[Freeipa-users] Unable to join FreeIPA client to server
Adam Bishop
Adam.Bishop at jisc.ac.uk
Tue Mar 29 13:29:02 UTC 2016
Client is running ipa-client-3.0.0-47.el6.centos.1.x86_64 on CentOS 6
Servers are running ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64 on CentOS 7
When I try to join the CentOS 6 client to the CentOS 7 servers, ipa-client-install is unable to access /ipa/xml, throwing the following error:
...
Connecting: [2001:630:1:177::98]:0
Failed to set TLS range to tls1.0, tls1.2
Could not connect socket to [2001:630:1:177::98]:443, error: (SSL_ERROR_INVALID_VERSION_RANGE) SSL version range is not valid.
...
The full log follows, but I don't see anything interesting or unusual, other than HTTPS connections are established OK earlier in the installation process.
I could use a bit of help resolving this - full client debug follows. Both systems are running nss 3.19.1 which *should* support TLS1.2., so I'm unsure where to start fixing this.
Thanks,
Adam Bishop
gpg: 0x6609D460
jisc.ac.uk
---
Starting IPA discovery with domain=example.org, servers=None, hostname=rms1.example.org
Search for LDAP SRV record in example.org
Search DNS for SRV record of _ldap._tcp.example.org.
DNS record found: DNSResult::name:_ldap._tcp.example.org.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:atl-ipa-001.example.org.}
DNS record found: DNSResult::name:_ldap._tcp.example.org.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:swi-ipa-001.example.org.}
[Kerberos realm search]
Search DNS for TXT record of _kerberos.example.org.
DNS record found: DNSResult::name:_kerberos.example.org.,type:16,class:1,rdata={data:example.org}
Search DNS for SRV record of _kerberos._udp.example.org.
DNS record found: DNSResult::name:_kerberos._udp.example.org.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:swi-ipa-001.example.org.}
DNS record found: DNSResult::name:_kerberos._udp.example.org.,type:33,class:1,rdata={priority:0,port:88,weight:100,server:atl-ipa-001.example.org.}
[LDAP server check]
Verifying that atl-ipa-001.example.org (realm example.org) is an IPA server
Init LDAP connection with: ldap://atl-ipa-001.example.org:389
Search LDAP server for IPA base DN
Check if naming context 'dc=example,dc=org' is for IPA
Naming context 'dc=example,dc=org' is a valid IPA context
Search for (objectClass=krbRealmContainer) in dc=example,dc=org (sub)
Found: cn=example.org,cn=kerberos,dc=example,dc=org
Discovery result: Success; server=atl-ipa-001.example.org, domain=example.org, kdc=swi-ipa-001.example.org,atl-ipa-001.example.org, basedn=dc=example,dc=org
Validated servers: atl-ipa-001.example.org
will use discovered domain: example.org
Start searching for LDAP SRV record in "example.org" (Validating DNS Discovery) and its sub-domains
Search DNS for SRV record of _ldap._tcp.example.org.
DNS record found: DNSResult::name:_ldap._tcp.example.org.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:swi-ipa-001.example.org.}
DNS record found: DNSResult::name:_ldap._tcp.example.org.,type:33,class:1,rdata={priority:0,port:389,weight:100,server:atl-ipa-001.example.org.}
DNS validated, enabling discovery
will use discovered server: atl-ipa-001.example.org
Discovery was successful!
will use discovered realm: example.org
will use discovered basedn: dc=example,dc=org
Hostname: rms1.example.org
Hostname source: Machine's FQDN
Realm: example.org
Realm source: Discovered from LDAP DNS records in atl-ipa-001.example.org
DNS Domain: example.org
DNS Domain source: Discovered LDAP SRV records from example.org
IPA Server: atl-ipa-001.example.org
IPA Server source: Discovered from LDAP DNS records in atl-ipa-001.example.org
BaseDN: dc=example,dc=org
BaseDN source: From IPA server ldap://atl-ipa-001.example.org:389
Continue to configure the system with these values? [no]: yes
args=/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r example.org
stdout=
stderr=realm not found
User authorized to enroll computers: admin
will use principal provided as option: admin
Synchronizing time with KDC...
