← Back to team overview

ubuntu-389-directory-server team mailing list archive

[Bug 1769631] Comment bridged from LTC Bugzilla

 

------- Comment From ryoung1@xxxxxxxxxx 2018-11-14 21:40 EDT-------
Sorry, I have not had time to get back to this one yet.

The suggestion was to setup 389 manually.  However there is no
documentation that I found on how to setup 389 manually to be used by
FreeIPA.

The "setup" is part of the freeipa provided scripts.  The instructions I
find all say to run the freeipa scripts that set everything up for you
automatically.

-- 
You received this bug notification because you are a member of Ubuntu
389 Directory Server, which is subscribed to 389-ds-base in Ubuntu.
https://bugs.launchpad.net/bugs/1769631

Title:
  freeipa-server installation/configuration problem on s390x

Status in Ubuntu on IBM z Systems:
  Expired
Status in 389-ds-base package in Ubuntu:
  Incomplete

Bug description:
  Problem desctriptin for following already Fix Releaed Bug:
  https://bugzilla.linux.ibm.com/show_bug.cgi?id=166796
  https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1764744

  The package is still failing to configure

  root@fipas1:~# ipa-server-install --allow-zone-overlap

  The log file for this installation can be found in /var/log/ipaserver-install.log
  ==============================================================================
  This program will set up the FreeIPA Server.

  This includes:
    * Configure a stand-alone CA (dogtag) for certificate management
    * Configure the NTP client (chronyd)
    * Create and configure an instance of Directory Server
    * Create and configure a Kerberos Key Distribution Center (KDC)
    * Configure Apache (httpd)
    * Configure the KDC to enable PKINIT

  To accept the default shown in brackets, press the Enter key.

  WARNING: conflicting time&date synchronization service 'ntp' will be disabled
  in favor of chronyd

  Do you want to configure integrated DNS (BIND)? [no]: yes

  Enter the fully qualified domain name of the computer
  on which you're setting up server software. Using the form
  <hostname>.<domainname>
  Example: master.example.com.

  
  Server host name [fipas1.rgy.net]: 

  Warning: skipping DNS resolution of host fipas1.rgy.net
  The domain name has been determined based on the host name.

  Please confirm the domain name [rgy.net]:

  The kerberos protocol requires a Realm name to be defined.
  This is typically the domain name converted to uppercase.

  Please provide a realm name [RGY.NET]: 
  Certain directory server operations require an administrative user.
  This user is referred to as the Directory Manager and has full access
  to the Directory for system management tasks and will be added to the
  instance of directory server created for IPA.
  The password must be at least 8 characters long.

  Directory Manager password: 
  Password (confirm): 

  The IPA server requires an administrative user, named 'admin'.
  This user is a regular system account used for IPA server administration.

  IPA admin password: 
  Password (confirm): 

  Checking DNS domain rgy.net., please wait ...
  Do you want to configure DNS forwarders? [yes]: no
  No DNS forwarders configured
  Do you want to search for missing reverse zones? [yes]: no

  The IPA Master Server will be configured with:
  Hostname:       fipas1.rgy.net
  IP address(es): 192.168.122.50
  Domain name:    rgy.net
  Realm name:     RGY.NET

  The CA will be configured with:
  Subject DN:   CN=Certificate Authority,O=RGY.NET
  Subject base: O=RGY.NET
  Chaining:     self-signed

  BIND DNS server will be configured to serve IPA domain with:
  Forwarders:       No forwarders
  Forward policy:   only
  Reverse zone(s):  No reverse zone

  Continue to configure the system with these values? [no]: yes

  The following operations may take some minutes to complete.
  Please wait until the prompt is returned.

  Synchronizing time
  Using default chrony configuration.
  Time synchronization was successful.
  Configuring directory server (dirsrv). Estimated time: 30 seconds
    [1/44]: creating directory server instance
    [2/44]: enabling ldapi
    [3/44]: configure autobind for root
    [4/44]: stopping directory server
    [5/44]: updating configuration in dse.ldif
    [6/44]: starting directory server
    [error] ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
  ipapython.admintool: ERROR    Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
  ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
  root@fipas1:~# 

  
  I had run an apt update in advance of installing freeipa and after adding the canonical staging repository

  
  root@fipas1:~# apt update
  Hit:1 http://ppa.launchpad.net/canonical-x/x-staging/ubuntu bionic InRelease
  Hit:2 http://ports.ubuntu.com/ubuntu-ports bionic InRelease   
  Hit:3 http://ports.ubuntu.com/ubuntu-ports bionic-updates InRelease
  Hit:4 http://ports.ubuntu.com/ubuntu-ports bionic-backports InRelease
  Hit:5 http://ports.ubuntu.com/ubuntu-ports bionic-security InRelease
  Reading package lists... Done
  Building dependency tree       
  Reading state information... Done
  All packages are up to date.
  root@fipas1:~# 

