no I did not modify the file , this is from ipa master server, i also
installed ipa client on master bcoz i was getting sssd no cache credentials
error, when i install client on master it fixed that error, now I'm getting
ldap error after that sssd error
On Fri, Mar 13, 2020, 7:17 PM Florence Blanc-Renaud <flo(a)redhat.com> wrote:
On 3/13/20 8:43 AM, Faraz Younus via FreeIPA-users wrote:
> cat /etc/ipa/default.conf
>
> #File modified by ipa-client-install
>
>
> [global]
>
> basedn = dc=fixedandmobile,dc=com
>
> realm =
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM>
>
> domain =
fixedandmobile.com <
http://fixedandmobile.com>
>
> server =
sg.fixedandmobile.com <
http://sg.fixedandmobile.com>
>
> host =
sg.fixedandmobile.com <
http://sg.fixedandmobile.com>
>
> xmlrpc_uri =
https://sg.fixedandmobile.com/ipa/xml
>
> enable_ra = True
Hi,
looks like you are trying to run "ipactl status" on a FreeIPA client,
because on a server I would expect the file to also contain:
ldap_uri = ldapi://%2Fvar%2Frun%2Fslapd-FIXEDANDMOBILE-COM.socket
mode = production
ra_plugin = dogtag
dogtag_version = 10
But on a client, the host and server values would be different.
Did you manually modify the file?
flo
>
>
> On Fri, Mar 13, 2020 at 12:02 PM Florence Blanc-Renaud <flo(a)redhat.com
> <mailto:flo@redhat.com>> wrote:
>
> On 3/13/20 6:42 AM, Faraz Younus via FreeIPA-users wrote:
> > I can have the update on below LDAP error ?
>
> What is the content of the /etc/ipa/default.conf file? Especially, is
> there a value for "ldap_uri" and does it start with "ldap_uri =
> ldapi://..." ?
>
> flo
> >
> > On Wed, Mar 11, 2020 at 6:34 PM Faraz Younus <farazby(a)gmail.com
> <mailto:farazby@gmail.com>
> > <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>>
wrote:
> >
> > I have added freeipa users list as well to this thread
> >
> > On Wed, Mar 11, 2020 at 6:31 PM Rob Crittenden
> <rcritten(a)redhat.com <mailto:rcritten@redhat.com>
> > <mailto:rcritten@redhat.com
<mailto:rcritten@redhat.com>>>
wrote:
> >
> > Faraz Younus wrote:
> > > Thanks pasted the text instead of screenshots.
> >
> > This will work. Can you post this to the freeipa-users
list?
> >
> > rob
> >
> > >
> > > First failed then successful but after that LDAP
broken.
> > >
> > > palib.install.certmonger: DEBUG: certmonger request is
> in state
> > > dbus.String(u'CA_UNREACHABLE', variant_level=1)
> > >
> > > ipapython.admintool: DEBUG: File
> > >
"/usr/lib/python2.7/site-packages/ipapython/admintool.py",
> > line 178, in
> > > execute
> > >
> > > return_value = self.run()
> > >
> > > File
> > >
> >
>
"/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> > > line 62, in run
> > >
> > > run_with_args(api)
> > >
> > > File
> > >
> >
>
"/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> > > line 112, in run_with_args
> > >
> > > update_server(certs)
> > >
> > > File
> > >
> >
>
"/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> > > line 192, in update_server
> > >
> > > "please check the request manually" %
request_id)
> > >
> > >
> > > ipapython.admintool: DEBUG: The ipa-certupdate command
> failed,
> > > exception: ScriptError: Error resubmitting certmonger
> request
> > > '20200311065837', please check the request manually
> > >
> > > ipapython.admintool: ERROR: Error resubmitting
> certmonger request
> > > '20200311065837', please check the request manually
> > >
> > > ipapython.admintool: ERROR: The ipa-certupdate command
> failed.
> > >
> > > [root@sg ansible]# kinit admin
> > >
> > > Password for admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>:
> > >
> > >
> > > [root@sg ansible]# klist -kt /etc/krb5.keytab
> > >
> > > Keytab name: FILE:/etc/krb5.keytab
> > >
> > > KVNO Timestamp Principal
> > >
> > > ---- -----------------
> > >
--------------------------------------------------------
> > >
> > > 3 03/11/20 07:15:51
> > host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>
> > >
> > > 3 03/11/20 07:15:51
> > host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>
> > >
> > > [root@sg ansible]# ipa-certupdate -v
> > >
> > > ipapython.admintool: DEBUG: Not logging to a file
> > >
> > > ipalib.plugable: DEBUG: importing all plugin modules in
> > > ipaclient.remote_plugins.schema$79e69edd...
