[Freeipa-users] Unable to join a client
Rob Crittenden
rcritten at redhat.com
Mon Apr 19 13:30:24 UTC 2010
Oliver Burtchen wrote:
> Hi,
>
> using clean F12 installtion with all updates and ipa
> 1.91-0.2010041617git671bb9c.fc12 on server and client:
>
> Currently I'm unable to join a client, debug of ipa-client-install attached.
> Seems, there was a change in the protocol, and ipa-join gives to many
> arguments..
>
> Best regards,
> Oli
>
>
>
>
> [root at testclient ~]# ipa-client-install -d
> root : DEBUG Loading Index file from '/var/lib/ipa-
> client/sysrestore/sysrestore.index'
> root : DEBUG [ipadnssearchldap(example.com)]
> root : DEBUG [ipadnssearchkrb]
> root : DEBUG [ipacheckldap]
> root : DEBUG Init ldap with: ldap://services.example.com:389
> root : DEBUG Search rootdse
> root : DEBUG Search for (info=*) in dc=example.com(base)
> root : DEBUG Found: [('dc=example.com', {'objectClass': ['top',
> 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info':
> ['IPA V2.0'], 'associatedDomain': ['example.com'], 'dc': ['example.com'],
> 'nisDomain': ['example.com']})]
> root : DEBUG Search for (objectClass=krbRealmContainer) in
> dc=example.com(sub)
> root : DEBUG Found: [('cn=EXAMPLE.COM,cn=kerberos,dc=example.com',
> {'krbSubTrees': ['dc=example.com'], 'cn': ['EXAMPLE.COM'],
> 'krbDefaultEncSaltTypes': ['aes256-cts:normal', 'aes128-cts:normal', 'des3-
> hmac-sha1:normal', 'arcfour-hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-
> md5:normal'], 'objectClass': ['top', 'krbrealmcontainer',
> 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes':
> ['aes256-cts:normal', 'aes128-cts:normal', 'des3-hmac-sha1:normal', 'arcfour-
> hmac:normal', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-
> crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife':
> ['86400'], 'krbMaxRenewableAge': ['604800']})]
> Discovery was successful!
> Realm: EXAMPLE.COM
> DNS Domain: example.com
> IPA Server: services.example.com
> BaseDN: dc=example.com
>
>
> Continue to configure the system with these values? [no]: y
> Principal: admin
> Password for admin at EXAMPLE.COM: root : INFO
> args=/usr/kerberos/bin/kinit admin at EXAMPLE.COM
> root : INFO stdout=Password for admin at EXAMPLE.COM:
>
> root : INFO stderr=
>
> root : INFO args=/usr/sbin/ipa-join -s services.example.com -d
> root : INFO stdout=
> root : INFO stderr=cannot open configuration file
> /etc/ipa/default.conf
> XML-RPC CALL:
>
> <?xml version="1.0" encoding="UTF-8"?>\r\n
> <methodCall>\r\n
> <methodName>join</methodName>\r\n
> <params>\r\n
> <param><value><string>testclient.example.com</string></value></param>\r\n
> <param><value><struct>\r\n
> <member><name>nsosversion</name>\r\n
> <value><string>2.6.32.11-99.fc12.i686.PAE</string></value></member>\r\n
> <member><name>nshardwareplatform</name>\r\n
> <value><string>i686</string></value></member>\r\n
> </struct></value></param>\r\n
> </params>\r\n
> </methodCall>\r\n
>
> XML-RPC RESPONSE:
>
> <?xml version='1.0' encoding='UTF-8'?>\n
> <methodResponse>\n
> <fault>\n
> <value><struct>\n
> <member>\n
> <name>faultCode</name>\n
> <value><int>3004</int></value>\n
> </member>\n
> <member>\n
> <name>faultString</name>\n
> <value><string>command 'join' takes at most 1 argument</string></value>\n
> </member>\n
> </struct></value>\n
> </fault>\n
> </methodResponse>\n
>
> RPC failed at server. command 'join' takes at most 1 argument
>
> Joining realm failed: cannot open configuration file /etc/ipa/default.conf
> XML-RPC CALL:
>
> <?xml version="1.0" encoding="UTF-8"?>\r\n
> <methodCall>\r\n
> <methodName>join</methodName>\r\n
> <params>\r\n
> <param><value><string>testclient.example.com</string></value></param>\r\n
> <param><value><struct>\r\n
> <member><name>nsosversion</name>\r\n
> <value><string>2.6.32.11-99.fc12.i686.PAE</string></value></member>\r\n
> <member><name>nshardwareplatform</name>\r\n
> <value><string>i686</string></value></member>\r\n
> </struct></value></param>\r\n
> </params>\r\n
> </methodCall>\r\n
>
> XML-RPC RESPONSE:
>
> <?xml version='1.0' encoding='UTF-8'?>\n
> <methodResponse>\n
> <fault>\n
> <value><struct>\n
> <member>\n
> <name>faultCode</name>\n
> <value><int>3004</int></value>\n
> </member>\n
> <member>\n
> <name>faultString</name>\n
> <value><string>command 'join' takes at most 1 argument</string></value>\n
> </member>\n
> </struct></value>\n
> </fault>\n
> </methodResponse>\n
>
> RPC failed at server. command 'join' takes at most 1 argument
> root : INFO args=/usr/kerberos/bin/kdestroy
> root : INFO stdout=
> root : INFO stderr=
I have a fix for this awaiting peer review on freeipa-devel titled "Use
the certificate subject base in IPA when requesting certs in certmonger."
rob
More information about the Freeipa-users
mailing list