As Linux Admin i want to install freeipa to manage centralized authentication.
i installed ipa server but when i try to install ipa-client, this error was showed: Error checking LDAP: Operation error: 000004DC: LdapErr: DSID-0C0907c2, comment: In order to perform this operation a successful bind must be completed on the connection.
1. 2. 3.
it shows FQDN of my windows DNS Server instead of IPA server FQDN. and produced an error that is attached.
client installed successfully
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
i have a windows DNS server.
Log file locations: 2019-08-18T10:00:08Z DEBUG Logging to /var/log/ipaclient-install.log 2019-08-18T10:00:08Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': None, 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': None, 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} 2019-08-18T10:00:08Z DEBUG IPA version 4.6.4-10.el7.centos.3 2019-08-18T10:00:08Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/usr/sbin/selinuxenabled 2019-08-18T10:00:08Z DEBUG Process finished, return code=0 2019-08-18T10:00:08Z DEBUG stdout= 2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2019-08-18T10:00:08Z DEBUG Process finished, return code=1 2019-08-18T10:00:08Z DEBUG stdout=disabled
2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-active chronyd.service 2019-08-18T10:00:08Z DEBUG Process finished, return code=3 2019-08-18T10:00:08Z DEBUG stdout=inactive
2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG [IPA Discovery] 2019-08-18T10:00:08Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=ipacli-irvlt01.shs.dc 2019-08-18T10:00:08Z DEBUG Start searching for LDAP SRV record in "shs.dc" (domain of the hostname) and its sub-domains 2019-08-18T10:00:08Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG [Kerberos realm search] 2019-08-18T10:00:10Z DEBUG Search DNS for TXT record of _kerberos.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record not found: NXDOMAIN 2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _kerberos._udp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp02.shs.dc. 2019-08-18T10:00:10Z DEBUG [LDAP server check] 2019-08-18T10:00:10Z DEBUG Verifying that dc-irvwp02.shs.dc (realm None) is an IPA server 2019-08-18T10:00:10Z DEBUG Init LDAP connection to: ldap://dc-irvwp02.shs.dc:389 2019-08-18T10:00:10Z DEBUG Search LDAP server for IPA base DN 2019-08-18T10:00:10Z DEBUG Check if naming context 'DC=SHS,DC=DC' is for IPA 2019-08-18T10:00:10Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580', 'desc': 'Operations error'} 2019-08-18T10:00:10Z ERROR Error checking LDAP: Operations error: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 2019-08-18T10:00:10Z DEBUG Cannot connect to LDAP server. Check that minssf is not enabled 2019-08-18T10:00:10Z DEBUG Assuming realm is the same as domain: SHS.DC 2019-08-18T10:00:10Z DEBUG Generated basedn from realm: dc=shs,dc=dc 2019-08-18T10:00:10Z DEBUG Discovery result: NO_TLS_LDAP; server=None, domain=shs.dc, kdc=dc-irvwp01.shs.dc,dc-irvwp02.shs.dc, basedn=dc=shs,dc=dc 2019-08-18T10:00:10Z DEBUG Validated servers: dc-irvwp02.shs.dc 2019-08-18T10:00:10Z DEBUG will use discovered domain: shs.dc 2019-08-18T10:00:10Z DEBUG Start searching for LDAP SRV record in "shs.dc" (Validating DNS Discovery) and its sub-domains 2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS validated, enabling discovery 2019-08-18T10:00:10Z DEBUG will use discovered server: dc-irvwp02.shs.dc 2019-08-18T10:00:10Z INFO Discovery was successful! 2019-08-18T10:00:10Z DEBUG will use discovered realm: SHS.DC 2019-08-18T10:00:10Z DEBUG will use discovered basedn: dc=shs,dc=dc 2019-08-18T10:00:10Z INFO Client hostname: ipacli-irvlt01.shs.dc 2019-08-18T10:00:10Z DEBUG Hostname source: Machine's FQDN 2019-08-18T10:00:10Z INFO Realm: SHS.DC 2019-08-18T10:00:10Z DEBUG Realm source: Assumed same as domain 2019-08-18T10:00:10Z INFO DNS Domain: shs.dc 2019-08-18T10:00:10Z DEBUG DNS Domain source: Discovered LDAP SRV records from shs.dc (domain of the hostname) 2019-08-18T10:00:10Z INFO IPA Server: dc-irvwp02.shs.dc 2019-08-18T10:00:10Z DEBUG IPA Server source: Discovered LDAP SRV records from shs.dc (domain of the hostname) 2019-08-18T10:00:10Z INFO BaseDN: dc=shs,dc=dc 2019-08-18T10:00:10Z DEBUG BaseDN source: Generated from Kerberos realm 2019-08-18T10:00:15Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 371, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3630, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2312, in install_check raise ScriptError(rval=CLIENT_INSTALL_ERROR)
2019-08-18T10:00:15Z DEBUG The ipa-client-install command failed, exception: ScriptError: 2019-08-18T10:00:15Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Please don't open issues both on the mailing list and the upstream issue tracker.
This looks like a configuration issue on your end, let's keep follow-ups on the list.
Metadata Update from @rcritten: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.