log/httpd/error_log? > > gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS > failure. Minor code may provide more information ( SPNEGO cannot find > mechanisms to negotiate)] > > rob > >> >> On 09/15/17 13:17, John R. Shannon wrote: >>> Attached >>> >>> On 09/15/17 12:58, Alexander Bokovoy wrote: On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: > John R. Shannon via FreeIPA-users wrote: >> Attached > > It is failing with "KerberosError: No valid Negotiate header in server > response" > > What package version of freeipa-server do you have? > > This seems like https://pagure.io/freeipa/issue/6773 which was fixed in > 4.5.1 According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. John, can we see /var/log/httpd/error_log? > > rob >> >> On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: >>> John R. Shannon via FreeIPA-users wrote: Attached in gzip'd form >>> >>> We need /var/log/ipaclient-install.log >>> >>> rob >>> On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: > John R. Shannon via FreeIPA-users wrote: >> Running ipa-server-install I get: >> >> Configuring client side components >> Using existing certificate '/etc/ipa/ca.crt'. >> Client hostname: auth.test.internal.johnrshannon.com >> Realm: TEST.INTERNAL.JOHNRSHANNON.COM >> DNS Domain: test.internal.johnrshannon.com >> IPA Server: auth.test.internal.johnrshannon.com >> BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com >> >> Skipping synchronizing time with NTP server. >> New SSSD config will be created >> Configured sudoers in /etc/nsswitch.conf >> Configured /etc/sssd/sssd.conf >> trying https://auth.test.internal.johnrshannon.com/ipa/json >> [try 1]: Forwarding 'schema' to json server >> 'https://auth.test.internal.johnrshannon.com/ipa/json' >> No valid Negotiate header in server response >> The ipa-client-install command failed. See >> /var/log/ipaclient-install.log for more information >> ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): >> ERROR >> >>Configuration of client side components failed! >> >> The system is a fresh, up to date, Fedora 26: >> >> 4.12.12-300.fc26.x86_64 >> >> configured to include the FREE-IPA repository. FREE-IPA was >> installed >> yesterday with: >> >> dnf install freeipa-* >> >> and running ipa-server-install. I'm not sure how to proceed. I >> want to >> use pkinit. >> >> The log file shows that an exception was raised during the >> execution of: >> >> 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install >> --on-master >> --unattended --domain test.internal.johnrshannon.com --server >> auth.test.internal.johnrshannon.com --realm >> TEST.INTERNAL.JOHNRSHANNON.COM --hostname >> auth.test.internal.johnrshannon.com >> >> > > We need to see /var/log/ipaclient-install.log (gzip if its huge). > > rob > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> >> >> >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org >>> >> > -- John R. Shannon j...@johnrshannon.com (208)522-4506
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
John R. Shannon wrote: > I upgraded to 4.6.1 today. The same problem persists. You get the same error in /var/log/httpd/error_log? gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS failure. Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)] rob > > On 09/15/17 13:17, John R. Shannon wrote: >> Attached >> >> On 09/15/17 12:58, Alexander Bokovoy wrote: >>> On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: > Attached It is failing with "KerberosError: No valid Negotiate header in server response" What package version of freeipa-server do you have? This seems like https://pagure.io/freeipa/issue/6773 which was fixed in 4.5.1 >>> According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. >>> >>> John, can we see /var/log/httpd/error_log? >>> rob > > On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: >> John R. Shannon via FreeIPA-users wrote: >>> Attached in gzip'd form >> >> We need /var/log/ipaclient-install.log >> >> rob >> >>> >>> On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: > Running ipa-server-install I get: > > Configuring client side components > Using existing certificate '/etc/ipa/ca.crt'. > Client hostname: auth.test.internal.johnrshannon.com > Realm: TEST.INTERNAL.JOHNRSHANNON.COM > DNS Domain: test.internal.johnrshannon.com > IPA Server: auth.test.internal.johnrshannon.com > BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com > > Skipping synchronizing time with NTP server. > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > trying https://auth.test.internal.johnrshannon.com/ipa/json > [try 1]: Forwarding 'schema' to json server > 'https://auth.test.internal.johnrshannon.com/ipa/json' > No valid Negotiate header in server response > The ipa-client-install command failed. See > /var/log/ipaclient-install.log for more information > ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): > ERROR > >Configuration of client side components failed! > > The system is a fresh, up to date, Fedora 26: > > 4.12.12-300.fc26.x86_64 > > configured