Faraz Younus wrote: > it was firewall issus for port 636 now it is fixed
Awesome. In IPA client versions 4.8.0+ we print LDAP connection failure messages so this type of thing is easier to debug. Glad you got it worked out. rob > > On Mon, Mar 30, 2020, 10:41 PM Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > > Natxo Asenjo via FreeIPA-users wrote: > > so, what do you see in /var/log/ipaclient-install.log? > > And does it fail interactively as well? > > You'll see the login as a BIND to the 389-ds server on your IPA master > so look in /var/log/dirsrv/slapd-REALM/access for more information on > what happened. It might be useful. > > rob > > > > > On Sun, Mar 29, 2020 at 9:34 AM Faraz Younus <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > Yes I double checked password is ok on both sides > > > > On Sun, Mar 29, 2020 at 12:21 PM Natxo Asenjo via FreeIPA-users > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > > > > > On Sun, Mar 29, 2020 at 8:10 AM Faraz Younus via FreeIPA-users > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > Hi Team, > > > > command: /usr/sbin/ipa-client-install --domain > > example.com <http://example.com> <http://example.com> > --mkhomedir > > --password abc123 " --server ipa9.example.com > <http://ipa9.example.com> > > <http://ipa9.example.com> --unattended > > > > > > e, "cmd": ["/usr/sbin/ipa-client-install", "--domain", > > "fixedandmobile.com <http://fixedandmobile.com> > <http://fixedandmobile.com>", > > "--mkhomedir", "--password", "abc123", "--server", > > "ipa9.example.com <http://ipa9.example.com> > <http://ipa9.example.com>", > > "--unattended"], "delta": "0:01:03.451321", "end": > > "2020-03-29 05:57:22.013451", "msg": "non-zero return > code", > > "rc": 1, "start": "2020-03-29 05:56:18.562130", "stderr": > > "Hostname: ipacentos.example.com > <http://ipacentos.example.com> > > <http://ipacentos.example.com>\nRealm: EXAMPLE.COM > <http://EXAMPLE.COM> > > <http://EXAMPLE.COM>\nDNS Domain: example.com > <http://example.com> > > <http://example.com>\nIPA Server: ipa9.example.com > <http://ipa9.example.com> > > <http://ipa9.example.com>\nBaseDN: > > dc=example,dc=com\nSynchronizing time with > KDC...\nUnable to > > sync time with IPA NTP server, assuming the time is in > sync. > > Please check that 123 UDP port is opened.\nOTP case, > CA cert > > preexisted, use it\nJoining realm failed: Incorrect > > password.\n\nInstallation failed. Rolling back > changes.\nIPA > > client is not configured on this system.", "stderr_lines": > > ["Hostname: ipacentos.example.com > <http://ipacentos.example.com> > > <http://ipacentos.example.com>", "Realm:EXAMPLE.COM > <http://EXAMPLE.COM> > > <http://EXAMPLE.COM>", "DNS Domain: example.com > <http://example.com> > > <http://example.com>", "IPA Server: ipa9.example.com > <http://ipa9.example.com> > > <http://ipa9.example.com>", "BaseDN: dc=example,dc=com", > > "Synchronizing time with KDC...", "Unable to sync time > with > > IPA NTP server, assuming the time is in sync. Please check > > that 123 UDP port is opened.", "OTP case, CA cert > > preexisted, use it", "Joining realm failed: Incorrect > > password.", "", "Installation failed. Rolling back > > changes.", "IPA client is not configured on this > system."], > > "stdout": "\u001b[?1034h", "stdout_lines": > ["\u001b[?1034h"]} > > > > > > > > it does say 'incorrect password', did you check that? > > > > -- > > Groeten, > > natxo > > _______________________________________________ > > FreeIPA-users mailing list -- > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > To unsubscribe send an email to > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > > > > > -- > > -- > > Groeten, > > natxo > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > <mailto:[email protected]> > > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
