← Back to team overview

freeipa team mailing list archive

[Bug 1764744] Re: Support of freeipa-server for s390x

 

------- Comment From heinz-werner_seeck@xxxxxxxxxx 2018-04-17 10:55 EDT-------
Changed target milestone to 18.04

------- Comment From ryoung1@xxxxxxxxxx 2018-04-17 10:59 EDT-------
I had tried first, freeipa with bionic beta2/final, however new s390x freeipa server binary was found

root@lbskvm3:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu Bionic Beaver (development branch)
Release:	18.04
Codename:	bionic

root@lbskvm3:~# uname -a
Linux lbskvm3 4.15.0-13-generic #14-Ubuntu SMP Sat Mar 17 13:42:52 UTC 2018 s390x s390x s390x GNU/Linux

root@lbskvm3:~# apt-cache search freeipa
libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
python3-sss - Python3 module for the System Security Services Daemon
sssd - System Security Services Daemon -- metapackage
sssd-common - System Security Services Daemon -- common files
sssd-tools - System Security Services Daemon -- tools
python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
python-sss - Python module for the System Security Services Daemon
python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
root@lbskvm3:~#

** Tags removed: targetmilestone-inin1604
** Tags added: targetmilestone-inin1804

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1764744

Title:
  Support of freeipa-server for s390x

Status in Ubuntu on IBM z Systems:
  Triaged
Status in freeipa package in Ubuntu:
  Triaged

Bug description:
  freeipa fails to configure on s390x.   (Configuration being handled by
  the freeipa-server-install script)    This script has two failure
  points.   The first is below:

  https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1600634
  describes a known bug but it was only resolved for x86_64.

  In the falling scenario the install log will have entries like the
  following:

  2018-04-10T18:53:01Z DEBUG nsslapd-pluginenabled:
  2018-04-10T18:53:01Z DEBUG      on
  2018-04-10T18:53:01Z DEBUG nsslapd-pluginpath:
  2018-04-10T18:53:01Z DEBUG      /usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so
  2018-04-10T18:53:01Z DEBUG nsslapd-pluginversion:
  2018-04-10T18:53:01Z DEBUG      0.8

  
  Obviously on s390x /usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so will never be found.

  Now if I create a symbolic link with the above name that is linked to
  the same location but with s390x where x86_64 is located, the install
  will proceed past this failing location.

  The second failure point in the freeipa-server-install script is near
  the end, after the script has completed the freeipa-server-install and
  where it attempts to install the freeipa-client.  The client install
  appears to fail because of a problem with certificates related to the
  server install.

  2018-04-17T12:14:59Z ERROR Cannot connect to the server due to generic
  error: Insufficient access: SASL(-4): no mechanism available: No
  worthy mechs found (Unknown authentication method)

  The above appears to be related to an issue with the key database

  # certutil -L
  certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

  # ipa cert-show 1
  ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

  # ipa user-add 
  First name: Richard 
  >>> First name: Leading and trailing spaces are not allowed
  First name: Richard
  Last name: Young
  User login [ryoung]: ryoung1
  ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1764744/+subscriptions