Re: [Freeipa-users] Unable to join a client

2010-04-19 Thread Oliver Burtchen
Am Montag, 19. April 2010 15:30:24 schrieb Rob Crittenden:
> Oliver Burtchen wrote:
> > Hi,
> >
> > using clean F12 installtion with all updates and ipa
> > 1.91-0.2010041617git671bb9c.fc12 on server and client:
> >
> > Currently I'm unable to join a client, debug of ipa-client-install
> > attached. Seems, there was a change in the protocol, and ipa-join gives
> > to many arguments..
> 
> I have a fix for this awaiting peer review on freeipa-devel titled "Use
> the certificate subject base in IPA when requesting certs in certmonger."

I tested the patch against 1.91-0.2010041914gitcc336cf. Found no problems and 
joining a client is working. Thanks!

Best regards,
Oli

-- 
Oliver Burtchen, Berlin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Unable to join a client

2010-04-19 Thread Rob Crittenden

Oliver Burtchen wrote:

Hi,

using clean F12 installtion with all updates and ipa 
1.91-0.2010041617git671bb9c.fc12 on server and client:


Currently I'm unable to join a client, debug of ipa-client-install attached. 
Seems, there was a change in the protocol, and ipa-join gives to many 
arguments..


Best regards,
Oli




[r...@testclient ~]# ipa-client-install -d
root: DEBUGLoading Index file from '/var/lib/ipa-
client/sysrestore/sysrestore.index'
root: DEBUG[ipadnssearchldap(example.com)]
root: DEBUG[ipadnssearchkrb]
root: DEBUG[ipacheckldap]
root: DEBUGInit ldap with: ldap://services.example.com:389
root: DEBUGSearch rootdse
root: DEBUGSearch for (info=*) in dc=example.com(base)
root: DEBUGFound: [('dc=example.com', {'objectClass': ['top', 
'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': 
['IPA V2.0'], 'associatedDomain': ['example.com'], 'dc': ['example.com'], 
'nisDomain': ['example.com']})]
root: DEBUGSearch for (objectClass=krbRealmContainer) in 
dc=example.com(sub)
root: DEBUGFound: [('cn=EXAMPLE.COM,cn=kerberos,dc=example.com', 
{'krbSubTrees': ['dc=example.com'], 'cn': ['EXAMPLE.COM'], 
'krbDefaultEncSaltTypes': ['aes256-cts:normal', 'aes128-cts:normal', 'des3-

hmac-sha1:normal', 'arcfour-hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-
md5:normal'], 'objectClass': ['top', 'krbrealmcontainer', 
'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': 
['aes256-cts:normal', 'aes128-cts:normal', 'des3-hmac-sha1:normal', 'arcfour-

hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-
crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': 
['86400'], 'krbMaxRenewableAge': ['604800']})]

Discovery was successful!
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: services.example.com
BaseDN: dc=example.com


Continue to configure the system with these values? [no]: y
Principal: admin
Password for ad...@example.com: root: INFO 
args=/usr/kerberos/bin/kinit ad...@example.com
root: INFO stdout=Password for ad...@example.com: 


root: INFO stderr=
 
root: INFO args=/usr/sbin/ipa-join -s services.example.com -d

root: INFO stdout=
root: INFO stderr=cannot open configuration file 
/etc/ipa/default.conf

XML-RPC CALL:

\r\n
\r\n
join\r\n
\r\n
testclient.example.com\r\n
\r\n
nsosversion\r\n
2.6.32.11-99.fc12.i686.PAE\r\n
nshardwareplatform\r\n
i686\r\n
\r\n
\r\n
\r\n

XML-RPC RESPONSE:

\n
\n
\n
\n
\n
faultCode\n
3004\n
\n
\n
faultString\n
command 'join' takes at most 1 argument\n
\n
\n
\n
\n

RPC failed at server.  command 'join' takes at most 1 argument

Joining realm failed: cannot open configuration file /etc/ipa/default.conf
XML-RPC CALL:

\r\n
\r\n
join\r\n
\r\n
testclient.example.com\r\n
\r\n
nsosversion\r\n
2.6.32.11-99.fc12.i686.PAE\r\n
nshardwareplatform\r\n
i686\r\n
\r\n
\r\n
\r\n

XML-RPC RESPONSE:

\n
\n
\n
\n
\n
faultCode\n
3004\n
\n
\n
faultString\n
command 'join' takes at most 1 argument\n
\n
\n
\n
\n

RPC failed at server.  command 'join' takes at most 1 argument
root: INFO args=/usr/kerberos/bin/kdestroy
root: INFO stdout=
root: INFO stderr=


I have a fix for this awaiting peer review on freeipa-devel titled "Use 
the certificate subject base in IPA when requesting certs in certmonger."


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users