[Freeipa-users] Unable to join a client

Rob Crittenden rcritten at redhat.com
Mon Apr 19 13:30:24 UTC 2010 

Oliver Burtchen wrote:
> Hi,
> 
> using clean F12 installtion with all updates and ipa 
> 1.91-0.2010041617git671bb9c.fc12 on server and client:
> 
> Currently I'm unable to join a client, debug of ipa-client-install attached. 
> Seems, there was a change in the protocol, and ipa-join gives to many 
> arguments..
> 
> Best regards,
> Oli
> 
> 
> 
> 
> [root at testclient ~]# ipa-client-install -d
> root        : DEBUG    Loading Index file from '/var/lib/ipa-
> client/sysrestore/sysrestore.index'
> root        : DEBUG    [ipadnssearchldap(example.com)]
> root        : DEBUG    [ipadnssearchkrb]
> root        : DEBUG    [ipacheckldap]
> root        : DEBUG    Init ldap with: ldap://services.example.com:389
> root        : DEBUG    Search rootdse
> root        : DEBUG    Search for (info=*) in dc=example.com(base)
> root        : DEBUG    Found: [('dc=example.com', {'objectClass': ['top', 
> 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': 
> ['IPA V2.0'], 'associatedDomain': ['example.com'], 'dc': ['example.com'], 
> 'nisDomain': ['example.com']})]
> root        : DEBUG    Search for (objectClass=krbRealmContainer) in 
> dc=example.com(sub)
> root        : DEBUG    Found: [('cn=EXAMPLE.COM,cn=kerberos,dc=example.com', 
> {'krbSubTrees': ['dc=example.com'], 'cn': ['EXAMPLE.COM'], 
> 'krbDefaultEncSaltTypes': ['aes256-cts:normal', 'aes128-cts:normal', 'des3-
> hmac-sha1:normal', 'arcfour-hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-
> md5:normal'], 'objectClass': ['top', 'krbrealmcontainer', 
> 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': 
> ['aes256-cts:normal', 'aes128-cts:normal', 'des3-hmac-sha1:normal', 'arcfour-
> hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-
> crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': 
> ['86400'], 'krbMaxRenewableAge': ['604800']})]
> Discovery was successful!
> Realm: EXAMPLE.COM
> DNS Domain: example.com
> IPA Server: services.example.com
> BaseDN: dc=example.com
> 
> 
> Continue to configure the system with these values? [no]: y
> Principal: admin
> Password for admin at EXAMPLE.COM: root        : INFO     
> args=/usr/kerberos/bin/kinit admin at EXAMPLE.COM
> root        : INFO     stdout=Password for admin at EXAMPLE.COM: 
> 
> root        : INFO     stderr=
>  
> root        : INFO     args=/usr/sbin/ipa-join -s services.example.com -d
> root        : INFO     stdout=
> root        : INFO     stderr=cannot open configuration file 
> /etc/ipa/default.conf
> XML-RPC CALL:
> 
> <?xml version="1.0" encoding="UTF-8"?>\r\n
> <methodCall>\r\n
> <methodName>join</methodName>\r\n
> <params>\r\n
> <param><value><string>testclient.example.com</string></value></param>\r\n
> <param><value><struct>\r\n
> <member><name>nsosversion</name>\r\n
> <value><string>2.6.32.11-99.fc12.i686.PAE</string></value></member>\r\n
> <member><name>nshardwareplatform</name>\r\n
> <value><string>i686</string></value></member>\r\n
> </struct></value></param>\r\n
> </params>\r\n
> </methodCall>\r\n
> 
> XML-RPC RESPONSE:
> 
> <?xml version='1.0' encoding='UTF-8'?>\n
> <methodResponse>\n
> <fault>\n
> <value><struct>\n
> <member>\n
> <name>faultCode</name>\n
> <value><int>3004</int></value>\n
> </member>\n
> <member>\n
> <name>faultString</name>\n
> <value><string>command 'join' takes at most 1 argument</string></value>\n
> </member>\n
> </struct></value>\n
> </fault>\n
> </methodResponse>\n
> 
> RPC failed at server.  command 'join' takes at most 1 argument
> 
> Joining realm failed: cannot open configuration file /etc/ipa/default.conf
> XML-RPC CALL:
> 
> <?xml version="1.0" encoding="UTF-8"?>\r\n
> <methodCall>\r\n
> <methodName>join</methodName>\r\n
> <params>\r\n
> <param><value><string>testclient.example.com</string></value></param>\r\n
> <param><value><struct>\r\n
> <member><name>nsosversion</name>\r\n
> <value><string>2.6.32.11-99.fc12.i686.PAE</string></value></member>\r\n
> <member><name>nshardwareplatform</name>\r\n
> <value><string>i686</string></value></member>\r\n
> </struct></value></param>\r\n
> </params>\r\n
> </methodCall>\r\n
> 
> XML-RPC RESPONSE:
> 
> <?xml version='1.0' encoding='UTF-8'?>\n
> <methodResponse>\n
> <fault>\n
> <value><struct>\n
> <member>\n
> <name>faultCode</name>\n
> <value><int>3004</int></value>\n
> </member>\n
> <member>\n
> <name>faultString</name>\n
> <value><string>command 'join' takes at most 1 argument</string></value>\n
> </member>\n
> </struct></value>\n
> </fault>\n
> </methodResponse>\n
> 
> RPC failed at server.  command 'join' takes at most 1 argument
> root        : INFO     args=/usr/kerberos/bin/kdestroy
> root        : INFO     stdout=
> root        : INFO     stderr=

I have a fix for this awaiting peer review on freeipa-devel titled "Use 
the certificate subject base in IPA when requesting certs in certmonger."

rob

More information about the Freeipa-users mailing list