Search DNS for SRV record of _ntp._udp.example.org.
No DNS record found
args=/usr/sbin/ntpdate -U ntp -s -b -v atl-ipa-001.example.org
stdout=
stderr=
args=/usr/sbin/ntpdate -U ntp -s -b -v atl-ipa-001.example.org
stdout=
stderr=
args=/usr/sbin/ntpdate -U ntp -s -b -v atl-ipa-001.example.org
stdout=
stderr=
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Writing Kerberos configuration to /tmp/tmpX2eUdM:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = example.org
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
[realms]
example.org = {
kdc = atl-ipa-001.example.org:88
master_kdc = atl-ipa-001.example.org:88
admin_server = atl-ipa-001.example.org:749
default_domain = example.org
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.example.org = example.org
example.org = example.org
.example.org = example.org
example.org = example.org
Password for admin at example.org:
args=kinit admin at example.org
stdout=Password for admin at example.org:
stderr=
trying to retrieve CA cert via LDAP from ldap://atl-ipa-001.example.org
Existing CA cert and Retrieved CA cert are identical
args=/usr/sbin/ipa-join -s atl-ipa-001.example.org -b dc=example,dc=org -d
stdout=
stderr=XML-RPC CALL:
<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>rms1.example.org</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>2.6.32-358.23.2.el6.x86_64</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>x86_64</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n
* About to connect() to atl-ipa-001.example.org port 443 (#0)
* Trying 2001:630:1:177::98... * Connected to atl-ipa-001.example.org (2001:630:1:177::98) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ipa/ca.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=atl-ipa-001.example.org,O=example.org
* start date: Sep 23 16:55:31 2014 GMT
* expire date: Sep 23 16:55:31 2016 GMT
* common name: atl-ipa-001.example.org
* issuer: CN=Certificate Authority,O=example.org
> POST /ipa/xml HTTP/1.1
Host: atl-ipa-001.example.org
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/3.0.0
Referer: https://atl-ipa-001.example.org/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
Content-Length: 476
< HTTP/1.1 401 Unauthorized
< Date: Tue, 29 Mar 2016 13:05:17 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.19.1 Basic ECC mod_wsgi/3.4 Python/2.7.5
< WWW-Authenticate: Negotiate
< Last-Modified: Thu, 10 Mar 2016 12:37:22 GMT
< Accept-Ranges: bytes
< Content-Length: 1474
< Content-Type: text/html; charset=UTF-8
<
* Ignoring the response-body
* Connection #0 to host atl-ipa-001.example.org left intact
* Issue another request to this URL: 'https://atl-ipa-001.example.org:443/ipa/xml'
* Re-using existing connection! (#0) with host atl-ipa-001.example.org
* Connected to atl-ipa-001.example.org (2001:630:1:177::98) port 443 (#0)
* Server auth using GSS-Negotiate with user ''
> POST /ipa/xml HTTP/1.1
