Re: [Freeipa-users] While attempting to join a client ....I get this failure....
On 02/27/2011 10:22 PM, Steven Jones wrote: I have just built these 2 fed14 to act as a server and client and run yum updateso they should be as closely sync'd as possible... =client=== [root@fed14-64-ipacl01 ~]# ipa-client-install Discovery was successful! Realm: IPA.AC.NZ DNS Domain: ipa.ac.nz IPA Server: fed14-64-ipam001.ipa.ac.nz BaseDN: dc=ipa,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for ad...@ipa.ac.nz: Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. [root@fed14-64-ipacl01 ~]# date Mon Feb 28 03:12:57 NZDT 2011 [root@fed14-64-ipacl01 ~]# =server=== 8 is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 30 kB 00:00 Processing delta metadata Package(s) data still to download: 304 k (1/2): nss-softokn-3.12.9-5.fc14.x86_64.rpm | 175 kB 00:00 (2/2): nss-softokn-freebl-3.12.9-5.fc14.x86_64.rpm | 129 kB 00:00 Total 789 kB/s | 304 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nss-softokn-freebl-3.12.9-5.fc14.x86_64 1/4 Updating : nss-softokn-3.12.9-5.fc14.x86_64 2/4 Cleanup: nss-softokn-3.12.9-4.fc14.x86_64 3/4 Cleanup: nss-softokn-freebl-3.12.9-4.fc14.x86_64 4/4 Updated: nss-softokn.x86_64 0:3.12.9-5.fc14 nss-softokn-freebl.x86_64 0:3.12.9-5.fc14 Complete! [root@fed14-64-ipam001 tmp]# date Mon Feb 28 03:13:02 NZDT 2011 [root@fed14-64-ipam001 tmp]# So nothing major on the server needs updating and the client is bang up to date, time stamp is close regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Recent changes and fixes in the server and client communication require the updates to both. Which versions do you have? -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to join a client ....I get this failure....
Steven Jones wrote: I have just built these 2 fed14 to act as a server and client and run yum updateso they should be as closely sync'd as possible... =client=== [root@fed14-64-ipacl01 ~]# ipa-client-install Discovery was successful! Realm: IPA.AC.NZ DNS Domain: ipa.ac.nz IPA Server: fed14-64-ipam001.ipa.ac.nz BaseDN: dc=ipa,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for ad...@ipa.ac.nz: Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. [root@fed14-64-ipacl01 ~]# date Mon Feb 28 03:12:57 NZDT 2011 [root@fed14-64-ipacl01 ~]# =server=== 8 is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 30 kB 00:00 Processing delta metadata Package(s) data still to download: 304 k (1/2): nss-softokn-3.12.9-5.fc14.x86_64.rpm | 175 kB 00:00 (2/2): nss-softokn-freebl-3.12.9-5.fc14.x86_64.rpm | 129 kB 00:00 Total 789 kB/s | 304 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nss-softokn-freebl-3.12.9-5.fc14.x86_64 1/4 Updating : nss-softokn-3.12.9-5.fc14.x86_64 2/4 Cleanup: nss-softokn-3.12.9-4.fc14.x86_64 3/4 Cleanup: nss-softokn-freebl-3.12.9-4.fc14.x86_64 4/4 Updated: nss-softokn.x86_64 0:3.12.9-5.fc14 nss-softokn-freebl.x86_64 0:3.12.9-5.fc14 Complete! [root@fed14-64-ipam001 tmp]# date Mon Feb 28 03:13:02 NZDT 2011 [root@fed14-64-ipam001 tmp]# So nothing major on the server needs updating and the client is bang up to date, time stamp is close regards The client and server packages need to be the same version. We realized that we had re-used an OID and had to change the OID used to register the enrollment OID. So the client package needs to be the same version as the server, for now anyway. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to join a client ....I get this failure....
