Awesome.
In IPA client versions 4.8.0+ we print LDAP connection failure messages
so this type of thing is easier to debug. Glad you got it worked out.
rob
On Mon, Mar 30, 2020, 10:41 PM Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Natxo Asenjo via FreeIPA-users wrote:
> so, what do you see in /var/log/ipaclient-install.log?
And does it fail interactively as well?
You'll see the login as a BIND to the 389-ds server on your IPA master
so look in /var/log/dirsrv/slapd-REALM/access for more information on
what happened. It might be useful.
rob
>
> On Sun, Mar 29, 2020 at 9:34 AM Faraz Younus <farazby(a)gmail.com
<mailto:farazby@gmail.com>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>> wrote:
>
> Yes I double checked password is ok on both sides
>
> On Sun, Mar 29, 2020 at 12:21 PM Natxo Asenjo via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>> wrote:
>
>
>
> On Sun, Mar 29, 2020 at 8:10 AM Faraz Younus via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>> wrote:
>
> Hi Team,
>
> command: /usr/sbin/ipa-client-install --domain
> example.com <
http://example.com> <
http://example.com>
--mkhomedir
> --password abc123 " --server
ipa9.example.com
<
http://ipa9.example.com>
> <http://ipa9.example.com> --unattended
>
>
> e, "cmd": ["/usr/sbin/ipa-client-install",
"--domain",
> "fixedandmobile.com <
http://fixedandmobile.com>
<
http://fixedandmobile.com>",
> "--mkhomedir", "--password", "abc123",
"--server",
> "ipa9.example.com <
http://ipa9.example.com>
<
http://ipa9.example.com>",
> "--unattended"], "delta":
"0:01:03.451321", "end":
> "2020-03-29 05:57:22.013451", "msg":
"non-zero return
code",
> "rc": 1, "start": "2020-03-29
05:56:18.562130", "stderr":
> "Hostname:
ipacentos.example.com
<
http://ipacentos.example.com>
> <http://ipacentos.example.com>\nRealm:
EXAMPLE.COM
<
http://EXAMPLE.COM>
> <http://EXAMPLE.COM>\nDNS Domain:
example.com
<
http://example.com>
> <http://example.com>\nIPA Server:
ipa9.example.com
<
http://ipa9.example.com>
> <http://ipa9.example.com>\nBaseDN:
> dc=example,dc=com\nSynchronizing time with
KDC...\nUnable to
> sync time with IPA NTP server, assuming the time is in
sync.
> Please check that 123 UDP port is opened.\nOTP case,
CA cert
> preexisted, use it\nJoining realm failed: Incorrect
> password.\n\nInstallation failed. Rolling back
changes.\nIPA
> client is not configured on this system.",
"stderr_lines":
> ["Hostname:
ipacentos.example.com
<
http://ipacentos.example.com>
> <http://ipacentos.example.com>", "Realm:EXAMPLE.COM
<
http://EXAMPLE.COM>
> <http://EXAMPLE.COM>", "DNS Domain:
example.com
<
http://example.com>
> <http://example.com>", "IPA Server:
ipa9.example.com
<
http://ipa9.example.com>
> <http://ipa9.example.com>", "BaseDN:
dc=example,dc=com",
> "Synchronizing time with KDC...", "Unable to sync
time
with
> IPA NTP server, assuming the time is in sync. Please check
> that 123 UDP port is opened.", "OTP case, CA cert
> preexisted, use it", "Joining realm failed: Incorrect
> password.", "", "Installation failed. Rolling
back
> changes.", "IPA client is not configured on this
system."],
> "stdout": "\u001b[?1034h",
"stdout_lines":
["\u001b[?1034h"]}
>
>
>
> it does say 'incorrect password', did you check that?
>
> --
> Groeten,
> natxo
> _______________________________________________
> FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
>
> --
> --
> Groeten,
> natxo
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>