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > > ipaclient.remote_plugins.schema$79e69edd.plugins
> > >
> > > ipalib.plugable: DEBUG: importing all plugin modules in
> > ipaclient.plugins...
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.automember
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.automount
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.ca <
http://ipaclient.plugins.ca>
> <
http://ipaclient.plugins.ca>
> > > <
http://ipaclient.plugins.ca>
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.cert
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.certmap
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > > ipaclient.plugins.certprofile
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.csrgen
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.dns
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.hbacrule
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.hbactest
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.host
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.idrange
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.internal
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.location
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.migration
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.misc
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.otptoken
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > > ipaclient.plugins.otptoken_yubikey
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.passwd
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.permission
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.rpcclient
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.server
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.service
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.sudorule
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.topology
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.trust
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.user
> > >
> > > ipalib.plugable: DEBUG: importing plugin module
> > ipaclient.plugins.vault
> > >
> > > ipalib.rpc: DEBUG: failed to find session_cookie in
> > persistent storage
> > > for principal 'admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM> <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>'
> > >
> > > ipalib.rpc: INFO: trying
>
https://sg.fixedandmobile.com/ipa/json
> > >
> > > ipalib.rpc: DEBUG: New HTTP connection
> (
sg.fixedandmobile.com <
http://sg.fixedandmobile.com>
> > <
http://sg.fixedandmobile.com>
> > > <
http://sg.fixedandmobile.com>)
> > >
> > > ipalib.rpc: DEBUG: received Set-Cookie (<type
> > >
> >
>
'list'>)'['ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;path=/ipa;httponly;secure;']'
> > >
> > > ipalib.rpc: DEBUG: storing cookie
> > >
> >
>
'ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;'
> > > for principal admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM> <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>
> > >
> > > ipalib.backend: DEBUG: Created connection
> > context.rpcclient_139702145432656
> > >
> > > ipalib.install.kinit: DEBUG: Initializing principal
> > > host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>> using keytab
> > > /etc/krb5.keytab
> > >
> > > ipalib.install.kinit: DEBUG: using ccache
> /tmp/tmp-v__2gr/ccache
> > >
> > > ipalib.install.kinit: DEBUG: Attempt 1/1: success
> > >
> > > ipalib.frontend: DEBUG: raw:
> ca_is_enabled(version=u'2.107')
> > >
> > > ipalib.frontend: DEBUG:
ca_is_enabled(version=u'2.107')
> > >
> > > ipalib.rpc: INFO: [try 1]: Forwarding
'ca_is_enabled/1' to
> > json server
> > > 'https://sg.fixedandmobile.com/ipa/json'
> > >
> > > ipalib.rpc: DEBUG: HTTP connection keep-alive
> > (
sg.fixedandmobile.com <
http://sg.fixedandmobile.com>
> <
http://sg.fixedandmobile.com>
> > > <
http://sg.fixedandmobile.com>)
> > >
> > > ipalib.rpc: DEBUG: received Set-Cookie (<type
> > >
> >
>
'list'>)'['ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;path=/ipa;httponly;secure;']'
> > >
> > > ipalib.rpc: DEBUG: storing cookie
> > >
> >
>
'ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;'
> > > for principal admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM> <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>
> > >
> > > ipapython.ipaldap: DEBUG: retrieving schema for
> SchemaCache
> > > url=ldap://sg.fixedandmobile.com:389
> <
http://sg.fixedandmobile.com:389>
> > <
http://sg.fixedandmobile.com:389>
> > <
http://sg.fixedandmobile.com:389>
> > > conn=<ldap.ldapobject.SimpleLDAPObject instance at
> > 0x7f0ef07b8c68>
> > >
> > > ipalib.frontend: DEBUG: raw: ca_find(None,
> version=u'2.231')
> > >
> > > ipalib.frontend: DEBUG: ca_find(None,
version=u'2.231')
> > >
> > > ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1'
to
> json server
> > > 'https://sg.fixedandmobile.com/ipa/json'
> > >
> > > ipalib.rpc: DEBUG: HTTP connection keep-alive
> > (
sg.fixedandmobile.com <
http://sg.fixedandmobile.com>
> <
http://sg.fixedandmobile.com>
> > > <
http://sg.fixedandmobile.com>)
> > >
> > > ipalib.rpc: DEBUG: received Set-Cookie (<type
> > >
> >
>
'list'>)'['ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;path=/ipa;httponly;secure;']'
> > >
> > > ipalib.rpc: DEBUG: storing cookie
> > >
> >
>
'ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;'
> > > for principal admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM> <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>
> > >
> > > ipalib.install.sysrestore: DEBUG: Loading Index file