Hi, The point is both the client and the server are up to date in terms of patches from teh repo. So your repo is not consistent and needs fixing.. regards On Mon, 2011-02-28 at 10:43 -0500, Rob Crittenden wrote: Steven Jones wrote: I have just built these 2 fed14 to act as a server and client and run yum updateso they should be as closely sync'd as possible... =client=== [root@fed14-64-ipacl01 ~]# ipa-client-install Discovery was successful! Realm: IPA.AC.NZ DNS Domain: ipa.ac.nz IPA Server: fed14-64-ipam001.ipa.ac.nz BaseDN: dc=ipa,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for ad...@ipa.ac.nz: Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. [root@fed14-64-ipacl01 ~]# date Mon Feb 28 03:12:57 NZDT 2011 [root@fed14-64-ipacl01 ~]# =server=== 8 is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 30 kB 00:00 Processing delta metadata Package(s) data still to download: 304 k (1/2): nss-softokn-3.12.9-5.fc14.x86_64.rpm | 175 kB 00:00 (2/2): nss-softokn-freebl-3.12.9-5.fc14.x86_64.rpm | 129 kB 00:00 Total 789 kB/s | 304 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nss-softokn-freebl-3.12.9-5.fc14.x86_64 1/4 Updating : nss-softokn-3.12.9-5.fc14.x86_64 2/4 Cleanup: nss-softokn-3.12.9-4.fc14.x86_64 3/4 Cleanup: nss-softokn-freebl-3.12.9-4.fc14.x86_64 4/4 Updated: nss-softokn.x86_64 0:3.12.9-5.fc14 nss-softokn-freebl.x86_64 0:3.12.9-5.fc14 Complete! [root@fed14-64-ipam001 tmp]# date Mon Feb 28 03:13:02 NZDT 2011 [root@fed14-64-ipam001 tmp]# So nothing major on the server needs updating and the client is bang up to date, time stamp is close regards The client and server packages need to be the same version. We realized that we had re-used an OID and had to change the OID used to register the enrollment OID. So the client package needs to be the same version as the server, for now anyway. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to join a client ....I get this failure....
Steven Jones wrote: Hi, The point is both the client and the server are up to date in terms of patches from teh repo. So your repo is not consistent and needs fixing.. Yes, but what version are you using and what repo, the ipa-devel repo? rob regards On Mon, 2011-02-28 at 10:43 -0500, Rob Crittenden wrote: Steven Jones wrote: I have just built these 2 fed14 to act as a server and client and run yum updateso they should be as closely sync'd as possible... =client=== [root@fed14-64-ipacl01 ~]# ipa-client-install Discovery was successful! Realm: IPA.AC.NZ DNS Domain: ipa.ac.nz IPA Server: fed14-64-ipam001.ipa.ac.nz BaseDN: dc=ipa,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for ad...@ipa.ac.nz: Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. [root@fed14-64-ipacl01 ~]# date Mon Feb 28 03:12:57 NZDT 2011 [root@fed14-64-ipacl01 ~]# =server=== 8 is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 30 kB 00:00 Processing delta metadata Package(s) data still to download: 304 k (1/2): nss-softokn-3.12.9-5.fc14.x86_64.rpm | 175 kB 00:00 (2/2): nss-softokn-freebl-3.12.9-5.fc14.x86_64.rpm | 129 kB 00:00 Total 789 kB/s | 304 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nss-softokn-freebl-3.12.9-5.fc14.x86_64 1/4 Updating : nss-softokn-3.12.9-5.fc14.x86_64 2/4 Cleanup: nss-softokn-3.12.9-4.fc14.x86_64 3/4 Cleanup: nss-softokn-freebl-3.12.9-4.fc14.x86_64 4/4 Updated: nss-softokn.x86_64 0:3.12.9-5.fc14 nss-softokn-freebl.x86_64 0:3.12.9-5.fc14 Complete! [root@fed14-64-ipam001 tmp]# date Mon Feb 28 03:13:02 NZDT 2011 [root@fed14-64-ipam001 tmp]# So nothing major on the server needs updating and the client is bang up to date, time stamp is close regards The client and server packages need to be the same version. We realized that we had re-used an OID and had to change the OID used to register the enrollment OID. So the client package needs to be the same version as the server, for now anyway. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to join a client ....I get this failure....
Steven Jones wrote: Hi, How do I tell? ie what are the package names? but apart from that both are yum updated from the same repo, so this means your repo is probably the problem On the client: rpm -q freeipa-client On the server: rpm -q freeipa-server regards On Mon, 2011-02-28 at 10:42 -0500, Dmitri Pal wrote: On 02/27/2011 10:22 PM, Steven Jones wrote: I have just built these 2 fed14 to act as a server and client and run yum updateso they should be as closely sync'd as possible... =client=== [root@fed14-64-ipacl01 ~]# ipa-client-install Discovery was successful! Realm: IPA.AC.NZ DNS Domain: ipa.ac.nz IPA Server: fed14-64-ipam001.ipa.ac.nz BaseDN: dc=ipa,dc=ac,dc=nz Continue to configure the system with these values? [no]: yes Enrollment principal: admin Password for ad...@ipa.ac.nz: Joining realm failed because of failing XML-RPC request. This error may be caused by incompatible server/client major versions. [root@fed14-64-ipacl01 ~]# date Mon Feb 28 03:12:57 NZDT 2011 [root@fed14-64-ipacl01 ~]# =server=== 8 is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata updates-testing/prestodelta | 30 kB 00:00 Processing delta metadata Package(s) data still to download: 304 k (1/2): nss-softokn-3.12.9-5.fc14.x86_64.rpm | 175 kB 00:00 (2/2): nss-softokn-freebl-3.12.9-5.fc14.x86_64.rpm | 129 kB 00:00 Total 789 kB/s | 304 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nss-softokn-freebl-3.12.9-5.fc14.x86_64 1/4 Updating : nss-softokn-3.12.9-5.fc14.x86_64 2/4 Cleanup: nss-softokn-3.12.9-4.fc14.x86_64 3/4 Cleanup: nss-softokn-freebl-3.12.9-4.fc14.x86_64 4/4 Updated: nss-softokn.x86_64 0:3.12.9-5.fc14 nss-softokn-freebl.x86_64 0:3.12.9-5.fc14 Complete! [root@fed14-64-ipam001 tmp]# date Mon Feb 28 03:13:02 NZDT 2011 [root@fed14-64-ipam001 tmp]# So nothing major on the server needs updating and the client is bang up to date, time stamp is close regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Recent changes and fixes in the server and client communication require the updates to both. Which versions do you have? -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Freeipa fails to start after a reboot
So Im having fun. Looks like the rpm didnt install properly? or the install script failed? strange because it seemed to be running before I rebootedso something has gone wrong after teh install? [root@fed14-64-ipam001 init.d]# ipa start ipa: ERROR: unknown command 'start' [root@fed14-64-ipam001 init.d]# ./ipa start Starting Directory Service Starting dirsrv: IPA-AC-NZ... [ OK ] PKI-IPA... [ OK ] Error retrieving list of services {'matched': 'cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=nz', 'desc': 'No such object'} Is IPA installed? Failed to read data from Directory Service Shutting down Shutting down dirsrv: IPA-AC-NZ... [ OK ] PKI-IPA... [ OK ] [root@fed14-64-ipam001 init.d]# service ipactl start ipactl: unrecognized service ]# So find gets me the script.. [root@fed14-64-ipam001 init.d]# /usr/sbin/ipactl start Starting Directory Service Starting dirsrv: IPA-AC-NZ... [ OK ] PKI-IPA... [ OK ] Error retrieving list of services {'matched': 'cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=nz', 'desc': 'No such object'} Is IPA installed? Failed to read data from Directory Service Shutting down Shutting down dirsrv: IPA-AC-NZ... [ OK ] PKI-IPA... [ OK ] [root@fed14-64-ipam001 init.d]# On Mon, 2011-02-28 at 16:39 +1000, David O'Brien wrote: Steven Jones wrote: What scrips need to be runa and in what order to start the primary ipa server? regards if you run service ipactl start it should start all the required ipa services in the correct order. -- David O'Brien Red Hat Asia Pacific Pty Ltd +61 7 3514 8189 He who asks is a fool for five minutes, but he who does not ask remains a fool forever. ~ Chinese proverb ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to make a replica....I get this failure....
=== [root@fed14-64-ipam001 init.d]# certutil -L -d /etc/httpd/alias Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u IPA.AC.NZ IPA CA CT,C,C ipaCert u,u,u Server-Cert u,u,u [root@fed14-64-ipam001 init.d]# === regards On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote: Steven Jones wrote: [root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare fed14-64-ipam002.ipa.ac.nz Directory Manager (existing master) password: Preparing replica for fed14-64-ipam002.ipa.ac.nz from fed14-64-ipam001.ipa.ac.nz Creating SSL certificate for the Directory Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' Creating SSL certificate for the Web Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' preparation of replica failed: cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. File /usr/sbin/ipa-replica-prepare, line 431, inmodule main() File /usr/sbin/ipa-replica-prepare, line 363, in main export_certdb(api.env.realm, ds_dir, dir, passwd_fname, httpcert, replica_fqdn, subject_base) File /usr/sbin/ipa-replica-prepare, line 136, in export_certdb raise e If I go to the URL I get, The Certificate System has encountered an unrecoverable error. Error Message: java.lang.NullPointerException Please contact your local administrator for assistance. ??? regards Can you provide the output of: # certutil -L -d /etc/httpd/alias During installation dogtag provides us with an RA agent certificate that we use to communicate with the CA. This certificate should be stored in /etc/httpd/alias. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to join a client ....I get this failure....
