[Freeipa-users] FreeIPA Client Install 403 error
Rob Crittenden
rcritten at redhat.com
Wed Jul 20 18:33:36 UTC 2016
Rubin Binder wrote:
> Justin,
>
> Thank you very much for the prompt response. The log output is as follows:
>
> 2016-07-20T17:02:52Z DEBUG Starting external process
> 2016-07-20T17:02:52Z DEBUG args='/usr/sbin/ipa-join' '-s'
> 'ldap.mydomain.com' '-b' 'dc=mydomain,dc=com' '-h' 'centostest.mydomain.com'
> 2016-07-20T17:02:52Z DEBUG Process finished, return code=17
> 2016-07-20T17:02:52Z DEBUG stdout=
> 2016-07-20T17:02:52Z DEBUG stderr=HTTP response code is 403, not 200
>
> 2016-07-20T17:02:52Z ERROR Joining realm failed: HTTP response code is
> 403, not 200
>
> 2016-07-20T17:02:52Z ERROR Installation failed. Rolling back changes.
> 2016-07-20T17:02:52Z ERROR IPA client is not configured on this system.
Seeing the entire file is usually more helpful but in this case you did
provide a single clue. Return code 17 from ipa-join is a XML-RPC fault.
This may be the same 403 as reported elsewhere. I'd suggest looking in
/var/log/httpd/error_log on the master.
rob
>
> Regards,
> Rubin
>
> ------------------------------------------------------------------------
> *From: *"Justin Stephenson" <jstephen at redhat.com>
> *To: *"Rubin Binder" <rbinder at wooplagaming.com>, freeipa-users at redhat.com
> *Sent: *Wednesday, July 20, 2016 2:49:16 PM
> *Subject: *Re: [Freeipa-users] FreeIPA Client Install 403 error
>
> Could you please share with us the /var/log/ipaclient-install.log ?
>
> Kind regards,
>
> Justin Stephenson
>
>
> On 07/20/2016 01:23 PM, Rubin Binder wrote:
> > Hello all,
> >
> > I am testing Free IPA server for use under a test environment, so far
> smooth sailing and have it up and running, no problems.
> >
> > The problem is occurring during client installation. I have installed
> the ipa-client package on a clean CentOS 7 OS. When I execute
> ipa-client-install... I get the following:
> >
> > Client hostname: centostest.mydomain.com
> > Realm: MYDOMAIN.COM
> > DNS Domain: mydomain.com
> > IPA Server: ldap.mydomain.com
> > BaseDN: dc=mydomain,dc=com
> >
> > Continue to configure the system with these values? [no]: yes
> > Skipping synchronizing time with NTP server.
> > User authorized to enroll computers: admin
> > Password for admin at MYDOMAIN.COM:
> > Successfully retrieved CA cert
> > Subject: CN=Certificate Authority,O=MYDOMAIN.COM
> > Issuer: CN=Certificate Authority,O=MYDOMAIN.COM
> > Valid From: Wed Jul 13 13:12:08 2016 UTC
> > Valid Until: Sun Jul 13 13:12:08 2036 UTC
> >
> > Joining realm failed: HTTP response code is 403, not 200
> >
> > Installation failed. Rolling back changes.
> > IPA client is not configured on this system.
> >
> > I can't make sense of why I'd be seeing a 403 error. I've done my
> share of searching but have not found a similar issue. Some have report
> 401 errors in some circumstances, but not 403.
> >
> > Has anyone seen this before.
> >
> > Thanks,
> > Rubin
> >
>
>
>
>
More information about the Freeipa-users
mailing list