Description of problem:
00:13:53,481 INFO program: Running... /usr/sbin/authconfig --update --nostart --enablemd5 --enableshadow --enableldap --ldapserver=ldap.cora.nwra.com,ldap2.cora.nwra.com --ldapbasedn=dc=nwra,dc=com --enableldaptls --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl --enablekrb5 --krb5kdc=kerberos.cora.nwra.com,kerberos2.cora.nwra.com --krb5adminserver=kerberos.cora.nwra.com --krb5realm=CORA.NWRA.COM
00:13:57,251 ERR program: authconfig: Error downloading CA certificate
But this works just fine when run on the installed system.
Version-Release number of selected component (if applicable):
Two different systems so far
Is there anything more in /tmp/program.log?
Just what I posted above (which was from /var/log/anaconda/anaconda.program.log, which I believe is the same?).
Yeah, /tmp during installation and /var/log/anaconda after installation.
What else is going on with your kickstart install? What's your installation method, and what's your network config? Can you run the same command from the command line at the end of installation?
Created attachment 641634 [details]
Here's the full program log. Some more kickstart stuff:
repo --name=rpmfusion-nonfree-development-18-x86_64 --baseurl=http://rpmfusion.cora.nwra.com/nonfree/fedora/development/18/x86_64/os
repo --name=rpmfusion-free-development-18-x86_64 --baseurl=http://rpmfusion.cora.nwra.com/free/fedora/development/18/x86_64/os
repo --name=fedora-18-updates-x86_64 --baseurl=http://fedora.cora.nwra.com/updates/18/x86_64
repo --name=fedora-18-updates-testing-x86_64 --baseurl=http://fedora.cora.nwra.com/updates/testing/18/x86_64
repo --name=fedora-18-devel-x86_64 --baseurl=http://fedora.cora.nwra.com/development/18/x86_64/os
repo --name=cora-f18-x86_64 --baseurl=http://corpms.cora.nwra.com/fedora/18/x86_64
repo --name=adobe-linux-x86_64 --baseurl=http://adobe.cora.nwra.com/linux/x86_64/
repo --name=adobe-linux-i386 --baseurl=http://adobe.cora.nwra.com/linux/i386/
authconfig --enablemd5 --enableshadow --enableldap --ldapserver=ldap.cora.nwra.com,ldap2.cora.nwra.com --ldapbasedn=dc=nwra,dc=com --enableldaptls --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl --enablekrb5 --krb5kdc=kerberos.cora.nwra.com,kerberos2.cora.nwra.com --krb5adminserver=kerberos.cora.nwra.com --krb5realm=CORA.NWRA.COM
timezone --utc America/Denver
Network is configured via cobbler for dhcp.
I can run the command fine from the command line after install. Haven't tried in %post.
authconfig appears to run fine in %post, so there must be something different about how anaconda runs it.
Was your post script --chroot or not? Sorry I'm not more helpful on this. I don't really know anything about the authconfig options in question.
The post script is run in the chroot. The authconfig code seems to just download using urllib2 to /etc/openldap/cacerts, not sure what could be going wrong.
I can reproduce this with a bit smaller authconfig line;
authconfig --enableldap --enableldapauth --ldapserver=ldaps://infosto.koti/ --ldapbasedn=dc=koti --ldaploadcacert=http://www.koti/ca.koti.cert.pem --enablemkhomedir
I have not tried if it would work in a %post script, but at least the same line appended with a --updateall works just fine when I run it in the installed system after installation.
Created attachment 653140 [details]
This has been quiet for a while. I have just caught up with this in the 18-Beta release. Is this older than Rawhide releases? I can add a slight comment. All the other settings in the authconfig line seem to get set. (they show up pre-set when system-config-authentication is run)
Still present in Fedora 18 RC4 (aka final) alas. Work around is to run:
/usr/sbin/authconfig --update --nostart --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl
Still present in Fedora 19 Beta RC2 (19.28-1).
I created an updates.img that ran authconfig via strace and I see:
21:29:40,318 INFO program: open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
So, why is there no /etc/resolv.conf at this point in the install?
"auth" command getting run before "network" command?
Yes, /etc/resolv.conf is copied to installation root (ksdata.network.execute()) after authconfig is run (ksdata.authconfig.execute()).
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '18'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 18's end of life.
Thank you for reporting this issue and we are sorry that we may not be
able to fix it before Fedora 18 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior to Fedora 18's end of life.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
Still a problem in Fedora 20, so moving to rawhide/tracking. It would be nice to have this fixed some day.
I've run into this using kickstarts that register with freeipa in the post-install. I worked around it by manually setting up resolv.conf in the script, but having it setup properly would be really nice.
I can't seem to reproduce this issue anymore in F22.
Indeed. Thanks for checking.