[Pkg-freeipa-devel] Free ipa 4.3.1-1 support in Debian
Prema
premum at gmail.com
Fri Sep 9 08:57:30 UTC 2016
Hi Timo,
I am trying to setup a Freeipa Server 4.1.4-1 in debian stretch. Domain
provisioning and client functionalities are working as expected.
But when i try to replicate another server , then it is unable to proceed
with the below error
-------------------------------
2016-09-09T07:35:17Z DEBUG Starting external process
2016-09-09T07:35:17Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-INDIA-IN/ -N -f /etc/dirsrv/slapd-INDIA-IN//pwdfile.txt
2016-09-09T07:35:17Z DEBUG Process finished, return code=0
2016-09-09T07:35:17Z DEBUG stdout=
2016-09-09T07:35:17Z DEBUG stderr=
2016-09-09T07:35:17Z DEBUG Starting external process
2016-09-09T07:35:17Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-INDIA-IN/ -A -n INDIA.IN IPA CA -t CT,C,C -a
2016-09-09T07:35:17Z DEBUG Process finished, return code=0
2016-09-09T07:35:17Z DEBUG stdout=
2016-09-09T07:35:17Z DEBUG stderr=
2016-09-09T07:35:17Z DEBUG certmonger request is in state
dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1)
2016-09-09T07:35:22Z DEBUG certmonger request is in state
dbus.String(u'CA_UNREACHABLE', variant_level=1)
2016-09-09T07:35:22Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INDIA-IN.socket from SchemaCache
2016-09-09T07:35:22Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INDIA-IN.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f2950247e18>
2016-09-09T07:35:23Z DEBUG duration: 5 seconds
2016-09-09T07:35:23Z DEBUG [27/43]: restarting directory server
2016-09-09T07:35:23Z DEBUG Starting external process
2016-09-09T07:35:23Z DEBUG args=/bin/systemctl --system daemon-reload
2016-09-09T07:35:23Z DEBUG Process finished, return code=0
2016-09-09T07:35:23Z DEBUG stdout=
2016-09-09T07:35:23Z DEBUG stderr=
2016-09-09T07:35:23Z DEBUG Starting external process
2016-09-09T07:35:23Z DEBUG args=/bin/systemctl restart
dirsrv at INDIA-IN.service
2016-09-09T07:35:23Z DEBUG Process finished, return code=0
2016-09-09T07:35:23Z DEBUG stdout=
2016-09-09T07:35:23Z DEBUG stderr=
2016-09-09T07:35:23Z DEBUG Starting external process
2016-09-09T07:35:23Z DEBUG args=/bin/systemctl is-active
dirsrv at INDIA-IN.service
2016-09-09T07:35:24Z DEBUG Process finished, return code=0
2016-09-09T07:35:24Z DEBUG stdout=active
2016-09-09T07:35:24Z DEBUG stderr=
2016-09-09T07:35:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-09-09T07:40:24Z CRITICAL Failed to restart the directory server
(Timeout exceeded). See the installation log for details.
2016-09-09T07:40:24Z DEBUG duration: 301 seconds
2016-09-09T07:40:24Z DEBUG [28/43]: setting up initial replication
2016-09-09T07:40:34Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py",
line 447, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py",
line 437, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica
self.dm_password)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/replication.py",
line 114, in enable_replication_version_checking
conn.do_simple_bind(bindpw=dirman_passwd)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1621,
in do_simple_bind
self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1616,
in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1599,
in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 1371,
in wait_for_open_socket
raise e
error: [Errno 111] Connection refused
2016-09-09T07:40:34Z DEBUG [error] error: [Errno 111] Connection refused
2016-09-09T07:40:34Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in
execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line
318, in run
cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
310, in run
self.execute()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
332, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
586, in _configure
next(executor)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line
63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 1652, in main
promote(self)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 375, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 1359, in promote
promote=True, pkcs12_info=dirsrv_pkcs12_info)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 125, in install_replica_ds
promote=promote,
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py",
line 399, in create_replica
self.start_creation(runtime=60)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py",
line 447, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py",
line 437, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dsinstance.py",
line 405, in __setup_replica
self.dm_password)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/replication.py",
line 114, in enable_replication_version_checking
conn.do_simple_bind(bindpw=dirman_passwd)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1621,
in do_simple_bind
self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1616,
in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1599,
in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 1371,
in wait_for_open_socket
raise e
2016-09-09T07:40:34Z DEBUG The ipa-replica-install command failed,
exception: error: [Errno 111] Connection refused
2016-09-09T07:40:34Z ERROR [Errno 111] Connection refused
2016-09-09T07:40:34Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
---------------------------
/var/log/syslog shows below error when in try to start ns-slapd service
manually.
