report.html

Report generated on 09-Oct-2018 at 07:21:10 by pytest-html v1.19.0

Environment

Packages {'pytest': '3.4.2', 'py': '1.5.4', 'pluggy': '0.6.0'}
Platform Linux-4.17.19-200.fc28.x86_64-x86_64-with-fedora-28-Twenty_Eight
Plugins {'metadata': '1.7.0', 'html': '1.19.0', 'sourceorder': '0.5', 'multihost': '3.0'}
Python 3.6.6

Summary

7 tests ran in 1161.87 seconds.

7 passed, 0 skipped, 0 failed, 0 errors, 0 expected failures, 0 unexpected passes

Results

Result Test Duration Links
Passed test_advise.py::TestAdvice::()::test_invalid_advice 1.28
------------------------------ Captured log setup ------------------------------
__init__.py 250 INFO Preparing host master.ipa.test transport.py 1687 INFO Connected (version 2.0, client OpenSSH_7.8) transport.py 247 DEBUG Authenticating with private RSA key using user root transport.py 1687 INFO Authentication (publickey) successful! transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 558 DEBUG -bash: line 1: cd: /ipatests: No such file or directory transport.py 217 DEBUG Exit code: 0 __init__.py 244 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests sftp.py 131 INFO [chan 1] Opened sftp connection (server version 3) transport.py 301 DEBUG STAT / transport.py 312 INFO MKDIR /ipatests transport.py 293 INFO WRITE /ipatests/env.sh __init__.py 244 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/errors to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/access to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipaserver-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipaclient-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipareplica-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipareplica-conncheck.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipareplica-ca-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipaclient-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipaserver-kra-install.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipa-custodia.audit.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/iparestore.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/ipabackup.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/kadmind.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/krb5kdc.log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/httpd/error_log to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/pki/ to list of logs to collect __init__.py 244 INFO Adding master.ipa.test:/var/log/audit/audit.log to list of logs to collect transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 217 DEBUG Exit code: 0 __init__.py 244 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests transport.py 293 INFO WRITE /ipatests/env.sh transport.py 301 DEBUG STAT /etc/hostname transport.py 301 DEBUG STAT /ipatests/file_backup/etc transport.py 301 DEBUG STAT /ipatests/file_backup transport.py 301 DEBUG STAT /ipatests transport.py 312 INFO MKDIR /ipatests/file_backup transport.py 312 INFO MKDIR /ipatests/file_backup/etc transport.py 318 INFO RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 513 DEBUG RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /etc/hostname transport.py 318 INFO RUN ['hostname', 'master.ipa.test'] transport.py 513 DEBUG RUN ['hostname', 'master.ipa.test'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN hostname > '/ipatests/backup_hostname' transport.py 513 DEBUG RUN hostname > '/ipatests/backup_hostname' transport.py 217 DEBUG Exit code: 0 transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'httpd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'httpd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 513 DEBUG RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] transport.py 513 DEBUG RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG Checking DNS domain ipa.test., please wait ... transport.py 558 DEBUG Checking DNS domain 121.168.192.in-addr.arpa., please wait ... transport.py 558 DEBUG Reverse zone 121.168.192.in-addr.arpa. will be created transport.py 558 DEBUG Synchronizing time transport.py 558 DEBUG No SRV records of NTP servers found and no NTP server or pool address was provided. transport.py 558 DEBUG Attempting to sync time with chronyc. transport.py 558 DEBUG Process chronyc waitsync failed to sync time! transport.py 558 DEBUG Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG transport.py 558 DEBUG The log file for this installation can be found in /var/log/ipaserver-install.log transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG This program will set up the FreeIPA Server. transport.py 558 DEBUG Version 4.7.90test transport.py 558 DEBUG transport.py 558 DEBUG This includes: transport.py 558 DEBUG * Configure a stand-alone CA (dogtag) for certificate management transport.py 558 DEBUG * Configure the NTP client (chronyd) transport.py 558 DEBUG * Create and configure an instance of Directory Server transport.py 558 DEBUG * Create and configure a Kerberos Key Distribution Center (KDC) transport.py 558 DEBUG * Configure Apache (httpd) transport.py 558 DEBUG * Configure DNS (bind) transport.py 558 DEBUG * Configure the KDC to enable PKINIT transport.py 558 DEBUG transport.py 558 DEBUG Warning: skipping DNS resolution of host master.ipa.test transport.py 558 DEBUG Checking DNS forwarders, please wait ... transport.py 558 DEBUG Using reverse zone(s) 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG The IPA Master Server will be configured with: transport.py 558 DEBUG Hostname: master.ipa.test transport.py 558 DEBUG IP address(es): 192.168.121.46 transport.py 558 DEBUG Domain name: ipa.test transport.py 558 DEBUG Realm name: IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG The CA will be configured with: transport.py 558 DEBUG Subject DN: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Subject base: O=IPA.TEST transport.py 558 DEBUG Chaining: self-signed transport.py 558 DEBUG transport.py 558 DEBUG BIND DNS server will be configured to serve IPA domain with: transport.py 558 DEBUG Forwarders: 192.168.121.1 transport.py 558 DEBUG Forward policy: only transport.py 558 DEBUG Reverse zone(s): 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG Using default chrony configuration. transport.py 558 DEBUG Warning: IPA was unable to sync time with chrony! transport.py 558 DEBUG Time synchronization is required for IPA to work correctly transport.py 558 DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds transport.py 558 DEBUG [1/44]: creating directory server instance transport.py 558 DEBUG [2/44]: enabling ldapi transport.py 558 DEBUG [3/44]: configure autobind for root transport.py 558 DEBUG [4/44]: stopping directory server transport.py 558 DEBUG [5/44]: updating configuration in dse.ldif transport.py 558 DEBUG [6/44]: starting directory server transport.py 558 DEBUG [7/44]: adding default schema transport.py 558 DEBUG [8/44]: enabling memberof plugin transport.py 558 DEBUG [9/44]: enabling winsync plugin transport.py 558 DEBUG [10/44]: configuring replication version plugin transport.py 558 DEBUG [11/44]: enabling IPA enrollment plugin transport.py 558 DEBUG [12/44]: configuring uniqueness plugin transport.py 558 DEBUG [13/44]: configuring uuid plugin transport.py 558 DEBUG [14/44]: configuring modrdn plugin transport.py 558 DEBUG [15/44]: configuring DNS plugin transport.py 558 DEBUG [16/44]: enabling entryUSN plugin transport.py 558 DEBUG [17/44]: configuring lockout plugin transport.py 558 DEBUG [18/44]: configuring topology plugin transport.py 558 DEBUG [19/44]: creating indices transport.py 558 DEBUG [20/44]: enabling referential integrity plugin transport.py 558 DEBUG [21/44]: configuring certmap.conf transport.py 558 DEBUG [22/44]: configure new location for managed entries transport.py 558 DEBUG [23/44]: configure dirsrv ccache transport.py 558 DEBUG [24/44]: enabling SASL mapping fallback transport.py 558 DEBUG [25/44]: restarting directory server transport.py 558 DEBUG [26/44]: adding sasl mappings to the directory transport.py 558 DEBUG [27/44]: adding default layout transport.py 558 DEBUG [28/44]: adding delegation layout transport.py 558 DEBUG [29/44]: creating container for managed entries transport.py 558 DEBUG [30/44]: configuring user private groups transport.py 558 DEBUG [31/44]: configuring netgroups from hostgroups transport.py 558 DEBUG [32/44]: creating default Sudo bind user transport.py 558 DEBUG [33/44]: creating default Auto Member layout transport.py 558 DEBUG [34/44]: adding range check plugin transport.py 558 DEBUG [35/44]: creating default HBAC rule allow_all transport.py 558 DEBUG [36/44]: adding entries for topology management transport.py 558 DEBUG [37/44]: initializing group membership transport.py 558 DEBUG [38/44]: adding master entry transport.py 558 DEBUG [39/44]: initializing domain level transport.py 558 DEBUG [40/44]: configuring Posix uid/gid generation transport.py 558 DEBUG [41/44]: adding replication