freeipa client missing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freeipa (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Cant`find freeipa packages in repository
root@user-
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package freeipa-client
tags: | added: freeipa |
Philippe Clérié (pclerie) wrote : | #2 |
Confirming. And of course I find out after my upgrade is complete but I can no longer login to my system. It never, ever occurred to me that Ubuntu might drop a package that was in the previous 2 LTS releases.
Not cool! (To put it mildly.)
Timo Aaltonen (tjaalton) wrote : | #3 |
It had to be dropped temporarily to unblock other things from migrating to bionic.
But I'm sure this has nothing to do with login issues, since freeipa-client is mostly just a wrapper to configure sssd and so on. Or are you saying it got removed from the system?
zerocool (zero-cool1992) wrote : | #4 |
Bionic beta is already here but freeipa is still in proposed repo. I suppose it is not gone be included in release. And it is bad cause automatically provision will not work. And easy enrollment too.
Launchpad Janitor (janitor) wrote : | #5 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in freeipa (Ubuntu): | |
status: | New → Confirmed |
Kees Bakker (keestux) wrote : | #6 |
@Timo at what point can we expect that the freeipa packages are back in bionic? I'm not being impatient, just curious when I can start doing some experiments with freeipa (+samba) on bionic.
Timo Aaltonen (tjaalton) wrote : | #7 |
I don't know yet, might be after Easter though. Maybe I should push it to a ppa in the meantime.
Timo Aaltonen (tjaalton) wrote : | #8 |
..maybe not, since it's available in bionic-proposed anyway
Andreas Hasenack (ahasenack) wrote : | #9 |
I'm taking a look
Andreas Hasenack (ahasenack) wrote : | #10 |
So far my investigation is revolving around a java9 incompatibility, which is the default jre/jdk in bionic.
Andreas Hasenack (ahasenack) wrote : | #11 |
I'm down to this issue now:
root@freeipa:~# getcert list
Number of certificates and requests being tracked: 1.
Request ID '20180328210952':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to https:/
stuck: no
key pair storage: type=FILE,
certificate: type=FILE,
CA: dogtag-
issuer:
subject:
expires: unknown
pre-save command: /usr/lib/
post-save command: /usr/lib/
track: yes
auto-renew: yes
Timo Aaltonen (tjaalton) wrote : | #12 |
The autopkgtests fail (or used to fail) because of missing libnsspem.so, but if we don't get that in bionic to unblock the server, I'll make freeipa client-only. Could be that there are other things broken now, I'll have a look soon..
zerocool (zero-cool1992) wrote : | #13 |
Freeipa client is very important thing the only needed. Server can be installed in centos or docker.
Bryce Larson (bryceml) wrote : | #14 |
I don't know if others are getting this, but when I try to enroll a host after a fresh install of 18.04 using freeipa-client I get this when running ipa-client-install.
A host that was enrolled on 17.10 and then upgraded seems to work fine though.
2018-03-
return_value = self.run()
File "/usr/lib/
cfgr.run()
File "/usr/lib/
self.execute()
File "/usr/lib/
for _nothing in self._executor():
File "/usr/lib/
exc_
File "/usr/lib/
self.
File "/usr/lib/
six.
File "/usr/lib/
step()
File "/usr/lib/
step = lambda: next(self.__gen)
File "/usr/lib/
six.
File "/usr/lib/
value = gen.send(
File "/usr/lib/
next(executor)
File "/usr/lib/
exc_
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
six.
File "/usr/lib/
super(
File "/usr/lib/
six.
File "/usr/lib/
step()
File "/usr/lib/
step = lambda: next(self.__gen)
File "/usr/lib/
six.
File "/usr/lib/
value = gen.send(
File "/usr/lib/
for unused in self._installer
Timo Aaltonen (tjaalton) wrote : | #15 |
I've pushed a newer version to https:/
should fix at least the error in #14. It also supports client-only builds, if bionic needs that.
summary: |
- freeipa cleint missing + freeipa client missing |
zerocool (zero-cool1992) wrote : | #16 |
I tried to install freeipa client from PPA
but i have no success
maybe I must create bug in PPA bugs instead of writing here?
here is listing of apt
apt-get install freeipa-client -o Dpkg::Options:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
freeipa-common python-ipaclient python-ipalib
Suggested packages:
libpam-krb5
The following NEW packages will be installed:
freeipa-client freeipa-common python-ipaclient python-ipalib
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/878 kB of archives.
After this operation, 8 617 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Selecting previously unselected package freeipa-common.
(Reading database ... 153864 files and directories currently installed.)
Preparing to unpack .../freeipa-
Unpacking freeipa-common (4.6.3-2~ppa1) ...
Selecting previously unselected package python-ipalib.
