Running ipa-client-install (via realmd) leads to this backtrace:
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 2848, in <module>
File "/usr/sbin/ipa-client-install", line 2829, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 2528, in install
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 708, in finalize
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 482, in __do_if_not_done
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 645, in load_plugins
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 689, in import_plugins
File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py", line 28, in <module>
from backports.ssl_match_hostname import match_hostname
ImportError: No module named backports.ssl_match_hostname
! Running ipa-client-install failed
== Workaround ==
We are solving this report upstream, but note that to workaround it before official fix, please install "python-backports-ssl_match_hostname" before running ipa-client-install.
BuildRequires also updated/fixed:
freeipa-4.0.2-1.fc21 has been submitted as an update for Fedora 21.
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.0.2-1.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
transferring proposed blocker status from https://bugzilla.redhat.com/show_bug.cgi?id=1139917#c0 . I've verified the fix for this.
*** Bug 1139917 has been marked as a duplicate of this bug. ***
(In reply to Fedora Update System from comment #6)
> Package freeipa-4.0.2-1.fc21:
> * should fix your issue,
It does, thanks!
Discussed at 2014-09-10 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2014-09-10/f21-blocker-review.2014-09-10-16.07.log.txt . Accepted as a blocker per https://fedoraproject.org/wiki/Fedora_21_Alpha_Release_Criteria#Remote_authentication , "It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain."
freeipa-4.0.2-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.