Bug 826402 - RFE: Improve error message when unable to connect to IPA LDAP server
RFE: Improve error message when unable to connect to IPA LDAP server
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: freeipa (Show other bugs)
17
Unspecified Linux
unspecified Severity high
: ---
: ---
Assigned To: Rob Crittenden
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-30 02:45 EDT by Arthur
Modified: 2012-10-10 10:16 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-10 10:16:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ipa-cleint install log (1.98 KB, text/x-log)
2012-05-31 01:01 EDT, Arthur
no flags Details

  None (edit)
Description Arthur 2012-05-30 02:45:40 EDT
Description of problem:
I have EL6 installed with IPA-Server. Everything was fine with Fedora16. But when I've tried to join IPA-client оn Fedora17, I've recieved this message:

|ipa         : ERROR    LDAP Error: Can't contact LDAP server: 
|Failed to verify that ipaserver.bashnl.local is an IPA Server.
|This may mean that the remote server is not up or is not reachable
|due to network or firewall settings.
|Installation failed. Rolling back changes.
|IPA client is not configured on this system.


Version-Release number of selected component (if applicable):
Server: IPA-Server installed from repository
Client: Fedora17 with "minimal" install. after installation process, I've installed "htop, nmap, bash-completion, vim-enhanced". After that I've installed "ipa-client, ipa-admintools" from repository

How reproducible:


Steps to Reproduce:
1. install Fedora17
2. install ipa-client, ipa-admintools
3. run 'ipa-cilent-install --enable-dns-update --mkhomedir'
  
Actual results:
|ipa         : ERROR    LDAP Error: Can't contact LDAP server: 
|Failed to verify that ipaserver.bashnl.local is an IPA Server.
|This may mean that the remote server is not up or is not reachable
|due to network or firewall settings.
|Installation failed. Rolling back changes.
|IPA client is not configured on this system.


Expected results:
join Fedora17 as ipa-client to ipa-server

Additional info:
Comment 1 Rob Crittenden 2012-05-30 12:03:46 EDT
Can you attach /var/log/ipaclient-install.log?
Comment 2 Arthur 2012-05-31 01:01:52 EDT
Created attachment 587938 [details]
ipa-cleint install log

After I've recivied error message, I've cheked avaibility to server from F17:
Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-30 11:13 YEKT
Nmap scan report for ipaserver.bashnl.local (10.39.0.60)
Host is up (0.00025s latency).
Not shown: 993 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
88/tcp  open  kerberos-sec
443/tcp open  https
464/tcp open  kpasswd5
636/tcp open  ldapssl
MAC Address: 52:54:00:97:64:3B (QEMU Virtual NIC)
Comment 3 Arthur 2012-05-31 01:06:42 EDT
Sorry. it was our mistake :(
in iptables has been opened 399 port instead 389.
i think report should be closed.
will it bring my karma down?
Comment 4 Rob Crittenden 2012-06-01 11:11:17 EDT
Glad it was something simple. Would improved error messages in ipa-client-install have made this easier to debug?
Comment 5 Arthur 2012-06-07 00:15:42 EDT
I think yes :)
if it has said that exactly 389 port is not reacheble, I would debug it imidiatly, and would not disturb you :)
Comment 6 Rob Crittenden 2012-06-07 08:58:00 EDT
Ok, re-opening. I'll see what we can do about making the error message clearer.

Bug titled updated.
Comment 7 Rob Crittenden 2012-06-07 08:59:30 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2816
Comment 8 Rob Crittenden 2012-10-10 10:16:23 EDT
Fixed upstream.

master: 00a54b8b7f1e6e157f4b5efe7f24462685194de5

ipa-3-0: 50e55b012ecf533c190536a364c72c961c070f9f

Note You need to log in before you can comment on or make changes to this bug.