Hello,
I need some assistance getting a basic functional docker-based FreeIPA server deploy working. I am not sure what I am missing, but the install is consistently failing on the client setup portion at the end. I have tried a number of variations for install options, but always end up with the same result. Any assistance would be much appreciated.
This is a good example of how I am bootstrapping the container:
host=ipa domain=example.com realm=EXAMPLE.COM password=Secret123 rm -rf /data/ipa/* cat << EOF > /data/ipa/ipa-server-install-options --setup-dns \ --forwarder=10.2.0.2 \ --allow-zone-overlap \ --domain=${domain} \ --realm=${realm} \ --hostname=${host}.${domain} \ --ds-password=${password} \ --admin-password=${password} \ --no-ntp \ --verbose \ --unattended EOF docker run -it --rm -e DEBUG_TRACE=1 -e DEBUG_NO_EXIT=1 --name ${host} -h ${host}.${domain} \ -e PASSWORD=$password \ -v /data/ipa:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp \ -p 53:53/udp -p 53:53 -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \ -p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 -p 9443:9443 -p 9444:9444 -p 9445:9445 \ --privileged --userns=host freeipa/freeipa-server
It appears that most of the install runs as expected, but this is what I get in the end:
No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Here are some additional details from the ipaclient-install.log:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package plugins = api._remote_plugins AttributeError: 'API' object has no attribute '_remote_plugins'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in single_request if not self._auth_complete(response): File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in _auth_complete message=u"No valid Negotiate header in server response") ipalib.errors.KerberosError: No valid Negotiate header in server response 2019-06-28T17:01:04Z DEBUG Destroyed connection context.rpcclient_140381178350560
On Fri, Jun 28, 2019 at 06:04:22PM +0000, Conley, Sean L. - US via FreeIPA-users wrote:
Hello,
I need some assistance getting a basic functional docker-based FreeIPA server deploy working. I am not sure what I am missing, but the install is consistently failing on the client setup portion at the end. I have tried a number of variations for install options, but always end up with the same result. Any assistance would be much appreciated.
This is a good example of how I am bootstrapping the container:
host=ipa domain=example.com realm=EXAMPLE.COM password=Secret123 rm -rf /data/ipa/* cat << EOF > /data/ipa/ipa-server-install-options --setup-dns \ --forwarder=10.2.0.2 \ --allow-zone-overlap \ --domain=${domain} \ --realm=${realm} \ --hostname=${host}.${domain} \ --ds-password=${password} \ --admin-password=${password} \ --no-ntp \ --verbose \ --unattended EOF docker run -it --rm -e DEBUG_TRACE=1 -e DEBUG_NO_EXIT=1 --name ${host} -h ${host}.${domain} \ -e PASSWORD=$password \ -v /data/ipa:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp \ -p 53:53/udp -p 53:53 -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \ -p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 -p 9443:9443 -p 9444:9444 -p 9445:9445 \ --privileged --userns=host freeipa/freeipa-server
It appears that most of the install runs as expected, but this is what I get in the end:
No valid Negotiate header in server response The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Here are some additional details from the ipaclient-install.log:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package plugins = api._remote_plugins AttributeError: 'API' object has no attribute '_remote_plugins'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in single_request if not self._auth_complete(response): File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in _auth_complete message=u"No valid Negotiate header in server response") ipalib.errors.KerberosError: No valid Negotiate header in server response 2019-06-28T17:01:04Z DEBUG Destroyed connection context.rpcclient_140381178350560
Sorry for the late reply.
Could you retry without the --privileged option?
freeipa-users@lists.fedorahosted.org