Re: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off

Wed, 20 Jan 2016 04:56:23 -0800 

Adding freeipa-users back, so that others can benefit from the answer.

Can you please attach a full ipaclient-install.log DEBUG log somewhere so that
we can get the full context of the bug? You may also want to open a RHEL-6
Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only maintained
in RHEL-6.x.

Thanks,
Martin

On 01/20/2016 01:39 PM, bahan w wrote:
> Hello Martin !
> 
> Thanks for your answer, Martin !
> 
> I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately I
> still have the same error message.
> 
> # rpm -qa | grep ipa-client
> ipa-client-3.0.0-47.el6.x86_64
> 
> And in ipa-client-install.log :
> ###
> 2016-01-20T12:38:14Z DEBUG [LDAP server check]
> 2016-01-20T12:38:14Z DEBUG Verifying that <fqdn ipa server> (realm None) is
> an IPA server
> 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap://<fqdn ipa
> server>:389
> 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed
> ###
> 
> Best regards.
> 
> Bahan
> 
> 
> On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek <[email protected]> wrote:
> 
>> On 01/20/2016 12:08 PM, bahan w wrote:
>>> Hello !
>>>
>>> I send you this mail because of the following topic.
>>>
>>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous
>>> access for security reasons.
>>>
>>> But now, I have a problem when I try to enroll a new host.
>>>
>>> Here is the command I try :
>>> ###
>>> ipa-client-install --domain=<mydomain> --realm=<myrealm> --server=<fqdn
>>> ipaserver> --principal=admin --password=<PASSWORD FOR IPA ADMIN>
>>> --mkhomedir  --hostname=<fqdn server> --no-ntp --no-ssh --no-sshd
>>> --unattended
>>> ###
>>>
>>> And here is the error message :
>>> ###
>>> 2016-01-20T11:06:44Z DEBUG Verifying that <fqdn ipaserver> (realm None)
>> is
>>> an IPA server
>>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://<fqdn ipa
>>> server>:389
>>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed
>>> ###
>>>
>>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous acces
>>> disabled ?
>>>
>>> Best regards.
>>>
>>> Bahan
>>
>> Hello,
>>
>> This looks like
>> https://bugzilla.redhat.com/show_bug.cgi?id=922843
>>
>> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and
>> later).
>>
>> HTH,
>> Martin
>>
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to