acis transport.py 558 DEBUG [42/44]: activating sidgen plugin transport.py 558 DEBUG [43/44]: activating extdom plugin transport.py 558 DEBUG [44/44]: configuring directory to start on boot transport.py 558 DEBUG Done configuring directory server (dirsrv). transport.py 558 DEBUG Configuring Kerberos KDC (krb5kdc) transport.py 558 DEBUG [1/10]: adding kerberos container to the directory transport.py 558 DEBUG [2/10]: configuring KDC transport.py 558 DEBUG [3/10]: initialize kerberos container transport.py 558 DEBUG [4/10]: adding default ACIs transport.py 558 DEBUG [5/10]: creating a keytab for the directory transport.py 558 DEBUG [6/10]: creating a keytab for the machine transport.py 558 DEBUG [7/10]: adding the password extension to the directory transport.py 558 DEBUG [8/10]: creating anonymous principal transport.py 558 DEBUG [9/10]: starting the KDC transport.py 558 DEBUG [10/10]: configuring KDC to start on boot transport.py 558 DEBUG Done configuring Kerberos KDC (krb5kdc). transport.py 558 DEBUG Configuring kadmin transport.py 558 DEBUG [1/2]: starting kadmin transport.py 558 DEBUG [2/2]: configuring kadmin to start on boot transport.py 558 DEBUG Done configuring kadmin. transport.py 558 DEBUG Configuring ipa-custodia transport.py 558 DEBUG [1/5]: Making sure custodia container exists transport.py 558 DEBUG [2/5]: Generating ipa-custodia config file transport.py 558 DEBUG [3/5]: Generating ipa-custodia keys transport.py 558 DEBUG [4/5]: starting ipa-custodia transport.py 558 DEBUG [5/5]: configuring ipa-custodia to start on boot transport.py 558 DEBUG Done configuring ipa-custodia. transport.py 558 DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes transport.py 558 DEBUG [1/28]: configuring certificate server instance transport.py 558 DEBUG [2/28]: exporting Dogtag certificate store pin transport.py 558 DEBUG [3/28]: stopping certificate server instance to update CS.cfg transport.py 558 DEBUG [4/28]: backing up CS.cfg transport.py 558 DEBUG [5/28]: disabling nonces transport.py 558 DEBUG [6/28]: set up CRL publishing transport.py 558 DEBUG [7/28]: enable PKIX certificate path discovery and validation transport.py 558 DEBUG [8/28]: starting certificate server instance transport.py 558 DEBUG [9/28]: configure certmonger for renewals transport.py 558 DEBUG [10/28]: requesting RA certificate from CA transport.py 558 DEBUG [11/28]: setting audit signing renewal to 2 years transport.py 558 DEBUG [12/28]: restarting certificate server transport.py 558 DEBUG [13/28]: publishing the CA certificate transport.py 558 DEBUG [14/28]: adding RA agent as a trusted user transport.py 558 DEBUG [15/28]: authorizing RA to modify profiles transport.py 558 DEBUG [16/28]: authorizing RA to manage lightweight CAs transport.py 558 DEBUG [17/28]: Ensure lightweight CAs container exists transport.py 558 DEBUG [18/28]: configure certificate renewals transport.py 558 DEBUG [19/28]: configure Server-Cert certificate renewal transport.py 558 DEBUG [20/28]: Configure HTTP to proxy connections transport.py 558 DEBUG [21/28]: restarting certificate server transport.py 558 DEBUG [22/28]: updating IPA configuration transport.py 558 DEBUG [23/28]: enabling CA instance transport.py 558 DEBUG [24/28]: migrating certificate profiles to LDAP transport.py 558 DEBUG [25/28]: importing IPA certificate profiles transport.py 558 DEBUG [26/28]: adding default CA ACL transport.py 558 DEBUG [27/28]: adding 'ipa' CA entry transport.py 558 DEBUG [28/28]: configuring certmonger renewal for lightweight CAs transport.py 558 DEBUG Done configuring certificate server (pki-tomcatd). transport.py 558 DEBUG Configuring directory server (dirsrv) transport.py 558 DEBUG [1/3]: configuring TLS for DS instance transport.py 558 DEBUG [2/3]: adding CA certificate entry transport.py 558 DEBUG [3/3]: restarting directory server transport.py 558 DEBUG Done configuring directory server (dirsrv). transport.py 558 DEBUG Configuring ipa-otpd transport.py 558 DEBUG [1/2]: starting ipa-otpd transport.py 558 DEBUG [2/2]: configuring ipa-otpd to start on boot transport.py 558 DEBUG Done configuring ipa-otpd. transport.py 558 DEBUG Configuring the web interface (httpd) transport.py 558 DEBUG [1/21]: stopping httpd transport.py 558 DEBUG [2/21]: backing up ssl.conf transport.py 558 DEBUG [3/21]: disabling nss.conf transport.py 558 DEBUG [4/21]: configuring mod_ssl certificate paths transport.py 558 DEBUG [5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2 