from
> > > '/var/lib/ipa/sysrestore/sysrestore.index'
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n
> >
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM>
> <
http://FIXEDANDMOBILE.COM>
> > > <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a -f
> > > /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n
> > > E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> <mailto:support@fixedandmobile.com <mailto:
support(a)fixedandmobile.com>>
> > > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>>>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>
> > <
http://sg.fixedandmobile.com>
> > >
> >
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> > > -t C,, -a -f
> /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> > > dirsrv(a)FIXEDANDMOBILE-COM.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=active
> > >
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl --system
> > daemon-reload
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl restart
> > > dirsrv(a)FIXEDANDMOBILE-COM.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> > > dirsrv(a)FIXEDANDMOBILE-COM.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=active
> > >
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: wait_for_open_ports:
localhost
> > [389] timeout 300
> > >
> > > ipapython.ipautil: DEBUG: waiting for port: 389
> > >
> > > ipapython.ipautil: DEBUG: SUCCESS: port: 389
> > >
> > > ipaplatform.base.services: DEBUG: Restart of
> > > dirsrv(a)FIXEDANDMOBILE-COM.service complete
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/httpd/alias
> > > -A -n
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM>
> <
http://FIXEDANDMOBILE.COM>
> > <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a
> > > -f /etc/httpd/alias/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/httpd/alias
> > > -A -n E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>>
> > > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>>>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>
> > <
http://sg.fixedandmobile.com>
> > >
> >
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> > > -t C,, -a -f /etc/httpd/alias/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> > httpd.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=active
> > >
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl restart
> > httpd.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> > httpd.service
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=active
> > >
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipaplatform.base.services: DEBUG: Restart of
httpd.service
> > complete
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/ipa/nssdb
> > > -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
> code=255
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=certutil: Could not
find
> > cert: IPA CA
> > >
> > > : PR_FILE_NOT_FOUND_ERROR: File not found
> > >
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/ipa/nssdb
> > > -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
> code=255
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=certutil: Could not
find
> > cert: External
> > > CA cert
> > >
> > > : PR_FILE_NOT_FOUND_ERROR: File not found
> > >
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/ipa/nssdb
> > > -A -n
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM>
> <
http://FIXEDANDMOBILE.COM>
> > <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a
> > > -f /etc/ipa/nssdb/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> > dbm:/etc/ipa/nssdb
> > > -A -n E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>>
> > > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>
> > <mailto:support@fixedandmobile.com
> <mailto:support@fixedandmobile.com>>>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>
> > <
http://sg.fixedandmobile.com>
> > >
> >
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> > > -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipaplatform.redhat.tasks: INFO: Systemwide CA database
> updated.
> > >
> > > ipapython.ipautil: DEBUG: Starting external process
> > >
> > > ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
> > >
> > > ipapython.ipautil: DEBUG: Process finished, return
code=0
> > >
> > > ipapython.ipautil: DEBUG: stdout=
> > >
> > > ipapython.ipautil: DEBUG: stderr=
> > >
> > > ipaplatform.redhat.tasks: INFO: Systemwide CA database
> updated.
> > >
> > > ipalib.backend: DEBUG: Destroyed connection
> > > context.rpcclient_139702145432656
> > >
> > > ipapython.admintool: INFO: The ipa-certupdate command
was
> > successful
> > >
> > > [root@sg ansible]# ipactl status
> > >
> > > *Unknown error when retrieving list of services from
LDAP:
> > need more
> > > than 1 value to unpack*
> > >
> > > *[root@sg ansible]# ipactl restart*
> > >
> > > *Failed to read data from Directory Service: Unknown
> error when
> > > retrieving list of services from LDAP: need more than
> 1 value
> > to unpack*
> > >
> > > *Shutting down*
> > >
> > >
> > > On Wed, Mar 11, 2020 at 5:36 PM Rob Crittenden
> > <rcritten(a)redhat.com <mailto:rcritten@redhat.com>
> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>
> > > <mailto:rcritten@redhat.com
> <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com
> <mailto:rcritten@redhat.com>>>> wrote:
> > >
> > > Faraz Younus wrote:
> > > >
> > > > Kindly approve this email, please
> > >
> > > It is nearly 5MB due to the screen shots. Please
> either
> > reduce their
> > > size or preferably just copy/paste the text.
