Re: [Freeipa-users] join error [solved]
On 16/02/15 15:51, Rob Crittenden wrote: Dmitri Pal wrote: On 02/16/2015 08:19 AM, mohammad sereshki wrote: dear I use the admin user, at the same time I added another server with this permission. Then the problem is probably with this client. Is everything fine with its host name and DNS lookups? I don't think this has anything to do with DNS, the hostname or enrollment privileges. As Martin pointed out, it's odd that Basic auth is being used in this case. The empty value isn't so surprising since with negotiate auth in curl we purposely set it to ":". I think we need to see the full ipaclient-install.log. rob For record: Mohammad had his own compiled curl, which doesn't work with IPA. It works with the original one. Martin^2 *From:* Martin Basti *To:* mohammad sereshki ; "freeipa-users@redhat.com" *Sent:* Monday, February 16, 2015 2:35 PM *Subject:* Re: [Freeipa-users] join error On 16/02/15 11:02, mohammad sereshki wrote: * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
Dmitri Pal wrote: > On 02/16/2015 08:19 AM, mohammad sereshki wrote: >> dear >> I use the admin user, at the same time I added another server with >> this permission. > > > Then the problem is probably with this client. > Is everything fine with its host name and DNS lookups? I don't think this has anything to do with DNS, the hostname or enrollment privileges. As Martin pointed out, it's odd that Basic auth is being used in this case. The empty value isn't so surprising since with negotiate auth in curl we purposely set it to ":". I think we need to see the full ipaclient-install.log. rob > >> >> >> *From:* Martin Basti >> *To:* mohammad sereshki ; >> "freeipa-users@redhat.com" >> *Sent:* Monday, February 16, 2015 2:35 PM >> *Subject:* Re: [Freeipa-users] join error >> >> On 16/02/15 11:02, mohammad sereshki wrote: >> >> >> >> > * Server auth using Basic with user '' >> >> Hello, It looks like anonymous user. >> >> Which version of IPA do you use? Did you specified right user with >> ability to enroll client? >> >> Martin^2 >> >> >> >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
On 02/16/2015 08:19 AM, mohammad sereshki wrote: dear I use the admin user, at the same time I added another server with this permission. Then the problem is probably with this client. Is everything fine with its host name and DNS lookups? *From:* Martin Basti *To:* mohammad sereshki ; "freeipa-users@redhat.com" *Sent:* Monday, February 16, 2015 2:35 PM *Subject:* Re: [Freeipa-users] join error On 16/02/15 11:02, mohammad sereshki wrote: > * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
dear I use the admin user, at the same time I added another server with this permission. From: Martin Basti To: mohammad sereshki ; "freeipa-users@redhat.com" Sent: Monday, February 16, 2015 2:35 PM Subject: Re: [Freeipa-users] join error On 16/02/15 11:02, mohammad sereshki wrote: > * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
On 02/16/2015 07:51 AM, mohammad sereshki wrote: dear I use ipa-client-3.0.0-42 and I added with ipa-client-install so it asks to enter admin user and password. Did you change admin user privileges inside IPA? Are you using admin user from IPA or some other local admin account? *From:* Martin Basti *To:* mohammad sereshki ; "freeipa-users@redhat.com" *Sent:* Monday, February 16, 2015 2:35 PM *Subject:* Re: [Freeipa-users] join error On 16/02/15 11:02, mohammad sereshki wrote: > * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
dear I use ipa-client-3.0.0-42 and I added with ipa-client-install so it asks to enter admin user and password. From: Martin Basti To: mohammad sereshki ; "freeipa-users@redhat.com" Sent: Monday, February 16, 2015 2:35 PM Subject: Re: [Freeipa-users] join error On 16/02/15 11:02, mohammad sereshki wrote: > * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] join error
