[Freeipa-devel] setting passwords stopped working

Jan-Frode Myklebust janfrode at tanso.net.redhat.com
Thu Jun 26 17:32:44 UTC 2008 

On Thu, Jun 26, 2008 at 12:00:25PM -0400, Simo Sorce wrote:
> 
> Did you perform an ipa-server-install --uninstall before re-installing ?

Ooops, no I didn't. But I tried uninstalling, and manually deleting all
data files. I tried --uninstall now, but get the same error:

# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and
configuration!

Are you sure you want to continue with the uninstall procedure?:[NO/yes]
yes
# ipa-server-install -N
<snip>
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring directory server:
  [1/16]: creating directory server user
  [2/16]: creating directory server instance
  [3/16]: adding default schema
  [4/16]: enabling memberof plugin
  [5/16]: enabling referential integrity plugin
  [6/16]: enabling distributed numeric assignment plugin
  [7/16]: configuring uniqueness plugin
  [8/16]: creating indices
  [9/16]: configuring ssl for ds instance
  [10/16]: configuring certmap.conf
  [11/16]: restarting directory server
  [12/16]: adding default layout
  [13/16]: configuring Posix uid/gid generation as first master
  [14/16]: adding master entry as first master
  [15/16]: initializing group membership
  [16/16]: configuring directory to start on boot
done configuring dirsrv.
root        : CRITICAL Could not connect to the Directory Server on
minimac.tanso.net
Unexpected error - see ipaserver-install.log for details:
 {'desc': 'Invalid credentials'}

# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and
configuration!

Are you sure you want to continue with the uninstall procedure?:[NO/yes]
yes

And again using what I believe to be a previous version 
of the password I used for admin and Directory Manager:

# ipa-server-install --no-ntp
<snip>
  [5/16]: enabling referential integrity plugin
  [6/16]: enabling distributed numeric assignment plugin
  [7/16]: configuring uniqueness plugin
  [8/16]: creating indices
  [9/16]: configuring ssl for ds instance
  [10/16]: configuring certmap.conf
  [11/16]: restarting directory server
  [12/16]: adding default layout
  [13/16]: configuring Posix uid/gid generation as first master
  [14/16]: adding master entry as first master
  [15/16]: initializing group membership
  [16/16]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC
  [1/13]: setting KDC account password
  [2/13]: adding sasl mappings to the directory
root        : CRITICAL failed to add Full Principal Sasl mapping
Unexpected error - see ipaserver-install.log for details:
 local variable 'e' referenced before assignment


And from the ipaserver-install.log:

2008-06-26 19:18:58,059 INFO krb5kdc is stopped

2008-06-26 19:18:58,060 INFO 
2008-06-26 19:18:58,061 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2008-06-26 19:18:58,183 INFO Stopping Kerberos 5 KDC:      [FAILED]

2008-06-26 19:18:58,184 INFO 
2008-06-26 19:18:58,184 DEBUG Configuring Kerberos KDC
2008-06-26 19:18:58,186 DEBUG   [1/13]: setting KDC account password
2008-06-26 19:18:58,186 DEBUG Backing up system configuration file
'/var/kerberos/krb5kdc/ldappwd'
2008-06-26 19:18:58,189 DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2008-06-26 19:18:58,190 DEBUG   [2/13]: adding sasl mappings to the
directory
2008-06-26 19:18:58,286 CRITICAL failed to add Full Principal Sasl
mapping
2008-06-26 19:18:58,291 DEBUG local variable 'e' referenced before
assignment
  File "/usr/sbin/ipa-server-install", line 572, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 495, in main
    krb.create_instance(ds_user, realm_name, host_name, domain_name,
dm_password, master_password)

  File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line
147, in create_instance
    self.start_creation("Configuring Kerberos KDC")

  File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line
139, in start_creation
    method()

  File "/usr/lib/python2.5/site-packages/ipaserver/krbinstance.py", line
267, in __configure_sasl_mappings
    raise e


So, what am I, and "ipa-server-install --uninstall" missing ?

> Why didn't you just upgrade the packages and use 'ipactl restart' to
> restart services ?

Because I suspected it was a user error that the v1.1.0-2 installation
wasn't working.. The installation I did was a fresh Fedora9 + "yum
install ipa-server", and it was quite un-expected that hadn't been
properly tested before the v1.1 release.


  -jf

More information about the Freeipa-devel mailing list