[Freeipa-users] Preparing for domain trust breaks IPA services, RHEL 6.4 IPA 3.0
Dale Macartney
dale at themacartneyclan.com
Thu Mar 7 09:26:14 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all
I've been trying to document the domain trust process for the past two
days and I am seeing the same results no matter the configuration.
Basically I have nuked and rebuilt my environment several times and all
yields the same results.
Steps to reproduce
1, Clean install of RHEL 6.4
2, yum install ipa-server bind bind-dyndb-ldap
3, ipa-server-install --setup-dns
4, yum install ipa-server-trust-ad
5, kinit admin
6, ipa-adtrust-install
all the above steps work perfectly, however I thought the problem was an
issue in running "ipa trust-add" but I have just tried "ipa host-find"
and get the same output.
If someone is able to reproduce the issue to remove myself from the
equation that would be fantastic. Its either something I'm doing wrong
or there is a bug here somewhere.. (note, no problems at all with same
procedure with Fedora 18 and IPA 3.1)
output is below from adding "debug=true" to /etc/ipa/default.conf
[root at ds01 ~]# ipa host-find
ipa: DEBUG: importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
ipa: DEBUG: args=klist -V
ipa: DEBUG: stdout=Kerberos 5 version 1.10.3
ipa: DEBUG: stderr=
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
ipa: DEBUG: importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin at EXAMPLE.COM
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available
ipa: DEBUG: failed to find session_cookie in persistent storage for
principal 'admin at EXAMPLE.COM'
ipa: INFO: trying https://ds01.example.com/ipa/xml
ipa: DEBUG: Created connection context.xmlclient
ipa: DEBUG: raw: host_find(None, all=False, raw=False, version=u'2.46')
ipa: DEBUG: host_find(None, all=False, raw=False, version=u'2.46',
pkey_only=False)
ipa: INFO: Forwarding 'host_find' to server
u'https://ds01.example.com/ipa/xml'
ipa: DEBUG: NSSConnection init ds01.example.com
ipa: DEBUG: Connecting: 10.0.1.11:0
ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Validity:
Not Before: Wed Mar 06 14:55:15 2013 UTC
Not After: Sat Mar 07 14:55:15 2015 UTC
Subject: CN=ds01.example.com,O=EXAMPLE.COM
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
c0:68:63:da:ad:0a:97:9a:5c:9c:41:c7:f3:02:ef:1b:
7f:8d:eb:e9:49:b0:f5:be:30:8a:1a:c5:5d:b9:77:1d:
4e:50:50:76:a3:11:a7:ae:a4:92:92:ea:9b:03:b1:13:
38:a1:d9:6c:80:e0:2a:75:83:ad:3a:bd:e6:3c:ae:3e:
fe:22:9f:48:41:85:a9:80:35:aa:af:e6:43:4e:d0:36:
b9:8a:ab:22:98:cf:14:67:7b:0b:46:0e:cd:97:a2:57:
6b:fc:04:c1:59:75:91:c6:f7:0c:a9:8c:ed:3e:35:0e:
06:03:99:83:78:45:0d:af:ce:db:b3:c4:a7:2f:44:0d:
06:0c:8f:29:0a:9b:d6:a1:4b:55:55:33:a5:0f:6a:87:
9c:64:59:7d:dc:e8:4c:13:0b:31:0e:b1:0d:52:88:db:
f3:84:0c:fc:71:bd:46:49:60:29:48:d2:00:0a:6a:a2:
75:fd:51:51:0b:d1:7d:8a:de:c6:96:61:71:7a:4a:d8:
d7:ae:16:2f:7c:61:73:34:98:bd:dc:0a:c4:36:04:98:
6b:ed:19:45:d6:94:c2:75:85:32:a1:20:06:6a:ec:ce:
f2:ef:35:b1:bc:08:e5:87:87:14:02:3e:62:5e:0e:c9:
a5:13:89:bd:c9:b3:fb:1e:3e:f0:e7:08:61:73:46:6f
Exponent:
65537 (0x10001)
Signed Extensions: (5)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
ee:91:e7:1c:8b:37:ff:ce:ce:2a:5e:5b:9e:50:b2:87:
8c:6e:7b:fa
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: Certificate Subject Key ID
Critical: False
Data:
b2:de:43:35:0d:ab:02:03:c7:d0:b4:cf:bb:bd:06:37:
79:fd:58:e6
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
72:dc:84:fd:65:d3:72:6b:6a:5c:b0:fb:6b:51:db:28:
bf:d7:69:e5:ea:ec:a0:3d:1a:b9:50:b6:82:1c:38:9b:
70:3c:0e:c4:ba:c7:05:92:12:b6:b5:e5:c9:b3:fc:d0:
30:80:f2:32:d6:c1:68:56:c1:ae:c5:b6:b3:1a:ce:04:
4a:fb:68:5c:25:11:a9:44:41:b8:1b:75:d5:29:2c:12:
5d:c8:2a:10:ab:88:ce:ee:50:dc:9c:7a:3b:62:10:97:
26:10:49:d7:ea:7a:3e:de:d8:c4:65:bf:e7:a1:57:77:
d0:35:94:13:54:1c:ec:05:e8:ba:23:6e:f3:19:c4:99:
73:d2:3a:56:38:e4:4b:a2:ea:d4:e4:43:64:c8:19:de:
91:5f:e5:85:11:7b:86:3e:ed:92:96:63:42:3c:f1:8b:
8b:96:10:d1:0c:4d:6c:57:ac:3d:b4:b0:03:de:45:10:
0c:8a:c7:c9:57:5c:8a:09:11:94:c3:f2:48:6e:1a:10:
ac:60:34:3d:03:0a:b6:bd:79:18:ca:67:06:d9:36:a2:
31:6d:a3:f6:d3:66:02:27:fc:12:b4:1f:df:b7:5d:19:
d2:42:11:53:39:0c:dd:32:82:98:a0:5d:26:1b:78:c5:
15:9e:71:53:b2:2b:fb:58:80:60:b9:4b:d6:3a:a2:e8
Fingerprint (MD5):
ce:83:b5:4a:ae:27:c0:dd:f4:67:a5:53:3b:3a:2f:aa
Fingerprint (SHA1):
2f:49:8e:05:18:1b:fa:6a:5f:13:4d:1a:96:7c:36:e1:
65:c8:bc:d3
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for "CN=ds01.example.com,O=EXAMPLE.COM"
ipa: DEBUG: handshake complete, peer = 10.0.1.11:443
ipa: DEBUG: Caught fault 907 from server
https://ds01.example.com/ipa/xml: cannot connect to
u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: cannot connect to
u'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket': LDAP Server Down
[root at ds01 ~]#
Any thoughts?
Dale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJROF0zAAoJEAJsWS61tB+qhHAQAJCsK+Z4Y/jBc/5mqO7QVxpS
O7RPkiKLEn5+Wi43+sC/kdfVIjUL9blQwq6IgRMupkM/SD7aZ/0wWd+PoTL63n7p
y/HZu7pc4FF7QrVrmijRW9mHiF4LeACXtSvwjEjKYmtV6b+dDRcF/wYaQoR07mkH
bq2P+D5e9i7Cc4Tcpnap5e2sn4Lg4cQmsFvm20CA51WEhRI2UupEvUhhni8hHO4K
Z8uU3GvMAzNjJyMQNZCiaFm3/NKbaeZzHploYdPBh4OZCOON7zTjGbgWnpFjirRz
m1XEC6mlHUyeyaR5ACNmWiGKWYHh7OoBX4Zgr9pda0GynDxE978c87LDRBqjTb7E
VdPiY3vquETbgvD9Jk107vQaGGUFuxWCAYKR4lpY+shW8vIEI1bYiJbVRmyLmTms
9vQ1JkYqttKd4/jJj7YVVxvyOcCDngG7igFvpszGcTm/7zw1+n90j8zKgqUulzmP
+2DOF/HqlCbz7L4mS2Bqeur5jR3lA0iVfaPImkMRSe8vS/Ccs7tTECuuKbmfSa79
2jqwkvhHUWV5+PTObser5UVV9wNVf9f/Ri6IpzlmelFxb9RhYZAt+HY6tJPoF1qw
kOdN48nSxLcTv4wXaTEDmKEEO8OEvP6JTR8S+497dOIfdZtVof6vAnKSY7AlHkmL
3XVL2oxyeuLkckcoXYX1
=SWoo
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list