[Freeipa-devel] issues with Debian port

Timo Aaltonen tjaalton at ubuntu.com
Thu Oct 23 21:38:03 UTC 2014 

Some updates:

- rebased to 4.0.4, thanks for the release :)
- mod_nss issues got fixed, silly me..

On 21.10.2014 18:36, Timo Aaltonen wrote:
> client install will fail with:
> 
> 2014-10-21T08:29:30Z INFO trying https://sid.tyrell/ipa/json
> 2014-10-21T08:29:30Z DEBUG Created connection context.rpcclient
> 2014-10-21T08:29:30Z DEBUG Try RPC connection
> 2014-10-21T08:29:30Z INFO Forwarding 'ping' to json server
> 'https://sid.tyrell/ipa/json'
> 2014-10-21T08:29:30Z ERROR Cannot connect to the server due to generic
> error: error marshalling data for XML-RPC transport: argument 2 must be
> string or None, not int

This is because I hadn't ported a patch from the ubuntu branch which got
applied some six months ago.. d'oh. The issue is that our pykerberos is
newer, and needs this:

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 81e7aa3..ce5f2a0 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -380,7 +380,7 @@ class KerbTransport(SSLTransport):
         service = "HTTP@" + host.split(':')[0]
 
         try:
-            (rc, vc) = kerberos.authGSSClientInit(service, self.flags)
+            (rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags)
         except kerberos.GSSError, e:
             self._handle_exception(e)


now client install on the server almost works, but only almost because..

> Also, I'm reusing the RedHatService() stuff for services that have
> native systemd jobs, but in the later phases of install (and during
> uninstall) ipactl is trying to (re)start 'dirsv at .service' and not
> 'dirsrv at REALM.service' like in the dirsrv phase.. any hints here would
> be welcome as well. Otherwise I'll just use DebianSysvService() for
> dirsrv too..

..this is still something I haven't figured out. Dirsrv restart after
LDAP updates fail, so client install on the server will fail because it
can't get SASL up. Something for tomorrow then.. still got until Sunday
to get this fixed and uploaded and then accepted to unstable by ftpmasters,
or it won't migrate to Jessie in time for the freeze. But that's an
eternity! :)

Oh and the web UI is blank when I try it. Does the client install fail have
something to do with it?


-- 
t

More information about the Freeipa-devel mailing list