On 16/02/15 11:02, mohammad sereshki wrote: * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] join error
hi when I want to add a host to IPA I get below error, My server is centOS, is there anyone to help me? HTTP response code is 401, not 200 stderr= trying to retrieve CA cert via LDAP from ldap://linux126.example.com Existing CA cert and Retrieved CA cert are identical args=/usr/sbin/ipa-join -s linux126.example.com -b dc=mtnirancell,dc=ir -d -h temsdp-smsc1.example.com stdout= stderr=XML-RPC CALL: \r\n \r\n join\r\n \r\n \r\n temsdp-smsc1.example.com\r\n \r\n \r\n nsosversion\r\n 2.6.32-358.el6.x86_64\r\n nshardwareplatform\r\n x86_64\r\n \r\n \r\n \r\n * About to connect() to linux126.example.com port 443 (#0) * Trying 192.168.65.187... * Connected to linux126.example.com (192.168.65.187) port 443 (#0) * Connected to linux126.example.com (192.168.65.187) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using AES256-SHA * Server certificate: * subject: O=example.com; CN=linux126.example.com * start date: 2014-12-10 12:38:10 GMT * expire date: 2016-12-10 12:38:10 GMT * common name: linux126.example.com (matched) * issuer: O=example.com; CN=Certificate Authority * SSL certificate verify ok. * Server auth using Basic with user '' > POST /ipa/xml HTTP/1.1 Authorization: Basic Ojo= Host: linux126.example.com > Accept: */* Content-Type: text/xml User-Agent: ipa-join/3.0.0 Referer: > https://linux126.example.com/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.16.24 > Curl/1.1.1 Content-Length: 483 * upload completely sent off: 483 out of 483 > bytes < HTTP/1.1 401 Authorization Required < Date: Sun, 15 Feb 2015 12:54:54 GMT < Server: Apache/2.2.15< Last-Modified: Wed, 30 Jan 2013 15:34:41 GMT < ETag: "e24d7-55a-4d4833fadc640" < Accept-Ranges: bytes < Content-Length: 1370 < Connection: close < Content-Type: text/html; charset=UTF-8 < * Closing connection #0 HTTP response code is 401, not 200 Joining realm failed: XML-RPC CALL: \r\n \r\n join\r\n \r\n \r\n temsdp-smsc1.example.com\r\n \r\n \r\n nsosversion\r\n 2.6.32-358.el6.x86_64\r\n nshardwareplatform\r\n x86_64\r\n \r\n \r\n \r\n * About to connect() to linux126.example.com port 443 (#0) * Trying 192.168.65.187... * Connected to linux126.example.com (192.168.65.187) port 443 (#0) * Connected to linux126.example.com (192.168.65.187) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/ipa/ca.crt CApath: none * SSL connection using AES256-SHA * Server certificate: * subject: O=example.com; CN=linux126.example.com * start date: 2014-12-10 12:38:10 GMT * expire date: 2016-12-10 12:38:10 GMT * common name: linux126.example.com (matched) * issuer: O=example.com; CN=Certificate Authority * SSL certificate verify ok. * Server auth using Basic with user '' > POST /ipa/xml HTTP/1.1 Authorization: Basic Ojo= Host: linux126.example.com > Accept: */* Content-Type: text/xml User-Agent: ipa-join/3.0.0 Referer: > https://linux126.example.com/ipa/xml X-Original-User-Agent: Xmlrpc-c/1.16.24 > Curl/1.1.1 Content-Length: 483 * upload completely sent off: 483 out of 483 > bytes < HTTP/1.1 401 Authorization Required < Date: Sun, 15 Feb 2015 12:54:54 GMT < Server: Apache/2.2.15 < Last-Modified: Wed, 30 Jan 2013 15:34:41 GMT < ETag: "e24d7-55a-4d4833fadc640" < Accept-Ranges: bytes < Content-Length: 1370 < Connection: close < Content-Type: text/html; charset=UTF-8 < * Closing connection #0 HTTP response code is 401, not 200 Installation failed. Rolling back changes. Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' args=ipa-client-automount --uninstall --debug stdout=Restoring configuration -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project