On Fri, Jun 28, 2019 at 06:04:22PM +0000, Conley, Sean L. - US via FreeIPA-users wrote:
Hello,
I need some assistance getting a basic functional docker-based FreeIPA server deploy
working. I am not sure what I am missing, but the install is consistently failing on the
client setup portion at the end. I have tried a number of variations for install options,
but always end up with the same result. Any assistance would be much appreciated.
This is a good example of how I am bootstrapping the container:
host=ipa
domain=example.com
realm=EXAMPLE.COM
password=Secret123
rm -rf /data/ipa/*
cat << EOF > /data/ipa/ipa-server-install-options
--setup-dns \
--forwarder=10.2.0.2 \
--allow-zone-overlap \
--domain=${domain} \
--realm=${realm} \
--hostname=${host}.${domain} \
--ds-password=${password} \
--admin-password=${password} \
--no-ntp \
--verbose \
--unattended
EOF
docker run -it --rm -e DEBUG_TRACE=1 -e DEBUG_NO_EXIT=1 --name ${host} -h
${host}.${domain} \
-e PASSWORD=$password \
-v /data/ipa:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp \
-p 53:53/udp -p 53:53 -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \
-p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 -p 9443:9443 -p 9444:9444 -p
9445:9445 \
--privileged --userns=host freeipa/freeipa-server
It appears that most of the install runs as expected, but this is what I get in the end:
No valid Negotiate header in server response
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more
information
Here are some additional details from the ipaclient-install.log:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py",
line 126, in get_package
plugins = api._remote_plugins
AttributeError: 'API' object has no attribute '_remote_plugins'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in
single_request
if not self._auth_complete(response):
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in
_auth_complete
message=u"No valid Negotiate header in server response")
ipalib.errors.KerberosError: No valid Negotiate header in server response
2019-06-28T17:01:04Z DEBUG Destroyed connection context.rpcclient_140381178350560
Sorry for the late reply.
Could you retry without the --privileged option?
--
Jan Pazdziora
Senior Principal Software Engineer, Security Engineering, Red Hat