transport.py 558 DEBUG [6/21]: configuring mod_ssl log directory transport.py 558 DEBUG [7/21]: disabling mod_ssl OCSP transport.py 558 DEBUG [8/21]: adding URL rewriting rules transport.py 558 DEBUG [9/21]: configuring httpd transport.py 558 DEBUG [10/21]: setting up httpd keytab transport.py 558 DEBUG [11/21]: configuring Gssproxy transport.py 558 DEBUG [12/21]: setting up ssl transport.py 558 DEBUG [13/21]: configure certmonger for renewals transport.py 558 DEBUG [14/21]: publish CA cert transport.py 558 DEBUG [15/21]: clean up any existing httpd ccaches transport.py 558 DEBUG [16/21]: configuring SELinux for httpd transport.py 558 DEBUG [17/21]: create KDC proxy config transport.py 558 DEBUG [18/21]: enable KDC proxy transport.py 558 DEBUG [19/21]: starting httpd transport.py 558 DEBUG [20/21]: configuring httpd to start on boot transport.py 558 DEBUG [21/21]: enabling oddjobd transport.py 558 DEBUG Done configuring the web interface (httpd). transport.py 558 DEBUG Configuring Kerberos KDC (krb5kdc) transport.py 558 DEBUG [1/1]: installing X509 Certificate for PKINIT transport.py 558 DEBUG PKINIT certificate request failed: request timed out transport.py 558 DEBUG Full PKINIT configuration did not succeed transport.py 558 DEBUG The setup will only install bits essential to the server functionality transport.py 558 DEBUG You can enable PKINIT after the setup completed using 'ipa-pkinit-manage' transport.py 558 DEBUG Failed to configure PKINIT transport.py 558 DEBUG Done configuring Kerberos KDC (krb5kdc). transport.py 558 DEBUG Applying LDAP updates transport.py 558 DEBUG Upgrading IPA:. Estimated time: 1 minute 30 seconds transport.py 558 DEBUG [1/11]: stopping directory server transport.py 558 DEBUG [2/11]: saving configuration transport.py 558 DEBUG [3/11]: disabling listeners transport.py 558 DEBUG [4/11]: enabling DS global lock transport.py 558 DEBUG [5/11]: disabling Schema Compat transport.py 558 DEBUG [6/11]: starting directory server transport.py 558 DEBUG [7/11]: updating schema transport.py 558 DEBUG [8/11]: upgrading server transport.py 558 DEBUG [9/11]: stopping directory server transport.py 558 DEBUG [10/11]: restoring configuration transport.py 558 DEBUG [11/11]: starting directory server transport.py 558 DEBUG Done. transport.py 558 DEBUG Restarting the KDC transport.py 558 DEBUG Configuring DNS (named) transport.py 558 DEBUG [1/12]: generating rndc key file transport.py 558 DEBUG [2/12]: adding DNS container transport.py 558 DEBUG [3/12]: setting up our zone transport.py 558 DEBUG [4/12]: setting up reverse zone transport.py 558 DEBUG [5/12]: setting up our own record transport.py 558 DEBUG [6/12]: setting up records for other masters transport.py 558 DEBUG [7/12]: adding NS record to the zones transport.py 558 DEBUG [8/12]: setting up kerberos principal transport.py 558 DEBUG [9/12]: setting up named.conf transport.py 558 DEBUG [10/12]: setting up server configuration transport.py 558 DEBUG [11/12]: configuring named to start on boot transport.py 558 DEBUG [12/12]: changing resolv.conf to point to ourselves transport.py 558 DEBUG Done configuring DNS (named). transport.py 558 DEBUG Restarting the web server to pick up resolv.conf changes transport.py 558 DEBUG Configuring DNS key synchronization service (ipa-dnskeysyncd) transport.py 558 DEBUG [1/7]: checking status transport.py 558 DEBUG [2/7]: setting up bind-dyndb-ldap working directory transport.py 558 DEBUG [3/7]: setting up kerberos principal transport.py 558 DEBUG [4/7]: setting up SoftHSM transport.py 558 DEBUG [5/7]: adding DNSSEC containers transport.py 558 DEBUG [6/7]: creating replica keys transport.py 558 DEBUG [7/7]: configuring ipa-dnskeysyncd to start on boot transport.py 558 DEBUG Done configuring DNS key synchronization service (ipa-dnskeysyncd). transport.py 558 DEBUG Restarting ipa-dnskeysyncd transport.py 558 DEBUG Restarting named transport.py 558 DEBUG Updating DNS system records transport.py 558 DEBUG Configuring client side components transport.py 558 DEBUG Using existing certificate '/etc/ipa/ca.crt'. transport.py 558 DEBUG Client hostname: master.ipa.test transport.py 558 DEBUG Realm: IPA.TEST transport.py 558 DEBUG DNS Domain: ipa.test transport.py 558 DEBUG IPA Server: master.ipa.test transport.py 558 DEBUG BaseDN: dc=ipa,dc=test transport.py 558 DEBUG Configured sudoers in /etc/nsswitch.conf transport.py 558 DEBUG Configured /etc/sssd/sssd.conf transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub transport.py 558 DEBUG SSSD enabled transport.py 558 DEBUG Configured /etc/openldap/ldap.conf transport.py 558 DEBUG Configured /etc/ssh/ssh_config transport.py 558 DEBUG Configured /etc/ssh/sshd_config transport.py 558 DEBUG Configuring ipa.test as NIS domain. transport.py 558 DEBUG Client configuration complete. transport.py 558 DEBUG This program will set up FreeIPA client. transport.py 558 DEBUG Version 4.7.90test transport.py 558 DEBUG transport.py 558 DEBUG transport.py 558 DEBUG The ipa-client-install command was successful transport.py 558 DEBUG The ipa-server-install command was successful transport.py 558 DEBUG transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG Setup complete transport.py 558 DEBUG transport.py 558 DEBUG Next steps: transport.py 558 DEBUG 1. You must make sure these network ports are open: transport.py 558 DEBUG TCP Ports: transport.py 558 DEBUG * 80, 443: HTTP/HTTPS transport.py 558 DEBUG * 389, 636: LDAP/LDAPS transport.py 558 DEBUG * 88, 464: kerberos transport.py 558 DEBUG * 53: bind transport.py 558 DEBUG UDP Ports: transport.py 558 DEBUG * 88, 464: kerberos transport.py 558 DEBUG * 53: bind transport.py 558 DEBUG * 123: ntp transport.py 558 DEBUG transport.py 558 DEBUG 2. You can now obtain a kerberos ticket using the command: 'kinit admin' transport.py 558 DEBUG This ticket will allow you to use the IPA tools (e.g., ipa user-add) transport.py 558 DEBUG and the web user interface. transport.py 558 DEBUG transport.py 558 DEBUG Be sure to back up the CA certificates stored in /root/cacert.p12 transport.py 558 DEBUG These files are required to create replicas. The password for these transport.py 558 DEBUG files is the Directory Manager password transport.py 217 DEBUG Exit code: 0 tasks.py 266 INFO Set LDAP debug level transport.py 318 INFO RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123', '-h', 'master.ipa.test'] transport.py 513 DEBUG RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123', '-h', 'master.ipa.test'] transport.py 558 DEBUG modifying entry "cn=config" transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 __init__.py 244 INFO Adding master.ipa.test:/var/log/sssd to list of logs to collect transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 513 DEBUG RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 558 DEBUG removed '/var/lib/sss/db/config.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/sssd.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_ipa.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_ipa.test.ldb' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 558 DEBUG removed '/var/lib/sss/mc/group' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 558 DEBUG removed '/var/lib/sss/mc/passwd' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'start', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] transport.py 513 DEBUG RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] transport.py 558 DEBUG Zone name: ipa.test. transport.py 558 DEBUG Active zone: TRUE transport.py 558 DEBUG Authoritative nameserver: master.ipa.test. transport.py 558 DEBUG Administrator e-mail address: hostmaster.ipa.test. transport.py 558 DEBUG SOA serial: 1539069467 transport.py 558 DEBUG SOA refresh: 3600 transport.py 558 DEBUG SOA retry: 900 transport.py 558 DEBUG SOA expire: 1209600 transport.py 558 DEBUG SOA minimum: 3600 transport.py 558 DEBUG Time to live: 1 transport.py 558 DEBUG Default time to live: 1 transport.py 558 DEBUG Allow query: any; transport.py 558 DEBUG Allow transfer: none; transport.py 558 DEBUG ipa: WARNING: Service named-pkcs11.service requires restart on IPA server <all IPA DNS servers> to apply configuration changes. transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] transport.py 513 DEBUG RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] transport.py 558 DEBUG Record name: master transport.py 558 DEBUG A record: 192.168.121.46 transport.py 558 DEBUG SSHFP record: 4 1 2C9EDD5D864ED36BEFF93A13D163ABD52DF84CAA, 4 2 C5E6C899E098528914A741A381CE79CC72E305CB4C75241CE4A9C3FB 8368FBC5, 1 1 7912EEE377DE46F4E4285ACAC119910674542F2B, 1 2 A25A51D41B614C1E40A89D78204223CDB94DF94410EC32AE818F2C66 5CDEE2E2, 3 1 34C74169E5CEFBC8B572233C30BCA486FC0389FB, 3 2 EB03CECB28CD487DEA7D61FAD55505210521115A98917F9DC9596F4D 89B580D4 transport.py 217 DEBUG Exit code: 0------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'invalid-advise-param'] transport.py 513 DEBUG RUN ['ipa-advise', 'invalid-advise-param'] transport.py 558 DEBUG invalid 'advice': No instructions are available for 'invalid-advise-param'. See the list of available configuration by invoking the ipa-advise command with no argument. transport.py 558 DEBUG The ipa-advise command failed. transport.py 217 DEBUG Exit code: 1
Passed test_advise.py::TestAdvice::()::test_advice_FreeBSDNSSPAM 2.07
