Bug 826402 - RFE: Improve error message when unable to connect to IPA LDAP server
Summary: RFE: Improve error message when unable to connect to IPA LDAP server
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 17
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-30 06:45 UTC by Arthur
Modified: 2012-10-10 14:16 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-10 14:16:23 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
ipa-cleint install log (1.98 KB, text/x-log)
2012-05-31 05:01 UTC, Arthur 		no flags Details
View All

Description Arthur 2012-05-30 06:45:40 UTC 
Description of problem:
I have EL6 installed with IPA-Server. Everything was fine with Fedora16. But when I've tried to join IPA-client оn Fedora17, I've recieved this message:

|ipa         : ERROR    LDAP Error: Can't contact LDAP server: 
|Failed to verify that ipaserver.bashnl.local is an IPA Server.
|This may mean that the remote server is not up or is not reachable
|due to network or firewall settings.
|Installation failed. Rolling back changes.
|IPA client is not configured on this system.


Version-Release number of selected component (if applicable):
Server: IPA-Server installed from repository
Client: Fedora17 with "minimal" install. after installation process, I've installed "htop, nmap, bash-completion, vim-enhanced". After that I've installed "ipa-client, ipa-admintools" from repository

How reproducible:


Steps to Reproduce:
1. install Fedora17
2. install ipa-client, ipa-admintools
3. run 'ipa-cilent-install --enable-dns-update --mkhomedir'
  
Actual results:
|ipa         : ERROR    LDAP Error: Can't contact LDAP server: 
|Failed to verify that ipaserver.bashnl.local is an IPA Server.
|This may mean that the remote server is not up or is not reachable
|due to network or firewall settings.
|Installation failed. Rolling back changes.
|IPA client is not configured on this system.


Expected results:
join Fedora17 as ipa-client to ipa-server

Additional info:
Comment 1 Rob Crittenden 2012-05-30 16:03:46 UTC 
Can you attach /var/log/ipaclient-install.log?
Comment 2 Arthur 2012-05-31 05:01:52 UTC 
Created attachment 587938 [details]
ipa-cleint install log

After I've recivied error message, I've cheked avaibility to server from F17:
Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-30 11:13 YEKT
Nmap scan report for ipaserver.bashnl.local (10.39.0.60)
Host is up (0.00025s latency).
Not shown: 993 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
88/tcp  open  kerberos-sec
443/tcp open  https
464/tcp open  kpasswd5
636/tcp open  ldapssl
MAC Address: 52:54:00:97:64:3B (QEMU Virtual NIC)
Comment 3 Arthur 2012-05-31 05:06:42 UTC 
Sorry. it was our mistake :(
in iptables has been opened 399 port instead 389.
i think report should be closed.
will it bring my karma down?
Comment 4 Rob Crittenden 2012-06-01 15:11:17 UTC 
Glad it was something simple. Would improved error messages in ipa-client-install have made this easier to debug?
Comment 5 Arthur 2012-06-07 04:15:42 UTC 
I think yes :)
if it has said that exactly 389 port is not reacheble, I would debug it imidiatly, and would not disturb you :)
Comment 6 Rob Crittenden 2012-06-07 12:58:00 UTC 
Ok, re-opening. I'll see what we can do about making the error message clearer.

Bug titled updated.
Comment 7 Rob Crittenden 2012-06-07 12:59:30 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2816
Comment 8 Rob Crittenden 2012-10-10 14:16:23 UTC 
Fixed upstream.

master: 00a54b8b7f1e6e157f4b5efe7f24462685194de5

ipa-3-0: 50e55b012ecf533c190536a364c72c961c070f9f
Note You need to log in before you can comment on or make changes to this bug.