[Freeipa-devel] setting passwords stopped working
Jan-Frode Myklebust
janfrode at tanso.net.redhat.com
Thu Jun 26 17:32:44 UTC 2008
On Thu, Jun 26, 2008 at 12:00:25PM -0400, Simo Sorce wrote:
>
> Did you perform an ipa-server-install --uninstall before re-installing ?
Ooops, no I didn't. But I tried uninstalling, and manually deleting all
data files. I tried --uninstall now, but get the same error:
# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
Are you sure you want to continue with the uninstall procedure?:[NO/yes]
yes
# ipa-server-install -N
<snip>
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring directory server:
[1/16]: creating directory server user
[2/16]: creating directory server instance
[3/16]: adding default schema
[4/16]: enabling memberof plugin
[5/16]: enabling referential integrity plugin
[6/16]: enabling distributed numeric assignment plugin
[7/16]: configuring uniqueness plugin
[8/16]: creating indices
[9/16]: configuring ssl for ds instance
[10/16]: configuring certmap.conf
[11/16]: restarting directory server
[12/16]: adding default layout
[13/16]: configuring Posix uid/gid generation as first master
[14/16]: adding master entry as first master
[15/16]: initializing group membership
[16/16]: configuring directory to start on boot
done configuring dirsrv.
root : CRITICAL Could not connect to the Directory Server on
minimac.tanso.net
Unexpected error - see ipaserver-install.log for details:
{'desc': 'Invalid credentials'}
# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
Are you sure you want to continue with the uninstall procedure?:[NO/yes]
yes
And again using what I believe to be a previous version
of the password I used for admin and Directory Manager:
# ipa-server-install --no-ntp
<snip>
[5/16]: enabling referential integrity plugin
[6/16]: enabling distributed numeric assignment plugin
[7/16]: configuring uniqueness plugin
[8/16]: creating indices
[9/16]: configuring ssl for ds instance
[10/16]: configuring certmap.conf
[11/16]: restarting directory server
[12/16]: adding default layout
[13/16]: configuring Posix uid/gid generation as first master
[14/16]: adding master entry as first master
[15/16]: initializing group membership
[16/16]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC
[1/13]: setting KDC account password
[2/13]: adding sasl mappings to the directory
root : CRITICAL failed to add Full Principal Sasl mapping
Unexpected error - see ipaserver-install.log for details:
local variable 'e' referenced before assignment
And from the ipaserver-install.log:
2008-06-26 19:18:58,059 INFO krb5kdc is stopped
2008-06-26 19:18:58,060 INFO
2008-06-26 19:18:58,061 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2008-06-26 19:18:58,183 INFO Stopping Kerberos 5 KDC: [FAILED]
2008-06-26 19:18:58,184 INFO
2008-06-26 19:18:58,184 DEBUG Configuring Kerberos KDC
2008-06-26 19:18:58,186 DEBUG [1/13]: setting KDC account password
2008-06-26 19:18:58,186 DEBUG Backing up system configuration file
'/var/kerberos/krb5kdc/ldappwd'
2008-06-26 19:18:58,189 DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2008-06-26 19:18:58,190 DEBUG [2/13]: adding sasl mappings to the
directory
2008-06-26 19:18:58,286 CRITICAL failed to add Full Principal Sasl
mapping
2008-06-26 19:18:58,291 DEBUG local variable 'e' referenced before
assignment
File "/usr/sbin/ipa-server-install", line 572, in <module>
sys.exit(main())
File "/usr/sbin/ipa-server-install", line 495, in main
krb.create_instance(ds_user, realm_name, host_name, domain_name,
dm_password, master_password)
File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line
147, in create_instance
self.start_creation("Configuring Kerberos KDC")
File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line
139, in start_creation
method()
File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line
267, in __configure_sasl_mappings
raise e
So, what am I, and "ipa-server-install --uninstall" missing ?
> Why didn't you just upgrade the packages and use 'ipactl restart' to
> restart services ?
Because I suspected it was a user error that the v1.1.0-2 installation
wasn't working.. The installation I did was a fresh Fedora9 + "yum
install ipa-server", and it was quite un-expected that hadn't been
properly tested before the v1.1 release.
-jf
More information about the Freeipa-devel
mailing list