to include the FREE-IPA repository. FREE-IPA was > installed > yesterday with: > > dnf install freeipa-* > > and running ipa-server-install. I'm not sure how to proceed. I > want to > use pkinit. > > The log file shows that an exception was raised during the > execution of: > > 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install > --on-master > --unattended --domain test.internal.johnrshannon.com --server > auth.test.internal.johnrshannon.com --realm > TEST.INTERNAL.JOHNRSHANNON.COM --hostname > auth.test.internal.johnrshannon.com > > We need to see /var/log/ipaclient-install.log (gzip if its huge). rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >>> >>> >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >> > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
On pe, 22 syys 2017, John R. Shannon via FreeIPA-users wrote: I upgraded to 4.6.1 today. The same problem persists. 1. Can you show /etc/pki/ca-trust/source/ipa.p11-kit? 2. Can you show /var/log/ipaupgrade.log? On 09/15/17 13:17, John R. Shannon wrote: Attached On 09/15/17 12:58, Alexander Bokovoy wrote: On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Attached It is failing with "KerberosError: No valid Negotiate header in server response" What package version of freeipa-server do you have? This seems like https://pagure.io/freeipa/issue/6773 which was fixed in 4.5.1 According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. John, can we see /var/log/httpd/error_log? rob On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Attached in gzip'd form We need /var/log/ipaclient-install.log rob On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Running ipa-server-install I get: Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: auth.test.internal.johnrshannon.com Realm: TEST.INTERNAL.JOHNRSHANNON.COM DNS Domain: test.internal.johnrshannon.com IPA Server: auth.test.internal.johnrshannon.com BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://auth.test.internal.johnrshannon.com/ipa/json [try 1]: Forwarding 'schema' to json server 'https://auth.test.internal.johnrshannon.com/ipa/json' No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR Configuration of client side components failed! The system is a fresh, up to date, Fedora 26: 4.12.12-300.fc26.x86_64 configured to include the FREE-IPA repository. FREE-IPA was installed yesterday with: dnf install freeipa-* and running ipa-server-install. I'm not sure how to proceed. I want to use pkinit. The log file shows that an exception was raised during the execution of: 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain test.internal.johnrshannon.com --server auth.test.internal.johnrshannon.com --realm TEST.INTERNAL.JOHNRSHANNON.COM --hostname auth.test.internal.johnrshannon.com We need to see /var/log/ipaclient-install.log (gzip if its huge). rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- John R. Shannon j...@johnrshannon.com (208)522-4506 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
I upgraded to 4.6.1 today. The same problem persists. On 09/15/17 13:17, John R. Shannon wrote: > Attached > > On 09/15/17 12:58, Alexander Bokovoy wrote: >> On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: >>> John R. Shannon via FreeIPA-users wrote: Attached >>> >>> It is failing with "KerberosError: No valid Negotiate header in server >>> response" >>> >>> What package version of freeipa-server do you have? >>> >>> This seems like https://pagure.io/freeipa/issue/6773 which was fixed in >>> 4.5.1 >> According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. >> >> John, can we see /var/log/httpd/error_log? >> >>> >>> rob On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: > John R. Shannon via FreeIPA-users wrote: >> Attached in gzip'd form > > We need /var/log/ipaclient-install.log > > rob > >> >> On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: >>> John R. Shannon via FreeIPA-users wrote: Running ipa-server-install I get: Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: auth.test.internal.johnrshannon.com Realm: TEST.INTERNAL.JOHNRSHANNON.COM DNS Domain: test.internal.johnrshannon.com IPA Server: auth.test.internal.johnrshannon.com BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://auth.test.internal.johnrshannon.com/ipa/json [try 1]: Forwarding 'schema' to json server 'https://auth.test.internal.johnrshannon.com/ipa/json' No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR Configuration of client side components failed! The system is a fresh, up to date, Fedora 26: 4.12.12-300.fc26.x86_64 configured to include the FREE-IPA repository. FREE-IPA was installed yesterday with: dnf install freeipa-* and running ipa-server-install. I'm not sure how to proceed. I want to use pkinit. The log file shows that an exception was raised during the execution of: 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain test.internal.johnrshannon.com --server auth.test.internal.johnrshannon.com --realm TEST.INTERNAL.JOHNRSHANNON.COM --hostname auth.test.internal.johnrshannon.com >>> >>> We need to see /var/log/ipaclient-install.log (gzip if its huge). >>> >>> rob >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> >> >> >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >> > -- John R. Shannon j...@johnrshannon.com (208)522-4506 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