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a FreeBSD system with nss-pam-ldapd. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages transport.py 558 DEBUG pkg_add -r nss-pam-ldapd curl transport.py 558 DEBUG transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG curl -k https://master.ipa.test/ipa/config/ca.crt > /usr/local/etc/ipa.crt transport.py 558 DEBUG # Configure nsswitch.conf transport.py 558 DEBUG sed -i '' -e 's/^passwd:/passwd: files ldap/' /etc/nsswitch.conf transport.py 558 DEBUG sed -i '' -e 's/^group:/group: files ldap/' /etc/nsswitch.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM stack for the sshd service transport.py 558 DEBUG cat > /etc/pam.d/sshd << EOF transport.py 558 DEBUG # PAM configuration for the "sshd" service transport.py 558 DEBUG # transport.py 558 DEBUG transport.py 558 DEBUG # auth transport.py 558 DEBUG auth sufficient pam_opie.so no_warn no_fake_prompts transport.py 558 DEBUG auth requisite pam_opieaccess.so no_warn allow_local transport.py 558 DEBUG #auth sufficient pam_krb5.so no_warn try_first_pass transport.py 558 DEBUG #auth sufficient pam_ssh.so no_warn try_first_pass transport.py 558 DEBUG auth sufficient /usr/local/lib/pam_ldap.so no_warn transport.py 558 DEBUG auth required pam_unix.so no_warn try_first_pass transport.py 558 DEBUG transport.py 558 DEBUG # account transport.py 558 DEBUG account required pam_nologin.so transport.py 558 DEBUG #account required pam_krb5.so transport.py 558 DEBUG account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user transport.py 558 DEBUG account required pam_login_access.so transport.py 558 DEBUG account required pam_unix.so transport.py 558 DEBUG transport.py 558 DEBUG # session transport.py 558 DEBUG #session optional pam_ssh.so want_agent transport.py 558 DEBUG session required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG # password transport.py 558 DEBUG #password sufficient pam_krb5.so no_warn try_first_pass transport.py 558 DEBUG password required pam_unix.so no_warn try_first_pass transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Add automated start of nslcd to /etc/rc.conf transport.py 558 DEBUG echo 'nslcd_enable="YES" transport.py 558 DEBUG nslcd_debug="NO"' >> /etc/rc.conf transport.py 558 DEBUG # Configure nslcd.conf: transport.py 558 DEBUG echo "uid nslcd transport.py 558 DEBUG gid nslcd transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG scope sub transport.py 558 DEBUG base group cn=groups,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG base passwd cn=users,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG base shadow cn=users,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ssl start_tls transport.py 558 DEBUG tls_cacertfile /usr/local/etc/ipa.crt transport.py 558 DEBUG " > /usr/local/etc/nslcd.conf transport.py 558 DEBUG # Configure ldap.conf: transport.py 558 DEBUG echo "uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ssl start_tls transport.py 558 DEBUG tls_cacert /usr/local/etc/ipa.crt"> /usr/local/etc/ldap.conf transport.py 558 DEBUG # Restart nslcd transport.py 558 DEBUG /usr/local/etc/rc.d/nslcd restart transport.py 217 DEBUG Exit code: 0
Passed test_advise.py::TestAdvice::()::test_advice_GenericNSSPAM 2.27
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-pam-ldapd. This set of transport.py 558 DEBUG # instructions is targeted for linux systems that do not include the transport.py 558 DEBUG # authconfig utility. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages using your system's package manager. E.g: transport.py 558 DEBUG apt-get -y install curl openssl libnss-ldapd libpam-ldapd nslcd transport.py 558 DEBUG transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://fedorahosted.org/authconfig/browser/cacertdir_rehash?format=txt" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure ldap.conf. Set the value of TLS_CACERTDIR to transport.py 558 DEBUG # /etc/openldap/cacerts. Make sure that the location of ldap.conf file transport.py 558 DEBUG # matches your system's configuration. transport.py 558 DEBUG echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure nsswitch.conf. Append ldap to the lines beginning with transport.py 558 DEBUG # passwd and group. transport.py 558 DEBUG grep "^passwd.