Preparing to unpack .../python-
Unpacking python-ipalib (4.6.3-2~ppa1) ...
Selecting previously unselected package python-ipaclient.
Preparing to unpack .../python-
Unpacking python-ipaclient (4.6.3-2~ppa1) ...
Selecting previously unselected package freeipa-client.
Preparing to unpack .../freeipa-
Unpacking freeipa-client (4.6.3-2~ppa1) ...
D000040: checking dependencies of freeipa-
D000040: ok 1 msgs >><<
D000040: checking dependencies of freeipa-common:all (- <none>)
D000040: ok 2 msgs >><<
D000040: checking Breaks
Setting up freeipa-common (4.6.3-2~ppa1) ...
D000040: checking dependencies of python-
D000040: ok 1 msgs >><<
D000040: checking dependencies of man-db:amd64 (- <none>)
D000040: ok 2 msgs >><<
Processing triggers for man-db (2.8.2-1) ...
D000040: checking dependencies of python-ipalib:all (- <none>)
D000040: ok 2 msgs >><<
D000040: checking Breaks
Setting up python-ipalib (4.6.3-2~ppa1) ...
Sorry: IndentationError: unexpected unindent (tasks.py, line 22)
dpkg: error processing package python-ipalib (--configure):
installed python-ipalib package post-installation script subprocess returned error exit status 101
D000040: checking dependencies of freeipa-
D000040: ok 1 msgs >><<
D000040: checking dependencies of python-
D000040: ok 0 msgs >> python-ipaclient depends on python-ipalib (>= 4.6.3-2~ppa1); however:
Package python-ipalib is not configured yet.
<<
D000040: checking Breaks
dpkg: dependency problems prevent configuration of python-ipaclient:
python-ipaclient depends on python-ipalib (>= 4.6.3-2~ppa1); however:
Package python-ipalib is not configured yet.
dpkg: error processing package python-ipaclient (--configure):
dependency problems - leaving unconfigured
D000040: checking dependencies of freeipa-
D000040: ok 0 msgs >> freeipa-client depends on python-ipaclient (= 4.6.3-2~ppa1); however:
Package python-ipaclient is not configured yet.
<<
D000040: checking ...
Timo Aaltonen (tjaalton) wrote : | #17 |
no that's fine, there was a typo in a new patch, should be fixed now after ~ppa2 is built
zerocool (zero-cool1992) wrote : | #18 |
There is another bug in freeipa-client package.
there is need some fixes in file to continue installation
Setting up python-ipalib (4.6.3-2~ppa2) ...
File "/usr/lib/
else:
^
SyntaxError: invalid syntax
dpkg: error processing package python-ipalib (--configure):
installed python-ipalib package post-installation script subprocess returned error exit status 101
dpkg: dependency problems prevent configuration of python-ipaclient:
python-ipaclient depends on python-ipalib (>= 4.6.3-2~ppa2); however:
Package python-ipalib is not configured yet.
dpkg: error processing package python-ipaclient (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of freeipa-client:
freeipa-client depends on python-ipaclient (= 4.6.3-2~ppa2); however:
Package python-ipaclient is not configured yet.
dpkg: error processing package freeipa-client (--configure):
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
python-ipalib
python-ipaclient
freeipa-client
E: Sub-process /usr/bin/dpkg returned an error code (1)
Timo Aaltonen (tjaalton) wrote : | #19 |
haha, ~ppa3 uploaded, though again untested..
René Georgi (rene-georgi) wrote : | #20 |
The problem seems the python-ipalib.
Error message is:
python-ipalib (4.6.3-2~ppa3) wird eingerichtet ...
Sorry: IndentationError: unexpected unindent (tasks.py, line 37)
dpkg: Fehler beim Bearbeiten des Paketes python-ipalib (--configure):
Unterprozess installed python-ipalib package post-installation script gab den Fehler-
dpkg: Abhängigkeitspr
python-ipaclient hängt ab von python-ipalib (>= 4.6.3-2~ppa3); aber:
Paket python-ipalib ist noch nicht konfiguriert.
zerocool (zero-cool1992) wrote : | #21 |
You can comment "try" blocks around mkhomedir. Anyways pam-auth-update have unresolved bugs. It no enales mkhomedir anyway even from command line.
zerocool (zero-cool1992) wrote : | #22 |
I guess freeipa-client not included in officially bionic repository.
Very sad cause we use it in our company. Now we and we can`t upgrade to 18.04.
Timo Aaltonen (tjaalton) wrote : | #23 |
not yet
R. Becke (subscribe-becke) wrote : | #24 |
I have the same issue with "ubuntu-
I downloaded the necessary packages:
https:/
https:/
https:/
https:/
And did the installation in the following order:
sudo apt-get install ntp
sudo apt-get install certmonger curl
sudo apt-get install ./freeipa-
sudo apt-get install ./python-
sudo apt-get install ./python-
sudo apt-get install certmonger
sudo apt-get install libxmlrpc-core-c3
sudo apt-get install ./freeipa-
Then I configured NTP to synch with the NTP running on my server.
