Re: [Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken
Do you mean that dhcpd on Ubuntu is configured against the very same FreeIPA
server?
yes. Testing both on VMs with a private network.
Are you sure that dhcpd is using the same credentials to BIND to LDAP? There
might be an access control issue if different hosts use different credentials
or so. It would help if you described how you bound to LDAP using ldapsearch.
Yes.
To make sure, I using the ipa admin credentials.
On both hosts I can do a
$ ldapsearch -x
and retrieve the ldif info.
running on both:
$ strace -e trace=network dhcpd -d
I get this line on the Ubuntu host:
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 5
setsockopt(5, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sa_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("192.168.1.138")}, 16) = 0
On the Fedora host (FreeIPA server), there is no try to connect to.
I thought that it might be trying to use a socket, but still no try even
with an outside IP as host.
There is one difference between Fedora and Ubuntu dhcpds. On Ubuntu,
there is a separated ldap package to dhcp-server
(isc-dhcp-server-ldap). On Fedora it is supposedly merged on the same
binary on dhcp-server (dhcp-server-4.3.4-3.fc24.x86_64).
That's why it would be a good start for me to know that someone else
uses dhcpd with ldap on Fedora.
-rsd
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken
On 7.11.2016 17:45, Raul Dias wrote: > You are right, > > This might be more a Fedora issue than FreeIPA. I am hoping that someone else > is also using DHCP with LDAP (specially with FreeIPA). > > I am using the IPA-dhcp plugin: https://github.com/jefferyharrell/IPA-dhcp > > ldapsearch -x shows the entries are fine in the LDAP. > > Stracing dhcpd shows that it is not making any connection to the LDAP, while > it shows an error message. > > On Fedora 24 (updated), I am using dhcp-server-4.3.4.fc24 > > /etc/dhcp/dhcpd.conf: > ldap-server "10.101.1.1"; #or localhost, or any interface ip or ns name > ldap-port 389; > ldap-base-dn "cn=dhcp,dc=dias,dc=com,dc=br"; > ldap-method static; > ldap-debug-file "/var/log/dhcp-ldap-startup.log"; > > The STDERR output acts as if it were talking to the LDAP server: > > Cannot find host LDAP entry server.dias.com.br > (&(objectClass=dhcpServer)(cn=server.dias.com.br)) > > As the output of ldapsearch, the entry is there: > # server.dias.com.br, dhcp, dias.com.br > dn: cn=server.dias.com.br,cn=dhcp,dc=dias,dc=com,dc=br > objectClass: dhcpserver > objectClass: top > dhcpServiceDN: cn=dhcp,dc=dias,dc=com,dc=br > cn: server.dias.com.br > dhcpStatements: authoritative > > Using the same config on a ubuntu host, it works fine, which makes me wonder > that dhcpd in Fedora 24 does not work at all with LDAP. Do you mean that dhcpd on Ubuntu is configured against the very same FreeIPA server? Are you sure that dhcpd is using the same credentials to BIND to LDAP? There might be an access control issue if different hosts use different credentials or so. It would help if you described how you bound to LDAP using ldapsearch. Petr^2 Spacek > > Or maybe this is a reflection of some FreeIPA server way of life > configuration, like sssd. > > -rsd > > > On 07/11/2016 05:10, Petr Spacek wrote: >> On 6.11.2016 06:06, Raul Dias wrote: >>> Hello, >>> >>> It seems that DHCP with LDAP on Fedora 24 (FreeIPA) is broken. >>> >>> Can anyone confirm? >>> >>> Doing an strace -e trace=network does not show any attempt to connect to the >>> ldap server. >>> >>> OTOH, the same config on a Ubuntu 16.10 works fine. >> Hello, >> >> AFAIK DHCP support was never part of official FreeIPA builds. What are you >> trying to achieve and where did you get the builds? >> >> We need to know exact software versions and configuration. For further hints >> how to report bugs please see >> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs >> > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken
You are right, This might be more a Fedora issue than FreeIPA. I am hoping that someone else is also using DHCP with LDAP (specially with FreeIPA). I am using the IPA-dhcp plugin: https://github.com/jefferyharrell/IPA-dhcp ldapsearch -x shows the entries are fine in the LDAP. Stracing dhcpd shows that it is not making any connection to the LDAP, while it shows an error message. On Fedora 24 (updated), I am using dhcp-server-4.3.4.fc24 /etc/dhcp/dhcpd.conf: ldap-server "10.101.1.1"; #or localhost, or any interface ip or ns name ldap-port 389; ldap-base-dn "cn=dhcp,dc=dias,dc=com,dc=br"; ldap-method static; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; The STDERR output acts as if it were talking to the LDAP server: Cannot find host LDAP entry server.dias.com.br (&(objectClass=dhcpServer)(cn=server.dias.com.br)) As the output of ldapsearch, the entry is there: # server.dias.com.br, dhcp, dias.com.br dn: cn=server.dias.com.br,cn=dhcp,dc=dias,dc=com,dc=br objectClass: dhcpserver objectClass: top dhcpServiceDN: cn=dhcp,dc=dias,dc=com,dc=br cn: server.dias.com.br dhcpStatements: authoritative Using the same config on a ubuntu host, it works fine, which makes me wonder that dhcpd in Fedora 24 does not work at all with LDAP. Or maybe this is a reflection of some FreeIPA server way of life configuration, like sssd. -rsd On 07/11/2016 05:10, Petr Spacek wrote: On 6.11.2016 06:06, Raul Dias wrote: Hello, It seems that DHCP with LDAP on Fedora 24 (FreeIPA) is broken. Can anyone confirm? Doing an strace -e trace=network does not show any attempt to connect to the ldap server. OTOH, the same config on a Ubuntu 16.10 works fine. Hello, AFAIK DHCP support was never part of official FreeIPA builds. What are you trying to achieve and where did you get the builds? We need to know exact software versions and configuration. For further hints how to report bugs please see http://www.freeipa.org/page/Troubleshooting#Reporting_bugs -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken
On 6.11.2016 06:06, Raul Dias wrote: > Hello, > > It seems that DHCP with LDAP on Fedora 24 (FreeIPA) is broken. > > Can anyone confirm? > > Doing an strace -e trace=network does not show any attempt to connect to the > ldap server. > > OTOH, the same config on a Ubuntu 16.10 works fine. Hello, AFAIK DHCP support was never part of official FreeIPA builds. What are you trying to achieve and where did you get the builds? We need to know exact software versions and configuration. For further hints how to report bugs please see http://www.freeipa.org/page/Troubleshooting#Reporting_bugs -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
