Discussion:
ipa installation problem
(too old to reply)
george he
2012-06-18 22:26:11 UTC
Permalink
Hello all,
While waiting for more suggestions on my thread "is not an IPA v2 Server", I tried to install ipa server on other machines running fc16 and fc15.
When server is on fc16, I get the same error as when it's on fc17, wget failed: No route to host.
when server is on fc15, wget still failed, but the reason was "Connection refused".
Seems to me there's something else to do after running ipa-server-install on the server.
Any suggestions?
Thanks,
George
Steven Jones
2012-06-18 23:41:00 UTC
Permalink
Hi,

Installing the original master should be nothing more than that command.

With some flags though maybe so my command was,


ipa-server-install -a secret123 -p 123Secret -domain=unix.vuw.ac.nz -realm=UNIX.VUW.AC.NZ --setup-dns –forwarder=130.195.85.25 –forwarder=130.195.98.151 --no-reverse –selfsign

So my master DNS zone is a Microsoft AD as vuw.ac.nz with 2 DNS servers hence forwarder twice. The MS AD servers treat unix.vuw.ac.nz as a stub zone delegation....they retain the ptr zone hence --no-reverse....so I have to add that manually.

check the rpm versions of the server and client.......they should be identical.

"is not an IPA v2 Server"

Just double check you have not made a typo......I put in "vyw" and not "vuw" while doing the client install and got that............the other possibility is iptables....or a firewall blocking......Ive had that same error and found it was the cisco FWSM.....


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-***@redhat.com [freeipa-users-***@redhat.com] on behalf of george he [***@yahoo.com]
Sent: Tuesday, 19 June 2012 10:26 a.m.
To: freeipa-***@redhat.com
Subject: [Freeipa-users] ipa installation problem

Hello all,
While waiting for more suggestions on my thread "is not an IPA v2 Server", I tried to install ipa server on other machines running fc16 and fc15.
When server is on fc16, I get the same error as when it's on fc17, wget failed: No route to host.
when server is on fc15, wget still failed, but the reason was "Connection refused".
Seems to me there's something else to do after running ipa-server-install on the server.
Any suggestions?
Thanks,
George
Rob Crittenden
2012-06-19 13:32:50 UTC
Permalink
Post by george he
Hello all,
While waiting for more suggestions on my thread "is not an IPA v2
Server", I tried to install ipa server on other machines running fc16
and fc15.
When server is on fc16, I get the same error as when it's on fc17, wget
failed: No route to host.
when server is on fc15, wget still failed, but the reason was
"Connection refused".
Seems to me there's something else to do after running
ipa-server-install on the server.
This is unrelated to IPA. We do no network configuration changes, only
start services.

The client is doing a simple wget which just issues an HTTP request. The
network stack is saying it can't talk to the IPA server so I'd start
there. wireshark might be helpful.

rob
george he
2012-06-19 13:50:36 UTC
Permalink
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the connection was refused.
maybe the configuration part of httpd?
On other machines in the same lab, I have set up two web servers in the "usual" way and they both run with no problem.

Thanks,
George
Post by Steven Jones
________________________________
Sent: Tuesday, June 19, 2012 9:32 AM
Subject: Re: [Freeipa-users] ipa installation problem
Post by george he
Hello all,
While waiting for more suggestions on my thread "is not an IPA v2
Server", I tried to install ipa server on other machines running fc16
and fc15.
When server is on fc16, I get the same error as when it's on fc17, wget
failed: No route to host.
when server is on fc15, wget still failed, but the reason was
"Connection refused".
Seems to me there's something else to do after running
ipa-server-install on the server.
This is unrelated to IPA. We do no network configuration changes, only start services.
The client is doing a simple wget which just issues an HTTP request. The network stack is saying it can't talk to the IPA server so I'd start there. wireshark might be helpful.
rob
Rob Crittenden
2012-06-19 14:43:42 UTC
Permalink
Post by george he
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the
connection was refused.
maybe the configuration part of httpd?
On other machines in the same lab, I have set up two web servers in the
"usual" way and they both run with no problem.
I don't know what to tell you. This problem is independent of IPA. It
means that the client doesn't know how to get to the server (no route to
host)

Connection refused would suggest that the server isn't accepting
connections. You could use netstat to confirm that it is listening on
ports 80 and 443, I think you'll find it is.

IPA doesn't do anything particularly clever with the web server, just
configures it to use mod_nss as an SSL listener. Since wget is using
port 80 you aren't even using any changes made by IPA. And no route to
host suggests it isn't even getting that far.