AND LAST BUT NOT LEAST TO LOG IN I DID THE FOLLOWING:
sudo vi /etc/pam.
...
session required pam_permit.so
session required pam_mkhomedir.so skel=/etc/skel/
...
The first line "session required pam_permit.so" already exists, important is here to add just below the following entry: "session required pam_mkhomedir.so skel=/etc/skel/"
R. Becke (subscribe-becke) wrote : | #25 |
Just for completeness I ran the following (unattended) ipa-client installation command:
sudo ipa-client-install --mkhomedir --no-ntp --enable-
Timo Aaltonen (tjaalton) wrote : | #26 |
I've uploaded a new package to ppa:freeipa/ppa which matches what will be synced to bionic once it's made it through to Debian experimental
Timo Aaltonen (tjaalton) wrote : | #27 |
freeipa (4.7.0~
* tests/server-
supported anymore.
* tests: If the server install fails, just dump the log and exit
successfully.
-- Timo Aaltonen <email address hidden> Wed, 18 Apr 2018 17:50:11 +0300
freeipa (4.7.0~
* fix-bind-
now, fix depends to match.
* control: Add python-augeas to python-ipaclient depends. (LP: #1764615)
* ldap-multiarch.
support more than x86. (LP: #1600634)
-- Timo Aaltonen <email address hidden> Tue, 17 Apr 2018 23:47:32 +0300
freeipa (4.7.0~
* New upstream prerelease + git snapshot.
* tests: Fix whitespace.
* client.dirs: Add /var/lib/
* server.post*: Enable session, session_cookie apache modules.
* control: Add sssd-dbus to server Depends.
* fix-httpd-
* control: Bump dependency on certmonger.
* support-
(LP: #1336869)
* control: Add libsss-certmap-dev to build-depends.
* control: Drop hardcoded libcurl3 dependency from client.
* control*, rules: Add support for client-only build.
* Fold admintools into the client package.
* fix-bind-
* fix-ipa-conf.diff: Dropped, upstream.
* rules: Force building with python2.
* server.install: Updated.
* debian/.gitignore: Ignore d/control.
* rules: If git is installed, revert po/ on clean.
* server.dirs: Add missing directories, fix some permissions in
postinst.
* control.server: Bump dogtag dependencies to 10.6.0~.
* control.server: Drop mod-nss from Depends, mod_ssl is used instead.
* enable-
* server.
* control: Bump 389-ds-base dependency.
* rules: Modify python scripts to use python2.
* fix-paths.diff: Add some paths to platform data.
* hack-tomcat-
does that several times in a row, so wait for 80s before starting migrating
profiles to ldap to make sure the instance is up.
* fix-apache-
* hack-duplicate-
SSLCertific
* server.postinst: Enable default-ssl site.
* control: Depend on chrony instead of ntp.
* fix-paths.diff: Add CHRONY_CONF.
* python-
* fix-version.diff: Append +git to prerelease tag, don't require git.
* pydist_overrides: Added.
* rules: Update clean target.
* control: Bump depends on bind9.
-- Timo Aaltonen <email address hidden> Thu, 12 Apr 2018 14:01:56 +0300
Changed in freeipa (Ubuntu): | |
status: | Confirmed → Fix Released |
KC (bluelineswinger) wrote : | #28 |
Curious as to the rationale behind using the v4.7 prerelease, as opposed to the current v4.6.3 release. Is there something broken for Ubuntu/Debian in v4.6.3 that v4.7 fixes?
Somewhat related, is there any reason the version packaged for Ubuntu/Debian doesn't track with that packaged from Red Hat/CentOS (v4.5.4 as of RHEL 7.5)? Doing so would help avert any possible conflicts/
Timo Aaltonen (tjaalton) wrote : | #29 |
4.7 migrated off mod_nss, and to using openssl more, same as the rest of the stack (dogtag mostly)
There's no way to track RHEL, because they have the rest of the stack frozen unlike on Debian/Ubuntu, where updates to tomcat and alike broke things for a long time. Besides, RHEL8 will get ipa 4.7.
KC (bluelineswinger) wrote : | #30 |
Seems reasonable. I hadn't seen anything in the changelog that made clear why a prerelease was being used. Thanks for the update.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
I am going to assume you are running Ubuntu bionic, since there seems to be a newer version pending in bionic-proposed, but none in the regular archives (https:/ /bugs.launchpad .net/ubuntu/ +source/ freeipa/ 4.6.3-1ubuntu1). If this is not correct, please remove the "bionic" tag again.