Running ipa-client-install (via realmd) leads to this backtrace: Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 2848, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 2829, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 2528, in install api.finalize() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 708, in finalize self.__do_if_not_done('load_plugins') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 482, in __do_if_not_done getattr(self, name)() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 645, in load_plugins self.import_plugins('ipalib') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 689, in import_plugins __import__(fullname) File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py", line 28, in <module> from backports.ssl_match_hostname import match_hostname ImportError: No module named backports.ssl_match_hostname ! Running ipa-client-install failed
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4515
== Workaround == We are solving this report upstream, but note that to workaround it before official fix, please install "python-backports-ssl_match_hostname" before running ipa-client-install.
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/42bf7abb5f81f0b8f98370f7330ab5c5dc2a2fb4 ipa-4-1: https://fedorahosted.org/freeipa/changeset/c03404423d30781ab18815472782f465915fec7f ipa-4-0: https://fedorahosted.org/freeipa/changeset/aa5d86cf84afe766a7493a184a6a55442298ea98
BuildRequires also updated/fixed: master: https://fedorahosted.org/freeipa/changeset/68b7312639260926e3d4a07ab002f54ce238c72e ipa-4-1: https://fedorahosted.org/freeipa/changeset/cac070b121b0a676c1367602852b8fafe62a3330 ipa-4-0: https://fedorahosted.org/freeipa/changeset/4adefc3f5d177337a7e1acfc2a07e67853e716c7
freeipa-4.0.2-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/freeipa-4.0.2-1.fc21
Package freeipa-4.0.2-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-4.0.2-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-10298/freeipa-4.0.2-1.fc21 then log in and leave karma (feedback).
transferring proposed blocker status from https://bugzilla.redhat.com/show_bug.cgi?id=1139917#c0 . I've verified the fix for this.
*** Bug 1139917 has been marked as a duplicate of this bug. ***
(In reply to Fedora Update System from comment #6) > Package freeipa-4.0.2-1.fc21: > * should fix your issue, It does, thanks!
Discussed at 2014-09-10 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2014-09-10/f21-blocker-review.2014-09-10-16.07.log.txt . Accepted as a blocker per https://fedoraproject.org/wiki/Fedora_21_Alpha_Release_Criteria#Remote_authentication , "It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain."
freeipa-4.0.2-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.