Sep 9 13:05:23 ipatt systemd[1]: Reloading.
Sep 9 13:05:23 ipatt systemd[1]: Stopping 389 Directory Server INDIA-IN....
Sep 9 13:05:23 ipatt systemd[1]: Stopped 389 Directory Server INDIA-IN..
Sep 9 13:05:23 ipatt systemd[1]: Starting 389 Directory Server INDIA-IN....
Sep 9 13:05:23 ipatt systemd[1]: Started 389 Directory Server INDIA-IN..
Sep 9 13:05:23 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:23 +051800] - SSL
alert: Security Initialization: Enabling default cipher set.
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: Configured NSS Ciphers
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: Security Initialization: Can't find certificate (Server-Cert) for
family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error
-8174 - security library: bad database.)
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
alert: Security Initialization: Unable to retrieve private key for cert
Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable
Runtime error -8174 - security library: bad database.)
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] - SSL
failure: None of the cipher are valid
Sep 9 13:05:24 ipatt ns-slapd[4444]: [09/Sep/2016:13:05:24 +051800] -
ERROR: SSL2 Initialization Failed. Disabling SSL2.
Sep 9 13:05:24 ipatt systemd[1]: dirsrv at INDIA-IN.service: Main process
exited, code=exited, status=1/FAILURE
Sep 9 13:05:24 ipatt systemd[1]: dirsrv at INDIA-IN.service: Unit entered
failed state.
Sep 9 13:05:24 ipatt systemd[1]: dirsrv at INDIA-IN.service: Failed with
result 'exit-code'.
Sep 9 13:05:28 ipatt ntpd[4144]: Deferring DNS for 1.debian.pool.ntp.org 1
Sep 9 13:05:38 ipatt ntpd[4144]: Deferring DNS for 2.debian.pool.ntp.org 1
Sep 9 13:05:48 ipatt ntpd[4144]: Deferring DNS for 3.debian.pool.ntp.org 1
Sep 9 13:05:48 ipatt ntpd[4457]: signal_no_reset: signal 17 had flags
4000000
------------
is there any package missing here., am sure i have taken then 389 to be
compiled against nss
does sssd also need to be compiled against nss or what is the sate here.,
how to make replication work in debian?
On Tue, Apr 19, 2016 at 11:42 AM, Timo Aaltonen <tjaalton at debian.org> wrote:
> 19.04.2016, 08:53, Prema kirjoitti:
> > thanks for the prompt reply Timo.
> >
> > On Tue, Apr 19, 2016 at 11:20 AM, Timo Aaltonen <tjaalton at debian.org
> > <mailto:tjaalton at debian.org>> wrote:
> >
> > 19.04.2016, 08:43, Prema kirjoitti:
> > > Dear team,
> > >
> > > I would like to try and deploy Freeipa-Server in Debian jessie.
> > > Is there any build available for this version where I can check
> and test
> > > on Jessie.
> > > I can test the full functionality and give feedback to you people.
> >
> > It's not even in unstable yet until it has been processed through the
> > NEW queue..
> >
> > I don't have plans to backport it to jessie, because it depends on a
> > number of components not available there.
> >
> > Even if i can do it in stretch / sid is also okey.
> > If not., can u send / assist me with steps to build it in Debian, so
> > that I can build the latest version for Debian
>
> Just wait until it's available in sid, shouldn't take long. It won't
> enter testing before #787593 is fixed, and that'll take some time.
>
>
> --
> t
>
--
Regards.,
Prema S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeipa-devel/attachments/20160909/a07a3338/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list