Attached On 09/15/17 12:58, Alexander Bokovoy wrote: > On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: >> John R. Shannon via FreeIPA-users wrote: >>> Attached >> >> It is failing with "KerberosError: No valid Negotiate header in server >> response" >> >> What package version of freeipa-server do you have? >> >> This seems like https://pagure.io/freeipa/issue/6773 which was fixed in >> 4.5.1 > According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. > > John, can we see /var/log/httpd/error_log? > >> >> rob >>> >>> On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: > Attached in gzip'd form We need /var/log/ipaclient-install.log rob > > On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: >> John R. Shannon via FreeIPA-users wrote: >>> Running ipa-server-install I get: >>> >>> Configuring client side components >>> Using existing certificate '/etc/ipa/ca.crt'. >>> Client hostname: auth.test.internal.johnrshannon.com >>> Realm: TEST.INTERNAL.JOHNRSHANNON.COM >>> DNS Domain: test.internal.johnrshannon.com >>> IPA Server: auth.test.internal.johnrshannon.com >>> BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com >>> >>> Skipping synchronizing time with NTP server. >>> New SSSD config will be created >>> Configured sudoers in /etc/nsswitch.conf >>> Configured /etc/sssd/sssd.conf >>> trying https://auth.test.internal.johnrshannon.com/ipa/json >>> [try 1]: Forwarding 'schema' to json server >>> 'https://auth.test.internal.johnrshannon.com/ipa/json' >>> No valid Negotiate header in server response >>> The ipa-client-install command failed. See >>> /var/log/ipaclient-install.log for more information >>> ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR >>> >>> Configuration of client side components failed! >>> >>> The system is a fresh, up to date, Fedora 26: >>> >>> 4.12.12-300.fc26.x86_64 >>> >>> configured to include the FREE-IPA repository. FREE-IPA was >>> installed >>> yesterday with: >>> >>> dnf install freeipa-* >>> >>> and running ipa-server-install. I'm not sure how to proceed. I >>> want to >>> use pkinit. >>> >>> The log file shows that an exception was raised during the >>> execution of: >>> >>> 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install >>> --on-master >>> --unattended --domain test.internal.johnrshannon.com --server >>> auth.test.internal.johnrshannon.com --realm >>> TEST.INTERNAL.JOHNRSHANNON.COM --hostname >>> auth.test.internal.johnrshannon.com >>> >>> >> >> We need to see /var/log/ipaclient-install.log (gzip if its huge). >> >> rob >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >>> >>> >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org > -- John R. Shannon j...@johnrshannon.com (208)522-4506 [Fri Sep 15 15:05:56.983931 2017] [lbmethod_heartbeat:notice] [pid 4879] AH02282: No slotmem from mod_heartmonitor [Fri Sep 15 15:05:56.984010 2017] [http2:warn] [pid 4879] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive. [Fri Sep 15 15:05:56.984059 2017] [:warn] [pid 4879] NSSSessionCacheTimeout is deprecated. Ignoring. [Fri Sep 15 15:05:56.996333 2017] [mpm_prefork:notice] [pid 4879] AH00163: Apache/2.4.27 (Fedora) mod_auth_gssapi/1.5.0 mod_nss/1.0.14 NSS/3.29.1 mod_wsgi/4.5.15 Python/2.7 configured -- resuming normal operations [Fri Sep 15 15:05:56.996391 2017] [core:notice] [pid 4879] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Fri Sep 15 15:06:01.641362
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
On pe, 15 syys 2017, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Attached It is failing with "KerberosError: No valid Negotiate header in server response" What package version of freeipa-server do you have? This seems like https://pagure.io/freeipa/issue/6773 which was fixed in 4.5.1 According to ipaserver-install.log, it is IPA version 4.5.3-1.fc26. John, can we see /var/log/httpd/error_log? rob On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Attached in gzip'd form We need /var/log/ipaclient-install.log rob On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: John R. Shannon via FreeIPA-users wrote: Running ipa-server-install I get: Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: auth.test.internal.johnrshannon.com Realm: TEST.INTERNAL.JOHNRSHANNON.COM DNS Domain: test.internal.johnrshannon.com IPA Server: auth.test.internal.johnrshannon.com BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://auth.test.internal.johnrshannon.com/ipa/json [try 1]: Forwarding 'schema' to json server 'https://auth.test.internal.johnrshannon.com/ipa/json' No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR Configuration of client side components failed! The system is a fresh, up to date, Fedora 26: 4.12.12-300.fc26.x86_64 configured to include the FREE-IPA repository. FREE-IPA was installed yesterday with: dnf install freeipa-* and running ipa-server-install. I'm not sure how to proceed. I want to use pkinit. The log file shows that an exception was raised during the execution of: 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain test.internal.johnrshannon.com --server auth.test.internal.johnrshannon.com --realm TEST.INTERNAL.JOHNRSHANNON.COM --hostname auth.test.internal.johnrshannon.com We need to see /var/log/ipaclient-install.log (gzip if its huge). rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
