[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] version mismatch while joining a client ?



Hi,

Well the hostname itself isnt there, but thats normal with dhcp'd workstations?

I thought it looked at /etc/sysconfig/network ?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten redhat com]
Sent: Friday, 5 August 2011 2:49 p.m.
To: Steven Jones
Cc: freeipa-users redhat com
Subject: Re: [Freeipa-users] version mismatch while joining a client ?

Steven Jones wrote:
> I already included the krb5kdc log

This sticks out. Can you check /etc/hosts on that client.

ldap/localhost UNIX VUW AC NZ, Server not found in Kerberos database

>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rob Crittenden [rcritten redhat com]
> Sent: Friday, 5 August 2011 10:11 a.m.
> To: Steven Jones
> Cc: freeipa-users redhat com
> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>
> Steven Jones wrote:
>> Hi,
>>
>> Trying with two rhel61-64bit-clones "04" and "05"....
>>
>> They should give the same failures? but are not?......confused, 04 (the first clone has 1/2 joined as its in IPA, but it doesnt say "enrolled and a date", 05 failed totally.
>
> 04 is failing because it apparently still has an updated libcurl. It is
> getting a 500 error back. The installation continues because you had the
> --force flag. This means it proceeds on errors, so it tried to set
> things up but since it didn't get a keytab sssd can't authenticate.
>
> 05 actually enrolled successfully but was unable to retrieve a keytab.
> You can try running ipa-getkeytab from the command-line again. To do
> this you'll need to copy a krb5.conf from a working system (say the IPA
> server.
>
> # kinit admin
> # ipa-getkeytab -s vuwunicoipamt01.unix.vuw.ac.nz -k /etc/krb5.keytab -p
> host/rhel61-64cl04 unix vuw ac nz UNIX VUW AC NZ
>
> You may also want to look at the krb5kdc.log and the 389-ds access log,
> they may hold clues as well.
>
>>
>> I know Im short on sleep but I really don't understand what's going on here and why its so hard to make basic stuff work.
>>
>> :/
>>
>> I have included the logs off each, logs off the IPA  server and out's from the attempt to join. from each guest.  Anything else needed?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: freeipa-users-bounces redhat com [freeipa-users-bounces redhat com] on behalf of Steven Jones [Steven Jones vuw ac nz]
>> Sent: Friday, 5 August 2011 8:42 a.m.
>> To: Rob Crittenden
>> Cc: freeipa-users redhat com
>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>
>> Hi,
>>
>> Yes the first is F15.
>>
>> I am halting all the AD machines I will retry without the --force first to test this, when I built IPA originally there was no AD to conflict.
>>
>> However its plain weird because the RHEL6.1 client points to the IPA server for DNS.
>>
>> I will get back to you.
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: Rob Crittenden [rcritten redhat com]
>> Sent: Friday, 5 August 2011 1:24 a.m.
>> To: Steven Jones
>> Cc: freeipa-users redhat com
>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>
>> Steven Jones wrote:
>>> Hi,
>>>
>>> I have also done this on a new f15 client and it also fails.
>>>
>>> But its saying,
>>>
>>> 500 and not 401 which is the rhel6.1 failure.
>>>
>>> "HTTP response code is 401, not 200"  == RHEL61
>>> "HTTP response code is 500, not 200" == FED15
>>
>> Assuming that the Fedora 15 client is 130.195.53.109 that I had seen in
>> a previous log it has a libcurl that does not do ticket delegation.
>>
>> 500 is an HTTP server error, we assume a principal will be there and it
>> isn't and things blow up (this is handled more gracefully in our dev tree).
>>
>> 401 is a HTTP authorization error, the user provide is now allowed to
>> access the server. I'm guessing this is because the client is using the
>> wrong kerberos server. We have this addressed too in the dev tree, we
>> disable dns lookups in krb5.conf. In the meantime --force should make it
>> use the info you provide.
>>
>> rob
>>
>>
>>>
>>>
>>> ==============
>>> more fed15-install-error
>>> [root fed15-64-ws02 ~]# ipa-client-install --mkhomedir --server vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
>>> root        : DEBUG    /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz'
>>> , 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw.
>>> ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server'
