I have found this messages about problems running freipa in ubuntu: https://www.redhat.com/archives/freeipa-devel/2011-September/msg00407.html https://www.redhat.com/archives/freeipa-devel/2011-September/msg00408.html
and this ticket: https://fedorahosted.org/freeipa/ticket/1887 I created the nss database with null password, run an ipa-client-install --uninstall and tried to join the domain only to find a problem configuring ntp because the installation script tries to modify a sysconfig file that only exists in redhat systems: root : DEBUG Backing up system configuration file '/etc/ntp.conf' root : DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' root : DEBUG -> Not backing up - '/etc/sysconfig/ntpd' doesn't exist Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1247, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 127, in config_ntp __write_config(path_ntp_sysconfig, ntp_sysconfig) File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 94, in __write_config fd = open(path, "w") IOError: [Errno 2] No such file or directory: '/etc/sysconfig/ntpd' pasqual@ubuntuprovesfreeipa:~$ as a workaround I comment this lines in /usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py : __backup_config(path_ntp_sysconfig, fstore) __write_config(path_ntp_sysconfig, ntp_sysconfig) ipaservices.restore_context(path_ntp_sysconfig) after that the install can finnish correctly although there are some minor errors in the log (which I attach). I'm now testing if the system is functional (it has bad look) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/997990 Title: fail joining to a freeipa server with ipa-client-install Status in FreeIPA packaging for Ubuntu: Unknown Status in “freeipa” package in Ubuntu: New Bug description: I try to join a freeipa domain and it seems there is some problem with the tls negotiacion. this is the log: pasqual@ubuntuprovesfreeipa:~$ sudo ipa-client-install -d --enable-dns-updates [sudo] password for pasqual: root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': True, 'preserve_sssd': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' root : DEBUG [ipadnssearchldap(linux.gva.es)] root : DEBUG [ipadnssearchldap(gva.es)] root : DEBUG [ipadnssearchldap(es)] root : DEBUG [ipadnssearchldap(linux.gva.es)] root : DEBUG [ipadnssearchldap(gva.es)] root : DEBUG [ipadnssearchldap(es)] root : DEBUG Domain not found DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): linux.gva.es root : DEBUG will use domain: linux.gva.es root : DEBUG [ipadnssearchldap] root : DEBUG IPA Server not found DNS discovery failed to find the IPA Server Provide your IPA server name (ex: ipa.example.com): freeipaserver.linux.gva.es root : DEBUG will use server: freeipaserver.linux.gva.es root : DEBUG [ipadnssearchkrb] root : DEBUG [ipacheckldap] root : DEBUG args=/usr/bin/wget -O /tmp/tmpWptXwb/ca.crt -T 15 -t 2 http://freeipaserver.linux.gva.es/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2012-05-11 12:06:09-- http://freeipaserver.linux.gva.es/ipa/config/ca.crt Resolent freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)... 192.168.222.99 S'està connectant a freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)|192.168.222.99|:80... conectat. HTTP: Petició enviada, esperant resposta... 200 OK Longitud: 1325 (1.3K) [application/x-x509-ca-cert] S'està desant a: «/tmp/tmpWptXwb/ca.crt» 0K . 100% 38.4M=0s 2012-05-11 12:06:09 (38.4 MB/s) - s'ha desat «/tmp/tmpWptXwb/ca.crt» [1325/1325] root : DEBUG Init ldap with: ldap://freeipaserver.linux.gva.es:389 root : ERROR LDAP Error: Connect error: A TLS packet with unexpected length was received. Failed to verify that freeipaserver.linux.gva.es is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. Installation failed. Rolling back changes. IPA client is not configured on this system. pasqual@ubuntuprovesfreeipa:~$ ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: freeipa-client 2.1.4-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14 Uname: Linux 3.2.0-24-generic-pae i686 ApportVersion: 2.0.1-0ubuntu7 Architecture: i386 Date: Fri May 11 12:07:16 2012 InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423) SourcePackage: freeipa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/freeipa/+bug/997990/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