  
  End of the install log contains

  2018-04-26T14:31:25Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@RGY-NET.service']
  2018-04-26T14:31:25Z DEBUG Process finished, return code=0
  2018-04-26T14:31:25Z DEBUG stdout=active

  2018-04-26T14:31:25Z DEBUG stderr=
  2018-04-26T14:31:25Z DEBUG wait_for_open_ports: localhost [389] timeout 300
  2018-04-26T14:31:25Z DEBUG waiting for port: 389
  2018-04-26T14:31:25Z DEBUG SUCCESS: port: 389
  2018-04-26T14:31:25Z DEBUG Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
      run_step(full_msg, method)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
      method()
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 669, in __start_instance
      self.start(self.serverid)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 644, in start
      api.Backend.ldap2.connect()
    File "/usr/lib/python2.7/dist-packages/ipalib/backend.py", line 69, in connect
      conn = self.create_connection(*args, **kw)
    File "/usr/lib/python2.7/dist-packages/ipaserver/plugins/ldap2.py", line 179, in create_connection
      client_controls=clientctrls)
    File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1153, in external_bind
      '', auth_tokens, server_controls, client_controls)
    File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
      self.gen.throw(type, value, traceback)
    File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1066, in error_handler
      raise errors.ACIError(info='%s (%s)' % (info,desc))
  ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)

  2018-04-26T14:31:25Z DEBUG   [error] ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
  2018-04-26T14:31:25Z DEBUG   File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in execute
      return_value = self.run()
    File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 319, in run
      return cfgr.run()
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 364, in run
      return self.execute()
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 389, in execute
      for rval in self._executor():
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner
      exc_handler(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
      self._handle_exception(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
      six.reraise(*exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner
      step()
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda>
      step = lambda: next(self.__gen)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
      six.reraise(*exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
      value = gen.send(prev_value)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 658, in _configure
      next(executor)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 434, in __runner
      exc_handler(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
      self._handle_exception(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 521, in _handle_exception
      self.__parent._handle_exception(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
      six.reraise(*exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 518, in _handle_exception
      super(ComponentBase, self)._handle_exception(exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 453, in _handle_exception
      six.reraise(*exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 424, in __runner
      step()
    File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 421, in <lambda>
      step = lambda: next(self.__gen)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
      six.reraise(*exc_info)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
      value = gen.send(prev_value)
    File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 65, in _install
      for unused in self._installer(self.parent):
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/__init__.py", line 581, in main
      master_install(self)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 252, in decorated
      func(installer)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 800, in install
      setup_pkinit=not options.no_pkinit)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 345, in create_instance
      self.start_creation(runtime=30)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
      run_step(full_msg, method)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
      method()
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 669, in __start_instance
      self.start(self.serverid)
    File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py", line 644, in start
      api.Backend.ldap2.connect()
    File "/usr/lib/python2.7/dist-packages/ipalib/backend.py", line 69, in connect
      conn = self.create_connection(*args, **kw)
    File "/usr/lib/python2.7/dist-packages/ipaserver/plugins/ldap2.py", line 179, in create_connection
      client_controls=clientctrls)
    File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1153, in external_bind
      '', auth_tokens, server_controls, client_controls)
    File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
      self.gen.throw(type, value, traceback)
    File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1066, in error_handler
      raise errors.ACIError(info='%s (%s)' % (info,desc))

  2018-04-26T14:31:25Z DEBUG The ipa-server-install command failed, exception: ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
  2018-04-26T14:31:25Z ERROR Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
  2018-04-26T14:31:25Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
  root@fipas1:~# 

  
  Suggestions?

  [reply] [-]
  Comment 19 bugproxy bugproxy 2018-05-02 03:18:57 CDT

  ### External Comment ###
          

  ------- Comment From frank-heimes 2018-05-02 13:25:26 UTC-------
  Please could you attach the logs like the /var/log/syslog as well as the ipa install log:
  /var/log/ipaserver-install.log
  and in case available any other ipa related logs, too - means: /var/log/ipa*

  And also share how the content of the folder: ls -la /etc/ipa/

  Thx

  [reply] [-]
  Comment 20 Richard G. Young 2018-05-02 08:49:59 CDT

  
  free IPA install failure logs

  
  Requested logs attached in TAR

  Add Comment

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1769631/+subscriptions