freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00089
[Bug 997990] Re: fail joining to a freeipa server with ipa-client-install
I have removed use_authtok from the sss file but there must be something wrong because I can't still change the password. I have followed the instructions here https://fedoraproject.org/wiki/How_to_debug_SSSD_problems to enable sssd_pam debug and it seems to be doing the same thing:
(Tue May 15 10:31:07 2012) [sssd[pam]] [accept_fd_handler] (0x0100): Client connected!
(Tue May 15 10:31:07 2012) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
(Tue May 15 10:31:07 2012) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_cmd_chauthtok_prelim] (0x0100): entering pam_cmd_chauthtok_prelim
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CHAUTHTOK_PRELIM
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): domain: (null)
(Tue May 15 10:31:07 2012) [sssd[pam]] [pam_print_data] (0x0100): user: pmilvaques
perhaps some other option must be changed in another place. installing
libpam-cracklib didn't solve the problem also
the gdm integration problem was that when I tried to login to the system de display manager didn't let me choose other user apart from the local users of the system. this seems to be an ubuntu design decision which can be changed following the steps indicated here:
http://www.tejasbarot.com/2012/04/30/howto-other-login-option-on-login-screen-ubuntu-12-04-lts-precise-pangolin/
it would be nice that when joining a domain this would be automatically
changed because it's a bit obscure to find and if not done only lets the
system to be used in terminal mode
the solution of using networked homedirectories it's ok for me although
it would be good to have it solved
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/997990
Title:
fail joining to a freeipa server with ipa-client-install
Status in FreeIPA packaging for Ubuntu:
New
Status in “freeipa” package in Ubuntu:
New
Bug description:
I try to join a freeipa domain and it seems there is some problem with the tls negotiacion. this is the log:
pasqual@ubuntuprovesfreeipa:~$ sudo ipa-client-install -d --enable-dns-updates
[sudo] password for pasqual:
root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': True, 'preserve_sssd': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
root : DEBUG [ipadnssearchldap(linux.gva.es)]
root : DEBUG [ipadnssearchldap(gva.es)]
root : DEBUG [ipadnssearchldap(es)]
root : DEBUG [ipadnssearchldap(linux.gva.es)]
root : DEBUG [ipadnssearchldap(gva.es)]
root : DEBUG [ipadnssearchldap(es)]
root : DEBUG Domain not found
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com): linux.gva.es
root : DEBUG will use domain: linux.gva.es
root : DEBUG [ipadnssearchldap]
root : DEBUG IPA Server not found
DNS discovery failed to find the IPA Server
Provide your IPA server name (ex: ipa.example.com): freeipaserver.linux.gva.es
root : DEBUG will use server: freeipaserver.linux.gva.es
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmpWptXwb/ca.crt -T 15 -t 2 http://freeipaserver.linux.gva.es/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2012-05-11 12:06:09-- http://freeipaserver.linux.gva.es/ipa/config/ca.crt
Resolent freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)... 192.168.222.99
S'està connectant a freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)|192.168.222.99|:80... conectat.
HTTP: Petició enviada, esperant resposta... 200 OK
Longitud: 1325 (1.3K) [application/x-x509-ca-cert]
S'està desant a: «/tmp/tmpWptXwb/ca.crt»
0K . 100%
38.4M=0s
2012-05-11 12:06:09 (38.4 MB/s) - s'ha desat «/tmp/tmpWptXwb/ca.crt»
[1325/1325]
root : DEBUG Init ldap with: ldap://freeipaserver.linux.gva.es:389
root : ERROR LDAP Error: Connect error: A TLS packet with unexpected length was received.
Failed to verify that freeipaserver.linux.gva.es is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
pasqual@ubuntuprovesfreeipa:~$
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: freeipa-client 2.1.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14
Uname: Linux 3.2.0-24-generic-pae i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Fri May 11 12:07:16 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
SourcePackage: freeipa
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/freeipa/+bug/997990/+subscriptions
References