> > >
> > > rob
> > >
> > > >
> > > > On Wed, Mar 11, 2020 at 12:28 PM Faraz Younus
> > <farazby(a)gmail.com <mailto:farazby@gmail.com>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>
> > > <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com> <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com>>>
> > > > <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com> <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com>>
> > <mailto:farazby@gmail.com <mailto:farazby@gmail.com>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>>>>
wrote:
> > > >
> > > > I fixed that error ipaclient is required on
> master
> > server, I
> > > created
> > > > new master with ipaclient
> > > >
> > > > [root@sg ansible]# klist -kt
/etc/krb5.keytab
> > > >
> > > > Keytab name: FILE:/etc/krb5.keytab
> > > >
> > > > KVNO Timestamp Principal
> > > >
> > > > ---- -----------------
> > > >
> > --------------------------------------------------------
> > > >
> > > > 3 03/11/20 07:15:51
> > > host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>
> > > >
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>>
> > > >
> > > > 3 03/11/20 07:15:51
> > > host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>
> > > >
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>>>
> > > >
> > > >
> > > >
> > > > But Now Issue is that when I updating the
> external
> > certificate
> > > it is
> > > > failing first time then it got successful
> however
> > it broke the
> > > LDAP.
> > > > Screenshots are attached
> > > >
> > > > [root@sg ansible]# ipactl restart
> > > >
> > > > Failed to read data from Directory Service:
> Unknown
> > error when
> > > > retrieving list of services from LDAP: need
more
> > than 1 value
> > > to unpack
> > > >
> > > > Shutting down
> > > >
> > > >
> > > > Screen Shot 2020-03-11 at 12.22.40 PM.png
> > > >
> > > > Screen Shot 2020-03-11 at 12.23.36 PM.png
> > > >
> > > > On Tue, Mar 10, 2020 at 7:33 PM Robbie
Harwood
> > > <rharwood(a)redhat.com
<mailto:rharwood@redhat.com>
> <mailto:rharwood@redhat.com <mailto:rharwood@redhat.com>>
> > <mailto:rharwood@redhat.com <mailto:rharwood@redhat.com>
> <mailto:rharwood@redhat.com <mailto:rharwood@redhat.com>>>
> > > > <mailto:rharwood@redhat.com
> <mailto:rharwood@redhat.com>
> > <mailto:rharwood@redhat.com
<mailto:rharwood@redhat.com>>
> <mailto:rharwood@redhat.com <mailto:rharwood@redhat.com>
> > <mailto:rharwood@redhat.com
> <mailto:rharwood@redhat.com>>>>> wrote:
> > > >
> > > > Faraz Younus <farazby(a)gmail.com
> <mailto:farazby@gmail.com>
> > <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>
> > <mailto:farazby@gmail.com
<mailto:farazby@gmail.com>>>
> > > <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com> <mailto:farazby@gmail.com
> <mailto:farazby@gmail.com>>
> > <mailto:farazby@gmail.com <mailto:farazby@gmail.com>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>>>>
writes:
> > > >
> > > > > Yes /tmp is writable for everyone.
> > > > >
> > > > > drwxrwxrwt. root root 4.0K tmp
> > > > >
> > > > > [root@ipa5 centos]# kinit admin
> > > > >
> > > > > Password for admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>
> > > > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>
> > > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>>>:
> > > > >
> > > > >
> > > > > The output for /etc/krb5.keytab
> > > > >
> > > > >
> > > > > [root@ipa5 centos]# klist -kt
> /etc/krb5.keytab
> > > > >
> > > > > Keytab name: FILE:/etc/krb5.keytab
> > > > >
> > > > > KVNO Timestamp Principal
> > > > >
> > > > > ---- -----------------
> > > > >
> > --------------------------------------------------------
> > > >
> > > > Did you obfuscate this output? Can you
not?
> > > >
> > > > It should contain an entry for
> > > >
> host/ipa5.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>>>
> > > >
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> > > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>>>> . The
next
> > > > question is
> >