freeipa-server installation/configuration problem on s390x
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Expired
|
Medium
|
Unassigned | ||
389-ds-base (Ubuntu) |
Invalid
|
Undecided
|
Skipper Bug Screeners |
Bug Description
Problem desctriptin for following already Fix Releaed Bug:
https:/
https:/
The package is still failing to configure
root@fipas1:~# ipa-server-install --allow-
The log file for this installation can be found in /var/log/
=======
This program will set up the FreeIPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the NTP client (chronyd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure the KDC to enable PKINIT
To accept the default shown in brackets, press the Enter key.
WARNING: conflicting time&date synchronization service 'ntp' will be disabled
in favor of chronyd
Do you want to configure integrated DNS (BIND)? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>
Example: master.example.com.
Server host name [fipas1.rgy.net]:
Warning: skipping DNS resolution of host fipas1.rgy.net
The domain name has been determined based on the host name.
Please confirm the domain name [rgy.net]:
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [RGY.NET]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password:
Password (confirm):
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password:
Password (confirm):
Checking DNS domain rgy.net., please wait ...
Do you want to configure DNS forwarders? [yes]: no
No DNS forwarders configured
Do you want to search for missing reverse zones? [yes]: no
The IPA Master Server will be configured with:
Hostname: fipas1.rgy.net
IP address(es): 192.168.122.50
Domain name: rgy.net
Realm name: RGY.NET
The CA will be configured with:
Subject DN: CN=Certificate Authority,O=RGY.NET
Subject base: O=RGY.NET
Chaining: self-signed
BIND DNS server will be configured to serve IPA domain with:
Forwarders: No forwarders
Forward policy: only
Reverse zone(s): No reverse zone
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Synchronizing time
Using default chrony configuration.
Time synchronization was successful.
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/44]: creating directory server instance
[2/44]: enabling ldapi
[3/44]: configure autobind for root
[4/44]: stopping directory server
[5/44]: updating configuration in dse.ldif
[6/44]: starting directory server
[error] ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
ipapython.
ipapython.
root@fipas1:~#
I had run an apt update in advance of installing freeipa and after adding the canonical staging repository
root@fipas1:~# apt update
Hit:1 http://
Hit:2 http://
Hit:3 http://
Hit:4 http://
Hit:5 http://
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
root@fipas1:~#
End of the install log contains
2018-04-
2018-04-
2018-04-
2018-04-
2018-04-
2018-04-
2018-04-
2018-04-
File "/usr/lib/
run_
File "/usr/lib/
method()
File "/usr/lib/
self.
File "/usr/lib/
api.
File "/usr/lib/
conn = self.create_
File "/usr/lib/
client_
File "/usr/lib/
'', auth_tokens, server_controls, client_controls)
File "/usr/lib/
self.
File "/usr/lib/
raise errors.
ACIError: Insufficient access: SASL(-4): no mechanism available: No worthy mechs found (Unknown authentication method)
2018-04-
2018-04-
return_value = self.run()
File "/usr/lib/
return cfgr.run()
File "/usr/lib/
return self.execute()
File "/usr/lib/
for rval in self._executor():
File "/usr/lib/
exc_
File "/usr/lib/
self.
File "/usr/lib/
six.
File "/usr/lib/
step()
File "/usr/lib/
step = lambda: next(self.__gen)
File "/usr/lib/
six.
File "/usr/lib/
value = gen.send(
File "/usr/lib/
next(executor)
File "/usr/lib/
exc_
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
six.
File "/usr/lib/
super(
File "/usr/lib/
six.
File "/usr/lib/
step()
File "/usr/lib/
step = lambda: next(self.__gen)
File "/usr/lib/
six.
File "/usr/lib/
value = gen.send(
File "/usr/lib/
for unused in self._installer
File "/usr/lib/
master_
File "/usr/lib/
func(installer)
File "/usr/lib/
setup_
File "/usr/lib/
self.
File "/usr/lib/
run_
File "/usr/lib/
method()
File "/usr/lib/
self.
File "/usr/lib/
api.
File "/usr/lib/
conn = self.create_
File "/usr/lib/
client_
File "/usr/lib/
'', auth_tokens, server_controls, client_controls)
File "/usr/lib/
self.
File "/usr/lib/
raise errors.
2018-04-
2018-04-
2018-04-
root@fipas1:~#
Suggestions?
[reply] [-]
Comment 19 bugproxy bugproxy 2018-05-02 03:18:57 CDT
### External Comment ###
------- Comment From frank-heimes 2018-05-02 13:25:26 UTC-------
Please could you attach the logs like the /var/log/syslog as well as the ipa install log:
/var/log/
and in case available any other ipa related logs, too - means: /var/log/ipa*
And also share how the content of the folder: ls -la /etc/ipa/
Thx
[reply] [-]
Comment 20 Richard G. Young 2018-05-02 08:49:59 CDT
free IPA install failure logs
Requested logs attached in TAR
Add Comment
affects: | linux (Ubuntu) → freeipa (Ubuntu) |
tags: | added: s390x universe |
summary: |
- freeipa-server installatio/configuration problem for s390x + freeipa-server installation/configuration problem on s390x |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |
Changed in ubuntu-z-systems: | |
status: | New → Incomplete |
Default Comment by Bridge