← Back to team overview

freeipa team mailing list archive

[Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

 

I have removed use_authtok from the sss file but there must be something wrong because I can't still change the password. I have followed the instructions here https://fedoraproject.org/wiki/How_to_debug_SSSD_problems to enable sssd_pam debug and it seems to be doing the same thing:
(Tue May 15 10:31:07 2012) [sssd[pam]] [accept_fd_handler] (0x0100): Client connected!
(Tue May 15 10:31:07 2012) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
(Tue May 15 10:31:07 2012) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_cmd_chauthtok_prelim] (0x0100): entering pam_cmd_chauthtok_prelim
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CHAUTHTOK_PRELIM
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): domain: (null)
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): user: pmilvaques

perhaps some other option must be changed in another place. installing
libpam-cracklib didn't solve the problem also

the gdm integration problem was that when I tried to login to the system de display manager didn't let me choose other user apart from the local users of the system. this seems to be an ubuntu design decision which can be changed following the steps indicated here:
http://www.tejasbarot.com/2012/04/30/howto-other-login-option-on-login-screen-ubuntu-12-04-lts-precise-pangolin/

it would be nice that when joining a domain this would be automatically
changed because it's a bit obscure to find and if not done only lets the
system to be used in terminal mode

the solution of using networked homedirectories it's ok for me although
it would be good to have it solved

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/997990

Title:
  fail joining to a freeipa server with ipa-client-install

Status in FreeIPA packaging for Ubuntu:
  New
Status in “freeipa” package in Ubuntu:
  New

Bug description:
  I try to join a freeipa domain and it seems there is some problem with the tls negotiacion. this is the log:
  pasqual@ubuntuprovesfreeipa:~$ sudo ipa-client-install -d --enable-dns-updates
  [sudo] password for pasqual: 
  root        : DEBUG    /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': True, 'preserve_sssd': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None}
  root        : DEBUG    missing options might be asked for interactively later

  root        : DEBUG    Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
  root        : DEBUG    Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
  root        : DEBUG    [ipadnssearchldap(linux.gva.es)]
  root        : DEBUG    [ipadnssearchldap(gva.es)]
  root        : DEBUG    [ipadnssearchldap(es)]
  root        : DEBUG    [ipadnssearchldap(linux.gva.es)]
  root        : DEBUG    [ipadnssearchldap(gva.es)]
  root        : DEBUG    [ipadnssearchldap(es)]
  root        : DEBUG    Domain not found
  DNS discovery failed to determine your DNS domain
  Provide the domain name of your IPA server (ex: example.com): linux.gva.es
  root        : DEBUG    will use domain: linux.gva.es

  root        : DEBUG    [ipadnssearchldap]
  root        : DEBUG    IPA Server not found
  DNS discovery failed to find the IPA Server
  Provide your IPA server name (ex: ipa.example.com): freeipaserver.linux.gva.es
  root        : DEBUG    will use server: freeipaserver.linux.gva.es

  root        : DEBUG    [ipadnssearchkrb]
  root        : DEBUG    [ipacheckldap]
  root        : DEBUG    args=/usr/bin/wget -O /tmp/tmpWptXwb/ca.crt -T 15 -t 2 http://freeipaserver.linux.gva.es/ipa/config/ca.crt
  root        : DEBUG    stdout=
  root        : DEBUG    stderr=--2012-05-11 12:06:09--  http://freeipaserver.linux.gva.es/ipa/config/ca.crt
  Resolent freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)... 192.168.222.99
  S'està connectant a freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)|192.168.222.99|:80... conectat.
  HTTP: Petició enviada, esperant resposta... 200 OK
  Longitud: 1325 (1.3K) [application/x-x509-ca-cert]
  S'està desant a: «/tmp/tmpWptXwb/ca.crt»

       0K .                                                     100%
  38.4M=0s

  2012-05-11 12:06:09 (38.4 MB/s) - s'ha desat «/tmp/tmpWptXwb/ca.crt»
  [1325/1325]

  
  root        : DEBUG    Init ldap with: ldap://freeipaserver.linux.gva.es:389
  root        : ERROR    LDAP Error: Connect error: A TLS packet with unexpected length was received.
  Failed to verify that freeipaserver.linux.gva.es is an IPA Server.
  This may mean that the remote server is not up or is not reachable
  due to network or firewall settings.
  Installation failed. Rolling back changes.
  IPA client is not configured on this system.
  pasqual@ubuntuprovesfreeipa:~$

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: freeipa-client 2.1.4-0ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14
  Uname: Linux 3.2.0-24-generic-pae i686
  ApportVersion: 2.0.1-0ubuntu7
  Architecture: i386
  Date: Fri May 11 12:07:16 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
  SourcePackage: freeipa
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/freeipa/+bug/997990/+subscriptions


References