>>> : None, 'mkhomedir': True, 'unattended': None, 'principal': None}
>>> root        : DEBUG    missing options might be asked for interactively later
>>>
>>> root        : DEBUG    Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>>> root        : DEBUG    [ipacheckldap]
>>> root        : DEBUG    args=/usr/bin/wget -O /tmp/tmpsyC9Zx/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=--2011-08-03 15:18:07--  http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: “/tmp/tmpsyC9Zx/ca.crt”
>>>
>>>         0K                                                       100%  111M=0s
>>>
>>> 2011-08-03 15:18:07 (111 MB/s) - “/tmp/tmpsyC9Zx/ca.crt” saved [779/779]
>>>
>>>
>>> root        : DEBUG    Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
>>> root        : DEBUG    Search rootdse
>>> root        : DEBUG    Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base)
>>> root        : DEBUG    Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainOb
>>> ject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': [
>>> 'unix.vuw.ac.nz']})]
>>> root        : DEBUG    Search for (objectClass=krbRealmContainer) in dc=unix,dc=vuw,dc=ac,dc=nz(sub)
>>> root        : DEBUG    Found: [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees': ['dc=unix,dc=vu
>>> w,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hma
>>> c-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScop
>>> e': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special
>>> ', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal'
>>> , 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMax
>>> RenewableAge': ['604800']})]
>>> root        : DEBUG    will use domain: unix.vuw.ac.nz
>>>
>>> root        : DEBUG    will use server: vuwunicoipamt01.unix.vuw.ac.nz
>>>
>>> Discovery was successful!
>>> root        : DEBUG    will use cli_realm: UNIX.VUW.AC.NZ
>>>
>>> root        : DEBUG    will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>> Hostname: fed15-64-ws02.unix.vuw.ac.nz
>>> Realm: UNIX.VUW.AC.NZ
>>> DNS Domain: unix.vuw.ac.nz
>>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
>>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> Enrollment principal: admin
>>> root        : DEBUG    will use principal: admin
>>>
>>> root        : DEBUG    args=/usr/bin/wget -O /etc/ipa/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=--2011-08-03 15:18:12--  http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: “/etc/ipa/ca.crt”
>>>
>>>         0K                                                       100%  112M=0s
>>>
>>> 2011-08-03 15:18:12 (112 MB/s) - “/etc/ipa/ca.crt” saved [779/779]
>>>
>>>
>>> root        : DEBUG    Writing Kerberos configuration to /tmp/tmpiFqnW9:
>>> #File modified by ipa-client-install
>>>
>>> [libdefaults]
>>>      default_realm = UNIX.VUW.AC.NZ
>>>      dns_lookup_realm = true
>>>      dns_lookup_kdc = true
>>>      rdns = false
>>>      ticket_lifetime = 24h
>>>      forwardable = yes
>>>
>>> [realms]
>>>      UNIX.VUW.AC.NZ = {
>>>        pkinit_anchors = FILE:/etc/ipa/ca.crt
>>>      }
>>>
>>> [domain_realm]
>>>      .unix.vuw.ac.nz = UNIX.VUW.AC.NZ
>>>      unix.vuw.ac.nz = UNIX.VUW.AC.NZ
>>>
>>> [appdefaults]
>>>      pam = {
>>>        debug = false
>>>        ticket_lifetime = 36000
>>>        renew_lifetime = 36000
>>>        forwardable = true
>>>        krb4_convert = false
>>>      }
>>>
>>> Password for admin UNIX VUW AC NZ:
>>> root        : DEBUG    args=kinit admin UNIX VUW AC NZ
>>> root        : DEBUG    stdout=Password for admin UNIX VUW AC NZ:
>>>
>>> root        : DEBUG    stderr=
>>>
>>> root        : DEBUG    args=/usr/sbin/ipa-join -s vuwunicoipamt01.unix.vuw.ac.nz -d
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=XML-RPC CALL:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>\r\n
>>> <methodCall>\r\n
>>> <methodName>join</methodName>\r\n
>>> <params>\r\n
>>> <param><value><array><data>\r\n
>>> <value><string>fed15-64-ws02.unix.vuw.ac.nz</string></value>\r\n
>>> </data></array></value></param>\r\n
>>> <param><value><struct>\r\n
>>> <member><name>nsosversion</name>\r\n
>>> <value><string>2.6.38.6-26.rc1.fc15.x86_64</string></value></member>\r\n
>>> <member><name>nshardwareplatform</name>\r\n
>>> <value><string>x86_64</string></value></member>\r\n
>>> </struct></value></param>\r\n
>>> </params>\r\n
>>> </methodCall>\r\n
>>>
>>> HTTP response code is 500, not 200
>>>
>>> Joining realm failed because of failing XML-RPC request.