8 On the client: rpm -q freeipa-client freeipa-client-2.0.0.rc1-0.fc14.x86_64 On the server: rpm -q freeipa-server freeipa-server-2.0.0.rc1-0.fc14.x86_64 regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Announcing FreeIPA v2 Server Release Candidate 2 Release
To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Release Candidate 2 release of freeIPA 2.0 server [1]. * Binaries are available for F-14 and F-15 [2]. * Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-users@redhat.com Main Highlights of the Release Candidate. This release consists primarily of bug fixes and polish across all areas of the project. Modifications include but are not limited to * Make Indirect membership clearer. * Input validation fixes. * WebUI improvements. * Created default Roles. * IPv6 support * Documentation updates Focus of the Release Candidate Testing * There was a Fedora test day for FreeIPA on Feb 15th [3]. These tests are still relevant and feedback would be appreciated. * The following section outlines the areas that we are mostly interested to test [4]. Significant Changes Since RC 1 To see all the tickets addressed since the beta 2 release see [6]. Repositories and Installation * Use the following link to install the RC 2 packages [5]. * FreeIPA relies on the latest versions of the packages currently available from the updates-testing repository. Please make sure to enable this repository before you proceed with installation. Known Issues: * There are known issues that currently prevent FreeIPA from successfully installing with dogtag on F-15 [2]. We will send a separate message when this issue is resolved. The FreeIPA server is installable with the --selfsign option on F-15, or with dogtag on F-14. * Server-generated error messages are not translated yet. * The 'ipa help' command does not support localization. We plan to address all the outstanding tickets before the final 2.0 release. For the complete list see [7]. Thank you, The FreeIPA development team [1] http://www.freeipa.org/page/Downloads [2] dogtag is having issues with systemd: https://bugzilla.redhat.com/show_bug.cgi?id=676330 [3] https://fedoraproject.org/wiki/QA/Fedora_15_test_days [4] https://fedoraproject.org/wiki/Features/FreeIPAv2#How_To_Test [5] http://freeipa.org/downloads/freeipa-devel.repo [6] https://fedorahosted.org/freeipa/query?status=closedmilestone=2.0.2+Bug+fixing+(RC2) [7] https://fedorahosted.org/freeipa/milestone/2.0.3.%20Bug%20Fixing%20%28GA%29 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v2 Server Release Candidate 2 Release
Not sure if I have to change anything in the repo? but rc2.0 does not appear... regards On Mon, 2011-02-28 at 16:07 -0500, Rob Crittenden wrote: To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Release Candidate 2 release of freeIPA 2.0 server [1]. * Binaries are available for F-14 and F-15 [2]. * Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-users@redhat.com Main Highlights of the Release Candidate. This release consists primarily of bug fixes and polish across all areas of the project. Modifications include but are not limited to * Make Indirect membership clearer. * Input validation fixes. * WebUI improvements. * Created default Roles. * IPv6 support * Documentation updates Focus of the Release Candidate Testing * There was a Fedora test day for FreeIPA on Feb 15th [3]. These tests are still relevant and feedback would be appreciated. * The following section outlines the areas that we are mostly interested to test [4]. Significant Changes Since RC 1 To see all the tickets addressed since the beta 2 release see [6]. Repositories and Installation * Use the following link to install the RC 2 packages [5]. * FreeIPA relies on the latest versions of the packages currently available from the updates-testing repository. Please make sure to enable this repository before you proceed with installation. Known Issues: * There are known issues that currently prevent FreeIPA from successfully installing with dogtag on F-15 [2]. We will send a separate message when this issue is resolved. The FreeIPA server is installable with the --selfsign option on F-15, or with dogtag on F-14. * Server-generated error messages are not translated yet. * The 'ipa help' command does not support localization. We plan to address all the outstanding tickets before the final 2.0 release. For the complete list see [7]. Thank you, The FreeIPA development team [1] http://www.freeipa.org/page/Downloads [2] dogtag is having issues with systemd: https://bugzilla.redhat.com/show_bug.cgi?id=676330 [3] https://fedoraproject.org/wiki/QA/Fedora_15_test_days [4] https://fedoraproject.org/wiki/Features/FreeIPAv2#How_To_Test [5] http://freeipa.org/downloads/freeipa-devel.repo [6] https://fedorahosted.org/freeipa/query?status=closedmilestone=2.0.2+Bug+fixing+(RC2) [7] https://fedorahosted.org/freeipa/milestone/2.0.3.%20Bug%20Fixing%20%28GA%29 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v2 Server Release Candidate 2 Release
umchecksum error? === [root@fed14-64-ipacl01 yum.repos.d]# yum update Loaded plugins: langpacks, presto, refresh-packagekit Adding en_US to language list freeipa-devel | 1.3 kB 00:00 freeipa-devel/primary | 10 kB 00:00 http://freeipa.com/downloads/devel/rpms/F14/x86_64/repodata/primary.xml.gz: [Errno -1] Metadata file does not match checksum Trying other mirror. updates/metalink | 2.1 kB 00:00 updates-testing/metalink | 45 kB 00:01 Setting up Update Process No Packages marked for Update [root@fed14-64-ipacl01 yum.repos.d]# === ? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v2 Server Release Candidate 2 Release
I have tried to download the rpms by hand and the dependencies are all broken ie pythonwell stuffed by the looks of it... regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users