[Freeipa-devel] ipa-adduser stopped working after IPA 1.1 upgrade, any idea why?
Rob Crittenden
rcritten at redhat.com
Fri Jul 11 21:48:44 UTC 2008
Thomas Sailer wrote:
> I installed an Fedora 8 IPA server just before IPA 1.0, and upgraded it
> using yum ever since. Now, after the upgrade to IPA 1.1, ipa-adduser
> stopped working.
>
> The ipa-* command line tools basically work:
> # ipa-finduser t.sailer
> Full Name: Thomas Sailer
> Home Directory: /home/t.sailer
> Login Shell: /bin/bash
> Login: t.sailer
>
> However, when I try to add a new user, I get the following:
> # ipa-adduser -f Test -l User testuser
> * not found
>
> I get the same error message when I try to add a new user in the web
> gui.
>
> The output of ipa-adduser -v is the following:
> send: "<?xml version='1.0'?>\n<methodCall>\n<methodName>add_user</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string></string></value>\n</member>\n<member>\n<name>krbprincipalname</name>\n<value><string>testuser at XX.COM</string></value>\n</member>\n<member>\n<name>givenname</name>\n<value><string>Test</string></value>\n</member>\n<member>\n<name>sn</name>\n<value><string>User</string></value>\n</member>\n<member>\n<name>uid</name>\n<value><string>testuser</string></value>\n</member>\n</struct></value>\n</param>\n<param>\n<value><string>__NONE__</string></value>\n</param>\n</params>\n</methodCall>\n"
> reply: 'HTTP/1.1 200 OK\r\n'
> header: Date: Fri, 11 Jul 2008 15:12:06 GMT
> header: Server: Apache/2.2.8 (Fedora)
> header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv8WeyE2CMkQ06ZOTF+EHQgB0fLZUvZ2f946rwYQHn4tpp1L9gFv0R3FUjgSqhzk/ntVUk/b6kQB50zYuDNupV5TiEGiN/ntLiIsoLiQNVZCraW7oy8FUJXZFUB0jZdCVM53c1fWzWul16mic5KDbL
> header: Content-Length: 270
> header: Connection: close
> header: Content-Type: text/xml
> body: "<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>65539</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>* not found</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"
>
> Does anybody have an idea, what the problem is?
>
> Another problem I have is that after I add a new user, and then try to
> log into a machine, no matter whether using gdm or ssh, I can login, and
> I even get the correct default principal (verified using klist), but the
> user cannot access NFSv4 shares with sec=krb5p. If I then do kdestroy;
> kinit xx at XX.COM, logout, and login again, everything works. Why doesn't
> it work the first time, without the kdestroy; kinit thing?
>
> Thanks,
> Tom
To close the loop on this after some private discussions, the problem
was that the group that was defined as the default user's group was not
where IPA expected to find it. I've filed a bug on this,
https://bugzilla.redhat.com/show_bug.cgi?id=455092
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080711/4803bb3d/attachment.bin>
More information about the Freeipa-devel
mailing list