Authorization: Negotiate YIIFAgYJKoZIhvcSAQICAQBuggTxMIIE7aADAgEFoQMCAQ6iBwMFAAAAAACjggFfYYIBWzCCAVegAwIBBaENGwtWSVJULkpBLk5FVKIqMCigAwIBA6EhMB8bBEhUVFAbF2F0bC1pcGEtMDAxLnZpcnQuamEubmV0o4IBEzCCAQ+gAwIBEqEDAgECooIBAQSB/k2UZiys2Grav2w4Pd5Kc8a/z0XZVYEqEeL/j82jLTpD5WAq8hIjdtpzAqpFR/3GDeyPfpW/z4RqAFPCp1B/cvyXCkAyshkaZ9srZdPMp0tqpZUbJkOtosiEz3p//dDlNU1Mbpj5Wz/IXSffSHjpsVVXswraMtc/qG0Cy9MBlUhn1hiNxGe8xDVIIjQ0gtu6aWan4UI6UtIQ7AQB1QPzJfc67y3u2vTdWS6s0wjhD0JI3+Fifzgm3uM0upO0pG7nxxkdzniTWqymgzsh8JIRFjb5yqw80Tr4SdRvNyjbqojZ6dOVa8cbv8/R2NkO+QB1R+Pm8S5IK+AhfVcvO51KpIIDczCCA2+gAwIBEqKCA2YEggNir5X7ay33SZaMMbBoWyXEasUeGtwCkSJE9zUdA5I8Q9MsOzsdrriY9ZT8tHO5xZxyZpq9iaTFpOBlkn+Np2vXkQ8Wbj1j3rDyeDPiR/qQKVm/obBdxUcfBHHXX9H4lhydsMpGQjgSwTUZmLb4yoMxXOWMLjoMq8W9CN2l+MITjBd/P6rWbcG1sagFE6B9chSJLXNHCnBE39e1BXWLSIRZ1e0bK+v1Wzqw98QPRv/KkJoKAM17KuTOci/hQ60iDrOGrFL0k5iAl1o+AvYorloKXa5Iup1KlOA6q1tkloI+5/eJciEdTQDq7uiRQnKvQucEE8S0Rh2G5MQXgvzE8daRUrQ410adwHe+eUKCslVTQSeZ+NA+Y5Vhgj4aIHLcyZ60940gA+uL/sItPFqZCT7/uB/NOlsFaSHU5WITvj4ZnNpL2wbd0Jc/+PKUgrz9ZHKAUtTXeaHP8YsfJ8OGoWScntwG6cCgZRE3JcLyg+Lo1N/1cHFf0+04uRPx19oxzTeu5JqkLkPqZOiSFOUIltJG7xov0aBYStFUOchuDMQDhZqC6603OuF7uZR6MrHfXK/MtxMPbX6FY7VapDp2CTmKFa80x8b7wCe0xhXgCkjUny5H8/aYha5QHMXUY9tSh/kb+q1f885cWRlS3Y5DIL80ypu1x/Bs4fEOHRdk8qrmXRduRyZi0+oPHVh8WFqjtfxpzscBFinF0awzLmK56byh7pLt3XD0gjabqDV54ALz0IbeH60woeSJW7aLmuSz0qFHFBlRUnTnYMN0dt75f+9BT3DvMq02VGGUkDwb5JsZHBBKQJa748QrZ//RGV5JnJfxj1MlHPSGZnMlKNq4VaPMT2g3H6iLtNsE0E+HlcY987BXDEWgZOfT77Z+MCTf6Ztt8MMK+lKlQOKmM9ISMsJdvgrSywdkCy2ZK7phJqu+GNH38GRjAZMESslJGJxaq/5QjAn4ylCWzm83eOmS1HG/+oRgwUP49QisyBVYuurFVICjaTxNsTaFIiWkpRL/iStUW6D/ULRpS70pB+nNonna4FOus+73YXTA5LohGwYLodAykHv5juxj70LYvvxMDwGjV4Tdx8wAZZjIZw+fR7+rfMqnrnAtZjyO2hjqoy2sgqCyLL3RJtiJXCIeWQWaKSOAXrc=
Host: atl-ipa-001.example.org
Accept: */*
Content-Type: text/xml
User-Agent: ipa-join/3.0.0
Referer: https://atl-ipa-001.example.org/ipa/xml
X-Original-User-Agent: Xmlrpc-c/1.16.24 Curl/1.1.1
Content-Length: 476
< HTTP/1.1 200 Success
< Date: Tue, 29 Mar 2016 13:05:17 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.3.1 mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.19.1 Basic ECC mod_wsgi/3.4 Python/2.7.5
* Added cookie ipa_session="d92ff3c8a2e52ba19450e4d607b495b2" for domain atl-ipa-001.example.org, path /ipa, expire 1459257920
< Set-Cookie: ipa_session=d92ff3c8a2e52ba19450e4d607b495b2; Domain=atl-ipa-001.example.org; Path=/ipa; Expires=Tue, 29 Mar 2016 13:25:20 GMT; Secure; HttpOnly
< Vary: Accept-Encoding
< Content-Length: 2763
< Content-Type: text/xml; charset=utf-8
<
* Expire cleared
* Connection #0 to host atl-ipa-001.example.org left intact
XML-RPC RESPONSE:
<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=rms1.example.org,cn=computers,cn=accounts,dc=example,dc=org</string></value>\n
<value><struct>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=rms1.example.org,cn=computers,cn=accounts,dc=example,dc=org</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAIre/pWaG9zdC9ybXMxLmRldi5qYS5uZXRAVklSVC5KQS5ORVQA\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>rms1.example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaSshGroupOfPubKeys</string></value>\n
<value><string>ipaobject</string></value>\n
<value><string>ieee802device</string></value>\n
<value><string>nshost</string></value>\n
<value><string>top</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>ipasshhost</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbokasdelegate</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>rms1.example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>rms1.example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>has_password</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>76cdb40e-f5ad-11e5-a8ad-005056b12d16</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/rms1.example.org at example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>rms1.example.org</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>rms1</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>admin</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>ipakrbrequirespreauth</name>\n