>>>      This error may be caused by incompatible server/client major versions.
>>> root        : DEBUG    args=kdestroy
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=
>>> [root fed15-64-ws02 ~]#
>>> =======================
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> ________________________________________
>>> From: freeipa-users-bounces redhat com [freeipa-users-bounces redhat com] on behalf of Steven Jones [Steven Jones vuw ac nz]
>>> Sent: Wednesday, 3 August 2011 9:35 a.m.
>>> To: freeipa-users redhat com
>>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>>
>>> Hi,
>>>
>>> Client
>>> ==========
>>> rhel61-64cl04.unix.vuw.ac.nz
>>> Linux rhel61-64cl04.unix.vuw.ac.nz 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
>>> ipa-client-2.0.0-23.el6_1.1.x86_64
>>> libcurl-7.19.7-26.el6.x86_64
>>> Red Hat Enterprise Linux Client release 6.1 (Santiago)
>>> ==========
>>>
>>> Server
>>> ==========
>>> Linux vuwunicoipamt01 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
>>> libcurl-7.19.7-26.el6_1.1.x86_64
>>> ipa-client-2.0.0-23.el6_1.1.x86_64
>>> ipa-server-2.0.0-23.el6_1.1.x86_64
>>> Red Hat Enterprise Linux Server release 6.1 (Santiago)
>>> ==========
>>>
>>> install output
>>> ==========
>>> [root rhel61-64cl04 ~]# ipa-client-install --mkhomedir --server vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.ac.nz -d
>>> root        : DEBUG    /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'unix.vuw.ac.nz', 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': 'vuwunicoipamt01.unix.vuw.ac.nz', 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir': True, 'unattended': None, 'principal': None}
>>> root        : DEBUG    missing options might be asked for interactively later
>>>
>>> root        : DEBUG    Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>>> root        : DEBUG    [ipacheckldap]
>>> root        : DEBUG    args=/usr/bin/wget -O /tmp/tmpaaTaqF/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=--2011-08-03 09:01:14--  http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: `/tmp/tmpaaTaqF/ca.crt'
>>>
>>>         0K                                                       100%  132M=0s
>>>
>>> 2011-08-03 09:01:14 (132 MB/s) - `/tmp/tmpaaTaqF/ca.crt' saved [779/779]
>>>
>>>
>>> root        : DEBUG    Init ldap with: ldap://vuwunicoipamt01.unix.vuw.ac.nz:389
>>> root        : DEBUG    Search rootdse
>>> root        : DEBUG    Search for (info=*) in dc=unix,dc=vuw,dc=ac,dc=nz(base)
>>> root        : DEBUG    Found: [('dc=unix,dc=vuw,dc=ac,dc=nz', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['unix.vuw.ac.nz'], 'dc': ['unix'], 'nisDomain': ['unix.vuw.ac.nz']})]
>>> root        : DEBUG    Search for (objectClass=krbRealmContainer) in dc=unix,dc=vuw,dc=ac,dc=nz(sub)
>>> root        : DEBUG    Found: [('cn=UNIX.VUW.AC.NZ,cn=kerberos,dc=unix,dc=vuw,dc=ac,dc=nz', {'krbSubTrees': ['dc=unix,dc=vuw,dc=ac,dc=nz'], 'cn': ['UNIX.VUW.AC.NZ'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})]
>>> root        : DEBUG    will use domain: unix.vuw.ac.nz
>>>
>>> root        : DEBUG    will use server: vuwunicoipamt01.unix.vuw.ac.nz
>>>
>>> Discovery was successful!
>>> root        : DEBUG    will use cli_realm: UNIX.VUW.AC.NZ
>>>
>>> root        : DEBUG    will use cli_basedn: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>> Hostname: rhel61-64cl04.unix.vuw.ac.nz
>>> Realm: UNIX.VUW.AC.NZ
>>> DNS Domain: unix.vuw.ac.nz
>>> IPA Server: vuwunicoipamt01.unix.vuw.ac.nz
>>> BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
>>>
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> Enrollment principal: admin
>>> root        : DEBUG    will use principal: admin
>>>
>>> root        : DEBUG    args=/usr/bin/wget -O /etc/ipa/ca.crt http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=--2011-08-03 09:01:22--  http://vuwunicoipamt01.unix.vuw.ac.nz/ipa/config/ca.crt
>>> Resolving vuwunicoipamt01.unix.vuw.ac.nz... 130.195.87.236
>>> Connecting to vuwunicoipamt01.unix.vuw.ac.nz|130.195.87.236|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 779 [application/x-x509-ca-cert]
>>> Saving to: `/etc/ipa/ca.crt'
>>>
>>>         0K                                                       100% 96.5M=0s
>>>
>>> 2011-08-03 09:01:22 (96.5 MB/s) - `/etc/ipa/ca.crt' saved [779/779]
>>>
>>>
>>> Password for admin UNIX VUW AC NZ:
>>> root        : DEBUG    args=kinit admin UNIX VUW AC NZ
>>> root        : DEBUG    stdout=Password for admin UNIX VUW AC NZ:
>>>
>>> root        : DEBUG    stderr=
>>>
>>> root        : DEBUG    args=/usr/sbin/ipa-join -s vuwunicoipamt01.unix.vuw.ac.nz -d
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=XML-RPC CALL:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>\r\n
>>> <methodCall>\r\n
>>> <methodName>join</methodName>\r\n
>>> <params>\r\n
>>> <param><value><array><data>\r\n
>>> <value><string>rhel61-64cl04.unix.vuw.ac.nz</string></value>\r\n
>>> </data></array></value></param>\r\n
>>> <param><value><struct>\r\n
>>> <member><name>nsosversion</name>\r\n
>>> <value><string>2.6.32-131.6.1.el6.x86_64</string></value></member>\r\n
>>> <member><name>nshardwareplatform</name>\r\n
>>> <value><string>x86_64</string></value></member>\r\n
>>> </struct></value></param>\r\n
>>> </params>\r\n
>>> </methodCall>\r\n
>>>
>>> HTTP response code is 401, not 200
>>>
>>> Joining realm failed because of failing XML-RPC request.
>>>      This error may be caused by incompatible server/client major versions.
>>> root        : DEBUG    args=kdestroy
>>> root        : DEBUG    stdout=
>>> root        : DEBUG    stderr=
>>> [root rhel61-64cl04 ~]#
>>> ==========
>>>
>>> Error log
>>> ==========
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [error] Exception KeyError: KeyError(140510308317152,) in<module 'threading' from '/usr/lib64/python2.6/threading.pyc'>    ignored
>>> [Wed Aug 03 09:04:57 2011] [notice] caught SIGTERM, shutting down
>>> [Wed Aug 03 09:04:58 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
>>> [Wed Aug 03 09:04:58 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
>>> [Wed Aug 03 09:04:58 2011] [notice] Digest: generating secret for digest authentication ...
>>> [Wed Aug 03 09:04:58 2011] [notice] Digest: done
>>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Compiled for Python/2.6.2.
>>> [Wed Aug 03 09:04:58 2011] [warn] mod_wsgi: Runtime using Python/2.6.6.
>>> [Wed Aug 03 09:04:59 2011] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6 configured -- resuming normal operations
>>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
>>> [Wed Aug 03 09:05:01 2011] [error] ipa: INFO: *** PROCESS START ***
>>> ==========
>>>
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> ________________________________________
>>> From: Rob Crittenden [rcritten redhat com]
>>> Sent: Wednesday, 3 August 2011 1:48 a.m.
>>> To: Steven Jones
>>> Cc: freeipa-users redhat com
>>> Subject: Re: [Freeipa-users] version mismatch while joining a client ?
>>>
>>> Steven Jones wrote:
>>>>
>>>> Yes....enrolement now fails, previous messages I attached show that I think, it used to work.
>>>>
>>>> History, I had to remove all my working IPA clients due to a disk space problem on our SAN (we didnt have any).  So I managed to keep the working IPA server and 2 x RHEL5 64 bit servers and the one un-configured template of RHEL6.1 64bit client I had. This I used to make client side clones off previously and connected them to IPA server and they worked.
>>>>
>>>> So lastweek I went back and with a running ipa server, I cloned in the old client/template and got the mis-match, so I put them on the production network and patched, same mismatch problem.
>>>>
>>>> I can do a sosreport of the old template I think and the client to look at the differences if that helps.
>>>
>>> I'm having a hard time following exactly what you are doing, on what
>>> machine. I think we need to be more systematic.
>>>
>>> Can you choose a machine to act as the client and provide the following:
>>>
>>> - distro and architecture (e.g. RHEL 6.1 on x86_64)
>>> - rpm -q curl libcurl
>>> - rpm -q ipa-client
>>>
>>> On the IPA server:
>>> - rpm -q ipa-server
>>>
>>> Start with a client that is not enrolled. If it has previously been
>>> enrolled run: ipa-client-install --uninstall -U
>>>
>>> Now run ipa-client-install and answer the questions as appropriate for
>>> your install.
>>>
>>> If it fails please provide the following:
>>> - any stdout you get from the client install
>>> - attach the full /var/log/ipaclient-install.log
>>> - attach the last 100 lines from /var/log/httpd/error_log from the IPA
>>> server
>>>
>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users redhat com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users redhat com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]