You might try shutting down iptables on the server and client and try that.

rob
Post by george he
Thanks,
George
------------------------------------------------------------------------
*Sent:* Tuesday, June 19, 2012 9:32 AM
*Subject:* Re: [Freeipa-users] ipa installation problem
Post by george he
Hello all,
While waiting for more suggestions on my thread "is not an IPA v2
Server", I tried to install ipa server on other machines running fc16
and fc15.
When server is on fc16, I get the same error as when it's on
fc17, wget
Post by george he
failed: No route to host.
when server is on fc15, wget still failed, but the reason was
"Connection refused".
Seems to me there's something else to do after running
ipa-server-install on the server.
This is unrelated to IPA. We do no network configuration changes,
only start services.
The client is doing a simple wget which just issues an HTTP request.
The network stack is saying it can't talk to the IPA server so I'd
start there. wireshark might be helpful.
rob
george he
2012-06-19 15:01:29 UTC
Permalink
Hello Rob,
netstat |grep 443 returned nothing, but lsof -i :80 (or :443) returned things like this:

httpd   4206 apache    5u  IPv6 846355       TCP *:http (LISTEN)
is the IPv6 here a problem?
Thanks,
George
Post by Steven Jones
________________________________
Sent: Tuesday, June 19, 2012 10:43 AM
Subject: Re: [Freeipa-users] ipa installation problem
Post by george he
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the
connection was refused.
maybe the configuration part of httpd?
On other machines in the same lab, I have set up two web servers in the
"usual" way and they both run with no problem.
I don't know what to tell you. This problem is independent of IPA. It
means that the client doesn't know how to get to the server (no route to
host)
Connection refused would suggest that the server isn't accepting
connections. You could use netstat to confirm that it is listening on
ports 80 and 443, I think you'll find it is.
IPA doesn't do anything particularly clever with the web server, just
configures it to use mod_nss as an SSL listener. Since wget is using
port 80 you aren't even using any changes made by IPA. And no route to
host suggests it isn't even getting that far.
You might try shutting down iptables on the server and client and try that.
rob
Post by george he
Thanks,
George
    ------------------------------------------------------------------------
    *Sent:* Tuesday, June 19, 2012 9:32 AM
    *Subject:* Re: [Freeipa-users] ipa installation problem
      > Hello all,
      > While waiting for more suggestions on my thread "is not an IPA v2
      > Server", I tried to install ipa server on other machines running fc16
      > and fc15.
      > When server is on fc16, I get the same error as when it's on
    fc17, wget
      > failed: No route to host.
      > when server is on fc15, wget still failed, but the reason was
      > "Connection refused".
      > Seems to me there's something else to do after running
      > ipa-server-install on the server.
    This is unrelated to IPA. We do no network configuration changes,
    only start services.
    The client is doing a simple wget which just issues an HTTP request.
    The network stack is saying it can't talk to the IPA server so I'd
    start there. wireshark might be helpful.
    rob
Petr Spacek
2012-06-25 11:15:31 UTC
Permalink
Post by george he
Hello Rob,
httpd 4206 apache 5u IPv6 846355 TCP *:http (LISTEN)
is the IPv6 here a problem?
Thanks,
George
"No route to host" can mean "No route to host" (= no record in ARP table) OR
"there is a firewall rule blocking this traffic" (caused by received ICMP packet).

"Connection refused" really means "Connection refused" :-) It can also point
to DNS resolution problem - name could be resolved to wrong IP, so connection
is refused by other machine than you think. Don't forget to check
/etc/resolv.conf and /etc/hosts.

Best way to debug network problems is wireshark and netcat. I recommend to run
wireshark on both ends and then do end-to-end tests with netcat.

Start netcat on single side and try to connect to it from other side.

***@server # nc -l 443
***@client # nc server.hostname.example 443

Type some garbage in and check if it arrives to other end. Check output from
wireshark in case of problems. Check if MAC addresses have expected values.

Petr^2 Spacek
Post by george he
------------------------------------------------------------------------------
*Sent:* Tuesday, June 19, 2012 10:43 AM
*Subject:* Re: [Freeipa-users] ipa installation problem
Post by george he
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the
connection was refused.
maybe the configuration part of httpd?
On other machines in the same lab, I have set up two web servers in the
"usual" way and they both run with no problem.
I don't know what to tell you. This problem is independent of IPA. It
means that the client doesn't know how to get to the server (no route to
host)
Connection refused would suggest that the server isn't accepting
connections. You could use netstat to confirm that it is listening on
ports 80 and 443, I think you'll find it is.
IPA doesn't do anything particularly clever with the web server, just
configures it to use mod_nss as an SSL listener. Since wget is using
port 80 you aren't even using any changes made by IPA. And no route to
host suggests it isn't even getting that far.
You might try shutting down iptables on the server and client and try that.
rob
Post by george he
Thanks,
George
------------------------------------------------------------------------
*Sent:* Tuesday, June 19, 2012 9:32 AM
*Subject:* Re: [Freeipa-users] ipa installation problem
Post by george he
Hello all,
While waiting for more suggestions on my thread "is not an IPA v2
Server", I tried to install ipa server on other machines running fc16
and fc15.
When server is on fc16, I get the same error as when it's on
fc17, wget
Post by george he
failed: No route to host.
when server is on fc15, wget still failed, but the reason was
"Connection refused".
Seems to me there's something else to do after running
ipa-server-install on the server.
This is unrelated to IPA. We do no network configuration changes,
only start services.
The client is doing a simple wget which just issues an HTTP request.
The network stack is saying it can't talk to the IPA server so I'd
start there. wireshark might be helpful.
rob
Continue reading on narkive:
Loading...