freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00591
[Bug 1764744] Re: Support of freeipa-server for s390x
------- Comment From heinz-werner_seeck@xxxxxxxxxx 2018-04-17 10:55 EDT-------
Changed target milestone to 18.04
------- Comment From ryoung1@xxxxxxxxxx 2018-04-17 10:59 EDT-------
I had tried first, freeipa with bionic beta2/final, however new s390x freeipa server binary was found
root@lbskvm3:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Bionic Beaver (development branch)
Release: 18.04
Codename: bionic
root@lbskvm3:~# uname -a
Linux lbskvm3 4.15.0-13-generic #14-Ubuntu SMP Sat Mar 17 13:42:52 UTC 2018 s390x s390x s390x GNU/Linux
root@lbskvm3:~# apt-cache search freeipa
libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
python3-sss - Python3 module for the System Security Services Daemon
sssd - System Security Services Daemon -- metapackage
sssd-common - System Security Services Daemon -- common files
sssd-tools - System Security Services Daemon -- tools
python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
python-sss - Python module for the System Security Services Daemon
python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
root@lbskvm3:~#
** Tags removed: targetmilestone-inin1604
** Tags added: targetmilestone-inin1804
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1764744
Title:
Support of freeipa-server for s390x
Status in Ubuntu on IBM z Systems:
Triaged
Status in freeipa package in Ubuntu:
Triaged
Bug description:
freeipa fails to configure on s390x. (Configuration being handled by
the freeipa-server-install script) This script has two failure
points. The first is below:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1600634
describes a known bug but it was only resolved for x86_64.
In the falling scenario the install log will have entries like the
following:
2018-04-10T18:53:01Z DEBUG nsslapd-pluginenabled:
2018-04-10T18:53:01Z DEBUG on
2018-04-10T18:53:01Z DEBUG nsslapd-pluginpath:
2018-04-10T18:53:01Z DEBUG /usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so
2018-04-10T18:53:01Z DEBUG nsslapd-pluginversion:
2018-04-10T18:53:01Z DEBUG 0.8
Obviously on s390x /usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so will never be found.
Now if I create a symbolic link with the above name that is linked to
the same location but with s390x where x86_64 is located, the install
will proceed past this failing location.
The second failure point in the freeipa-server-install script is near
the end, after the script has completed the freeipa-server-install and
where it attempts to install the freeipa-client. The client install
appears to fail because of a problem with certificates related to the
server install.
2018-04-17T12:14:59Z ERROR Cannot connect to the server due to generic
error: Insufficient access: SASL(-4): no mechanism available: No
worthy mechs found (Unknown authentication method)
The above appears to be related to an issue with the key database
# certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
# ipa cert-show 1
ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
# ipa user-add
First name: Richard
>>> First name: Leading and trailing spaces are not allowed
First name: Richard
Last name: Young
User login [ryoung]: ryoung1
ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1764744/+subscriptions