*ldap" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| ldap|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG grep "^group.*ldap" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^group/s|$| ldap|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM. Configuring the PAM stack differs on particular transport.py 558 DEBUG # distributions. The resulting PAM stack should look like this: transport.py 558 DEBUG cat > /etc/pam.conf << EOF transport.py 558 DEBUG auth required pam_env.so transport.py 558 DEBUG auth sufficient pam_unix.so nullok try_first_pass transport.py 558 DEBUG auth requisite pam_succeed_if.so uid >= 500 quiet transport.py 558 DEBUG auth sufficient pam_ldap.so use_first_pass transport.py 558 DEBUG auth required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG account required pam_unix.so broken_shadow transport.py 558 DEBUG account sufficient pam_localuser.so transport.py 558 DEBUG account sufficient pam_succeed_if.so uid < 500 quiet transport.py 558 DEBUG account [default=bad success=ok user_unknown=ignore] pam_ldap.so transport.py 558 DEBUG account required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG password requisite pam_cracklib.so try_first_pass retry=3 type= transport.py 558 DEBUG password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok transport.py 558 DEBUG password sufficient pam_ldap.so use_authtok transport.py 558 DEBUG password required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG session optional pam_keyinit.so revoke transport.py 558 DEBUG session required pam_limits.so transport.py 558 DEBUG session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid transport.py 558 DEBUG session required pam_unix.so transport.py 558 DEBUG session optional pam_ldap.so transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure nslcd.conf: transport.py 558 DEBUG cat > /etc/nslcd.conf << EOF transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure pam_ldap.conf: transport.py 558 DEBUG cat > /etc/pam_ldap.conf << EOF transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Stop nscd and restart nslcd transport.py 558 DEBUG service nscd stop && service nslcd restart transport.py 217 DEBUG Exit code: 0
Passed test_advise.py::TestAdvice::()::test_advice_GenericSSSDBefore19 1.72
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with an old version of SSSD transport.py 558 DEBUG # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted transport.py 558 DEBUG # for linux systems that do not include the authconfig utility. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages using your system's package manager. E.g: transport.py 558 DEBUG apt-get -y install sssd curl openssl transport.py 558 DEBUG transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://fedorahosted.org/authconfig/browser/cacertdir_rehash?format=txt" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure ldap.conf. Set the value of TLS_CACERTDIR to transport.py 558 DEBUG # /etc/openldap/cacerts. Make sure that the location of ldap.conf file transport.py 558 DEBUG # matches your system's configuration. transport.py 558 DEBUG echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure nsswitch.conf. Append sss to the lines beginning with passwd transport.py 558 DEBUG # and group. transport.py 558 DEBUG grep "^passwd.*sss" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| sss|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG grep "^group.*sss" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^group/s|$| sss|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM. Configuring the PAM stack differs on particular transport.py 558 DEBUG # distributions. The resulting PAM stack should look like this: transport.py 558 DEBUG cat > /etc/pam.conf << EOF transport.py 558 DEBUG auth required pam_env.so transport.py 558 DEBUG auth sufficient pam_unix.so nullok try_first_pass transport.py 558 DEBUG auth requisite pam_succeed_if.so uid >= 500 quiet transport.py 558 DEBUG auth sufficient pam_sss.so use_first_pass transport.py 558 DEBUG auth required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG account required pam_unix.so broken_shadow transport.py 558 DEBUG account sufficient pam_localuser.so transport.py 558 DEBUG