https://bugzilla.redhat.com/show_bug.cgi?id=741050
Description of problem: Our LDAP(s) server needs to be available over the public internet, so we have disabled anonymous bind on our FreeIPA system. I am attempting to configure an IPA client against that server and it fails with and error. Version-Release number of selected component (if applicable): Server (RHEL 6.1): ipa-pki-common-theme-9.0.3-6.el6.noarch ipa-server-2.0.0-23.el6_1.2.x86_64 ipa-client-2.0.0-23.el6_1.2.x86_64 ipa-admintools-2.0.0-23.el6_1.2.x86_64 ipa-pki-ca-theme-9.0.3-6.el6.noarch ipa-server-selinux-2.0.0-23.el6_1.2.x86_64 ipa-python-2.0.0-23.el6_1.2.x86_64 Client (CentOS 5): ipa-client-2.0-14.el5_7.1 How reproducible: Every time. Steps to Reproduce: 1. Configure IPA server 2. Disable anonymous bind (by enabling the "nsslapd-allow-anonymous-access" option) 3. run "ipa-client-install" on the client system Actual results: root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'realm_name': None, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir': False, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG [ipadnssearchldap(internal.opennms.com)] root : DEBUG [ipadnssearchldap(opennms.com)] root : DEBUG [ipadnssearchkrb] root : DEBUG [ipacheckldap] root : DEBUG args=/usr/bin/wget -O /tmp/tmp1NzEv5/ca.crt http://connect.opennms.com/ipa/config/ca.crt root : DEBUG stdout= root : DEBUG stderr=--2011-09-24 13:41:17-- http://connect.opennms.com/ipa/config/ca.crt Resolving connect.opennms.com... 66.135.60.215 Connecting to connect.opennms.com|66.135.60.215|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://connect.opennms.com/ipa/config/ca.crt [following] --2011-09-24 13:41:17-- https://connect.opennms.com/ipa/config/ca.crt Connecting to connect.opennms.com|66.135.60.215|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 771 [application/x-x509-ca-cert] Saving to: `/tmp/tmp1NzEv5/ca.crt' 0K 100% 1.15M=0.001s 2011-09-24 13:41:18 (1.15 MB/s) - `/tmp/tmp1NzEv5/ca.crt' saved [771/771] root : DEBUG Init ldap with: ldap://connect.opennms.com:389 root : ERROR LDAP Error: Inappropriate authentication: Anonymous access is not allowed root : DEBUG will use domain: opennms.com root : DEBUG will use server: connect.opennms.com Failed to verify that connect.opennms.com is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. Expected results: client gets configured to talk to the IPA server Additional info:
master: 8f2e333[[BR]] ipa-2-1: 8fb70fd
Metadata Update from @dpal: - Issue assigned to simo - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.