Bug 744101
| Summary: | Client install fails when anonymous bind is disabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | grajaiya, jgalipea, mkosek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.1.3-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Do not document
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 18:42:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 748554 | ||
|
Description
Dmitri Pal
2011-10-07 03:49:15 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1935 Fixed upstream: master: f2fb6552c91fa530597e6deb776d90344bfe67bd ipa-2-1: 32dbf7ff06cf36467570409ca0c93e8cc5788bf7 Documented in Bug 741050.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Do not document
SERVER: [root@decepticons slapd-PKI-IPA]# ldapsearch -x -h localhost -p 389 -D 'cn=directory manager' -w Secret123 -b 'cn=config' "objectClass=nsslapdConfig" nsslapd-allow-anonymous-access # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: objectClass=nsslapdConfig # requesting: nsslapd-allow-anonymous-access # # config dn: cn=config nsslapd-allow-anonymous-access: off # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 CLIENT: [root@sideswipe ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --server=decepticons.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -w Secret123 -U Warning: Anonymous access to the LDAP server is disabled. Proceeding without strict verification. Note: This is not an error if anonymous access has been explicitly restricted. DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: sideswipe.lab.eng.pnq.redhat.com Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: decepticons.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Synchronizing time with KDC... Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM SSSD enabled NTP enabled Client configuration complete. [root@sideswipe ~]# [root@sideswipe ~]# kinit shanks Password for shanks.PNQ.REDHAT.COM: [root@sideswipe ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: shanks.PNQ.REDHAT.COM Valid starting Expires Service principal 11/07/11 17:19:51 11/08/11 17:19:48 krbtgt/LAB.ENG.PNQ.REDHAT.COM.PNQ.REDHAT.COM [root@sideswipe ~]# Verified in version: ipa-client-2.1.3-8.el6.i686. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |