On Wed, Jul 12, 2023 at 05:29:53AM -0000, dweller dweller via FreeIPA-users wrote: > Introduction: We are currently using the Altlinux system, and the freeipa > package is maintained in the repository provided at > https://packages.altlinux.org/en/p10/srpms/freeipa/. To meet our specific > requirements, I decided to create a container package based on the Altlinux > p10 distribution. However, I have now encountered a problem while trying to > install ipa-client inside the container. It seems that I am not receiving a > session cookie for some reason. Although the logs indicate that the Ticket > Granting Ticket (TGT) is successfully issued and stored at > /etc/ipa/.dns_ccache (TGT for the host principal), there is a warning stating > that the ipa_session cookie cannot be found. As a result, the request to > /ipa/json fails with a 401 error. >
[...] > >2023-07-12T03:50:08Z DEBUG failed to find session_cookie in persistent > >storage for principal > >'host/[email protected]' > >2023-07-12T03:50:08Z DEBUG trying > >https://ipamaster.ipa-test.novalocal/ipa/json > >2023-07-12T03:50:08Z DEBUG Created connection > >context.rpcclient_139827748309840 > >2023-07-12T03:50:08Z DEBUG [try 1]: Forwarding 'schema' to json server > >'https://ipamaster.ipa-test.novalocal/ipa/json' > >2023-07-12T03:50:08Z DEBUG ENTERING SINGLE_REQUEST > >2023-07-12T03:50:08Z DEBUG HOST:i (ipamaster.ipa-test.novalocal) > >2023-07-12T03:50:08Z DEBUG HANDLER: (/ipa/json) > >2023-07-12T03:50:08Z DEBUG REQUEST_BODY: (b'{"method": "schema", "params": > >[[], {"version": "2.170"}], "id": 0}') > >2023-07-12T03:50:08Z DEBUG New HTTP connection (ipamaster.ipa-test.novalocal) > >2023-07-12T03:50:08Z DEBUG HTTP connection destroyed > >(ipamaster.ipa-test.novalocal) > >Traceback (most recent call last): > > File > > "/usr/lib64/python3/site-packages/ipaclient/remote_plugins/__init__.py", > > line 120, in get_package > > plugins = api._remote_plugins > >AttributeError: 'API' object has no attribute '_remote_plugins' > > > >During handling of the above exception, another exception occurred: > > > >Traceback (most recent call last): > > File "/usr/lib64/python3/site-packages/ipalib/rpc.py", line 727, in > > single_request > > if not self._auth_complete(response): > > File "/usr/lib64/python3/site-packages/ipalib/rpc.py", line 673, in > > _auth_complete > > raise errors.KerberosError( > >ipalib.errors.KerberosError: No valid Negotiate header in server response > >2023-07-12T03:50:08Z DEBUG Destroyed connection > >context.rpcclient_139827748309840 > >2023-07-12T03:50:08Z DEBUG File > >"/usr/lib64/python3/site-packages/ipapython/admintool.py", line 180, in > >execute Should I venture a guess, based on the same errors that we saw reported in https://github.com/freeipa/freeipa-container/issues?q=is%3Aissue+is%3Aclosed you run the container as privileged. Remove the --privileged from your podman / docker run command. -- Jan Pazdziora | Sr. Principal Software Engineer | Red Hat _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
