[Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off
Martin Kosek
mkosek at redhat.com
Wed Jan 20 12:52:25 UTC 2016
Adding freeipa-users back, so that others can benefit from the answer.
Can you please attach a full ipaclient-install.log DEBUG log somewhere so that
we can get the full context of the bug? You may also want to open a RHEL-6
Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only maintained
in RHEL-6.x.
Thanks,
Martin
On 01/20/2016 01:39 PM, bahan w wrote:
> Hello Martin !
>
> Thanks for your answer, Martin !
>
> I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately I
> still have the same error message.
>
> # rpm -qa | grep ipa-client
> ipa-client-3.0.0-47.el6.x86_64
>
> And in ipa-client-install.log :
> ###
> 2016-01-20T12:38:14Z DEBUG [LDAP server check]
> 2016-01-20T12:38:14Z DEBUG Verifying that <fqdn ipa server> (realm None) is
> an IPA server
> 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap://<fqdn ipa
> server>:389
> 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed
> ###
>
> Best regards.
>
> Bahan
>
>
> On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek <mkosek at redhat.com> wrote:
>
>> On 01/20/2016 12:08 PM, bahan w wrote:
>>> Hello !
>>>
>>> I send you this mail because of the following topic.
>>>
>>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous
>>> access for security reasons.
>>>
>>> But now, I have a problem when I try to enroll a new host.
>>>
>>> Here is the command I try :
>>> ###
>>> ipa-client-install --domain=<mydomain> --realm=<myrealm> --server=<fqdn
>>> ipaserver> --principal=admin --password=<PASSWORD FOR IPA ADMIN>
>>> --mkhomedir --hostname=<fqdn server> --no-ntp --no-ssh --no-sshd
>>> --unattended
>>> ###
>>>
>>> And here is the error message :
>>> ###
>>> 2016-01-20T11:06:44Z DEBUG Verifying that <fqdn ipaserver> (realm None)
>> is
>>> an IPA server
>>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://<fqdn ipa
>>> server>:389
>>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed
>>> ###
>>>
>>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous acces
>>> disabled ?
>>>
>>> Best regards.
>>>
>>> Bahan
>>
>> Hello,
>>
>> This looks like
>> https://bugzilla.redhat.com/show_bug.cgi?id=922843
>>
>> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and
>> later).
>>
>> HTH,
>> Martin
>>
>>
>
More information about the Freeipa-users
mailing list