<value><boolean>1</boolean></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=example.org
Enrolled in IPA realm example.org
args=kdestroy
stdout=
stderr=
Attempting to get host TGT...
args=/usr/bin/kinit -k -t /etc/krb5.keytab host/rms1.example.org at example.org
stdout=
stderr=
Attempt 1/5 succeeded.
Backing up system configuration file '/etc/ipa/default.conf'
-> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
args=klist -V
stdout=Kerberos 5 version 1.10.3
stderr=
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
Backing up system configuration file '/etc/sssd/sssd.conf'
-> Not backing up - '/etc/sssd/sssd.conf' doesn't exist
New SSSD config will be created
Backing up system configuration file '/etc/nsswitch.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
stdout=
stderr=
Backing up system configuration file '/etc/krb5.conf'
Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = example.org
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
[realms]
example.org = {
kdc = atl-ipa-001.example.org:88
master_kdc = atl-ipa-001.example.org:88
admin_server = atl-ipa-001.example.org:749
default_domain = example.org
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.example.org = example.org
example.org = example.org
.example.org = example.org
example.org = example.org
Configured /etc/krb5.conf for IPA realm example.org
args=keyctl search @s user ipa_session_cookie:host/rms1.example.org at example.org
stdout=
stderr=keyctl_search: Required key not available
args=keyctl search @s user ipa_session_cookie:host/rms1.example.org at example.org
stdout=
stderr=keyctl_search: Required key not available
failed to find session_cookie in persistent storage for principal 'host/rms1.example.org at example.org'
trying https://atl-ipa-001.example.org/ipa/xml
NSSConnection init atl-ipa-001.example.org
Connecting: [2001:630:1:177::98]:0
Failed to set TLS range to tls1.0, tls1.2
Could not connect socket to [2001:630:1:177::98]:443, error: (SSL_ERROR_INVALID_VERSION_RANGE) SSL version range is not valid.
Try to continue with next family...
Connecting: 193.63.72.98:0
Failed to set TLS range to tls1.0, tls1.2
Could not connect socket to 193.63.72.98:443, error: (SSL_ERROR_INVALID_VERSION_RANGE) SSL version range is not valid.
Try to continue with next family...
Connection to https://atl-ipa-001.example.org/ipa/xml failed with NSPRError() argument 1 must be string or None, not int
trying https://swi-ipa-001.example.org/ipa/xml
NSSConnection init swi-ipa-001.example.org
Connection to https://swi-ipa-001.example.org/ipa/xml failed with (SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.
Cannot connect to the server due to generic error: cannot connect to Gettext('any of the configured servers', domain='ipa', localedir=None): https://atl-ipa-001.example.org/ipa/xml, https://swi-ipa-001.example.org/ipa/xml
Installation failed. Force set so not rolling back changes.
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the Freeipa-users
mailing list