freeipa-server-4.5.3-1.fc26.x86_64 On 09/15/17 12:49, Rob Crittenden wrote: > John R. Shannon via FreeIPA-users wrote: >> Attached > > It is failing with "KerberosError: No valid Negotiate header in server > response" > > What package version of freeipa-server do you have? > > This seems like https://pagure.io/freeipa/issue/6773 which was fixed in > 4.5.1 > > rob >> >> On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: >>> John R. Shannon via FreeIPA-users wrote: Attached in gzip'd form >>> >>> We need /var/log/ipaclient-install.log >>> >>> rob >>> On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: > John R. Shannon via FreeIPA-users wrote: >> Running ipa-server-install I get: >> >> Configuring client side components >> Using existing certificate '/etc/ipa/ca.crt'. >> Client hostname: auth.test.internal.johnrshannon.com >> Realm: TEST.INTERNAL.JOHNRSHANNON.COM >> DNS Domain: test.internal.johnrshannon.com >> IPA Server: auth.test.internal.johnrshannon.com >> BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com >> >> Skipping synchronizing time with NTP server. >> New SSSD config will be created >> Configured sudoers in /etc/nsswitch.conf >> Configured /etc/sssd/sssd.conf >> trying https://auth.test.internal.johnrshannon.com/ipa/json >> [try 1]: Forwarding 'schema' to json server >> 'https://auth.test.internal.johnrshannon.com/ipa/json' >> No valid Negotiate header in server response >> The ipa-client-install command failed. See >> /var/log/ipaclient-install.log for more information >> ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR >>Configuration of client side components failed! >> >> The system is a fresh, up to date, Fedora 26: >> >> 4.12.12-300.fc26.x86_64 >> >> configured to include the FREE-IPA repository. FREE-IPA was installed >> yesterday with: >> >> dnf install freeipa-* >> >> and running ipa-server-install. I'm not sure how to proceed. I want to >> use pkinit. >> >> The log file shows that an exception was raised during the execution of: >> >> 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master >> --unattended --domain test.internal.johnrshannon.com --server >> auth.test.internal.johnrshannon.com --realm >> TEST.INTERNAL.JOHNRSHANNON.COM --hostname >> auth.test.internal.johnrshannon.com >> >> > > We need to see /var/log/ipaclient-install.log (gzip if its huge). > > rob > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >> >> >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> > -- John R. Shannon j...@johnrshannon.com (208)522-4506 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [+] Re: ipa-server-install fails on fresh install
Attached On 09/15/17 11:54, Rob Crittenden via FreeIPA-users wrote: > John R. Shannon via FreeIPA-users wrote: >> Attached in gzip'd form > > We need /var/log/ipaclient-install.log > > rob > >> >> On 09/15/17 11:39, Rob Crittenden via FreeIPA-users wrote: >>> John R. Shannon via FreeIPA-users wrote: Running ipa-server-install I get: Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: auth.test.internal.johnrshannon.com Realm: TEST.INTERNAL.JOHNRSHANNON.COM DNS Domain: test.internal.johnrshannon.com IPA Server: auth.test.internal.johnrshannon.com BaseDN: dc=test,dc=internal,dc=johnrshannon,dc=com Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://auth.test.internal.johnrshannon.com/ipa/json [try 1]: Forwarding 'schema' to json server 'https://auth.test.internal.johnrshannon.com/ipa/json' No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR Configuration of client side components failed! The system is a fresh, up to date, Fedora 26: 4.12.12-300.fc26.x86_64 configured to include the FREE-IPA repository. FREE-IPA was installed yesterday with: dnf install freeipa-* and running ipa-server-install. I'm not sure how to proceed. I want to use pkinit. The log file shows that an exception was raised during the execution of: 2017-09-15T14:52:27Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain test.internal.johnrshannon.com --server auth.test.internal.johnrshannon.com --realm TEST.INTERNAL.JOHNRSHANNON.COM --hostname auth.test.internal.johnrshannon.com >>> >>> We need to see /var/log/ipaclient-install.log (gzip if its huge). >>> >>> rob >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >> >> >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > -- John R. Shannon j...@johnrshannon.com ipaclient-install.log.gz Description: application/gzip ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org