account sufficient pam_succeed_if.so uid < 500 quiet transport.py 558 DEBUG account [default=bad success=ok user_unknown=ignore] pam_sss.so transport.py 558 DEBUG account required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG password requisite pam_cracklib.so try_first_pass retry=3 type= transport.py 558 DEBUG password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok transport.py 558 DEBUG password sufficient pam_sss.so use_authtok transport.py 558 DEBUG password required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG session optional pam_keyinit.so revoke transport.py 558 DEBUG session required pam_limits.so transport.py 558 DEBUG session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid transport.py 558 DEBUG session required pam_unix.so transport.py 558 DEBUG session optional pam_sss.so transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure SSSD transport.py 558 DEBUG cat > /etc/sssd/sssd.conf << EOF transport.py 558 DEBUG [sssd] transport.py 558 DEBUG services = nss, pam transport.py 558 DEBUG config_file_version = 2 transport.py 558 DEBUG domains = default transport.py 558 DEBUG re_expression = (?P<name>.+) transport.py 558 DEBUG transport.py 558 DEBUG [domain/default] transport.py 558 DEBUG cache_credentials = True transport.py 558 DEBUG id_provider = ldap transport.py 558 DEBUG auth_provider = ldap transport.py 558 DEBUG ldap_uri = ldap://master.ipa.test transport.py 558 DEBUG ldap_search_base = cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG chmod 0600 /etc/sssd/sssd.conf transport.py 558 DEBUG transport.py 558 DEBUG # Start SSSD transport.py 558 DEBUG service sssd start transport.py 217 DEBUG Exit code: 0
Passed test_advise.py::TestAdvice::()::test_advice_RedHatNSS 2.24
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-nss-ldap'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-nss-ldap'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-ldap as a FreeIPA transport.py 558 DEBUG # client. This set of instructions is targeted for platforms that transport.py 558 DEBUG # include the authconfig utility, which are all Red Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y curl openssl nss_ldap authconfig transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://fedorahosted.org/authconfig/browser/cacertdir_rehash?format=txt" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0
Passed test_advise.py::TestAdvice::()::test_advice_RedHatNSSPAM 1.89
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-pam-ldapd as a FreeIPA transport.py 558 DEBUG # client. This set of instructions is targeted for platforms that transport.py 558 DEBUG # include the authconfig utility, which are all Red Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y curl openssl nss-pam-ldapd pam_ldap authconfig transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://fedorahosted.org/authconfig/browser/cacertdir_rehash?format=txt" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0
Passed test_advise.py::TestAdvice::()::test_advice_RedHatSSSDBefore19 1.85
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with an old version of SSSD transport.py 558 DEBUG # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted transport.py 558 DEBUG # for platforms that include the authconfig utility, which are all Red transport.py 558 DEBUG # Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y sssd authconfig curl openssl transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://fedorahosted.org/authconfig/browser/cacertdir_rehash?format=txt" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enablesssd --enablesssdauth transport.py 558 DEBUG transport.py 558 DEBUG # Configure SSSD transport.py 558 DEBUG cat > /etc/sssd/sssd.conf << EOF transport.py 558 DEBUG [sssd] transport.py 558 DEBUG services = nss, pam transport.py 558 DEBUG config_file_version = 2 transport.py 558 DEBUG domains = default transport.py 558 DEBUG re_expression = (?P<name>.+) transport.py 558 DEBUG transport.py 558 DEBUG [domain/default] transport.py 558 DEBUG cache_credentials = True transport.py 558 DEBUG id_provider = ldap transport.py 558 DEBUG auth_provider = ldap transport.py 558 DEBUG ldap_uri = ldap://master.ipa.test transport.py 558 DEBUG ldap_search_base = cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG chmod 0600 /etc/sssd/sssd.conf transport.py 558 DEBUG transport.py 558 DEBUG # Start SSSD transport.py 558 DEBUG service sssd start transport.py 217 DEBUG Exit code: 0