freeipa-container: ipa-client-install error: "No valid Negotiate header in server response"
I’m trying to run freeipa-container but it fails on ipa-client-install section.
I run the container with the following command:
docker run --rm --privileged --name freeipa-server-container -ti -h ipa.example.test \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /run -v /tmp -v /dev/urandom:/dev/random:ro \
-e PASSWORD=S23 --sysctl net.ipv6.conf.all.disable_ipv6=0 \
freeipa/freeipa-server no-exit -U -r EXAMPLE.TEST --no-ntp
(I need “–privileged” “–sysctl net.ipv6.conf.all.disable_ipv6=0” and “-v /run -v /tmp” because of some other issues, that these options solved. )
The error I get is the following (extract from ipaclient-install.log) :
2019-07-30T10:36:39Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipa.example.test@EXAMPLE.TEST'
2019-07-30T10:36:39Z DEBUG trying https://ipa.example.test/ipa/json
2019-07-30T10:36:39Z DEBUG Created connection context.rpcclient_139825453996184
2019-07-30T10:36:39Z DEBUG [try 1]: Forwarding 'schema' to json server 'https://ipa.example.test/ipa/json'
2019-07-30T10:36:40Z DEBUG New HTTP connection (ipa.example.test)
2019-07-30T10:36:40Z DEBUG HTTP connection destroyed (ipa.example.test)
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package
plugins = api._remote_plugins
AttributeError: 'API' object has no attribute '_remote_plugins'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 724, in single_request
if not self._auth_complete(response):
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 677, in _auth_complete
message=u"No valid Negotiate header in server response")
ipalib.errors.KerberosError: No valid Negotiate header in server response
2019-07-30T10:36:40Z DEBUG Destroyed connection context.rpcclient_139825453996184
2019-07-30T10:36:40Z DEBUG File "/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute
return_value = self.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 340, in run
return cfgr.run()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.7/site-packages/ipaclient/install/client.py", line 3842, in main
install(self)
File "/usr/lib/python3.7/site-packages/ipaclient/install/client.py", line 2555, in install
_install(options)
File "/usr/lib/python3.7/site-packages/ipaclient/install/client.py", line 2867, in _install
api.finalize()
File "/usr/lib/python3.7/site-packages/ipalib/plugable.py", line 741, in finalize
self.__do_if_not_done('load_plugins')
File "/usr/lib/python3.7/site-packages/ipalib/plugable.py", line 429, in __do_if_not_done
getattr(self, name)()
File "/usr/lib/python3.7/site-packages/ipalib/plugable.py", line 621, in load_plugins
for package in self.packages:
File "/usr/lib/python3.7/site-packages/ipalib/__init__.py", line 949, in packages
ipaclient.remote_plugins.get_package(self),
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 134, in get_package
plugins = schema.get_package(server_info, client)
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/schema.py", line 553, in get_package
schema = Schema(client)
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/schema.py", line 402, in __init__
fingerprint, ttl = self._fetch(client, ignore_cache=read_failed)
File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/schema.py", line 427, in _fetch
schema = client.forward(u'schema', **kwargs)['result']
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 1149, in forward
return self._call_command(command, params)
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 1125, in _call_command
return command(*params)
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 1279, in _call
return self.__request(name, args)
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 1246, in __request
verbose=self.__verbose >= 3,
File "/usr/lib64/python3.7/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 724, in single_request
if not self._auth_complete(response):
File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 677, in _auth_complete
message=u"No valid Negotiate header in server response")
2019-07-30T10:36:40Z DEBUG The ipa-client-install command failed, exception: KerberosError: No valid Negotiate header in server response
2019-07-30T10:36:40Z ERROR No valid Negotiate header in server response
2019-07-30T10:36:40Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
I will appreciate help in solving this issue.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 27
Commits related to this issue
- Document not using ipa-server-install --hostname option. — committed to adelton/freeipa-container by adelton 5 years ago
Let’s keep this issue focused on the
ipa-client-installproblem during the initialipa-server-installand move the port discussion to https://github.com/freeipa/freeipa-container/issues/287.I’d focus on resolving the issues that forced you to use
--privileged, to be able to remove it. In the past we’ve seen it causing more harm than help.