[Freeipa-devel] Still failing on 5.7 with the same error........
JR Aquino
JR.Aquino at citrix.com
Tue Sep 20 16:58:01 UTC 2011
On Sep 19, 2011, at 10:16 PM, JR Aquino wrote:
> We're having significant reproducible problems with rhel 5.7 + FreeIPA master...
> I'm not sure if it is localized to us or even which side is responsible for the error...
>
> Has anyone had success with rhel 5.7's repo included FreeIPA client joining a fedora based FreeIPA server?
>
> We are essentially dead in the water at this point.
>
> Sent from my iPad
>
> Begin forwarded message:
>
> From: Brett Campbell <<mailto:Brett.Campbell at citrix.com>Brett.Campbell at citrix.com<mailto:Brett.Campbell at citrix.com>>
> Date: September 19, 2011 6:48:55 PM PDT
> To: JR Aquino <<mailto:JR.Aquino at citrix.com>JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>>
> Cc: Jason Vagalatos <<mailto:Jason.Vagalatos at citrix.com>Jason.Vagalatos at citrix.com<mailto:Jason.Vagalatos at citrix.com>>
> Subject: RE: Still failing on 5.7 with the same error........
>
> Apparently this error is printed from FreeIPA code and not an underlying library.
> Here’s the relevant bit from ipa-getkeytab.c:
>
> /* Format of response
> *
> * KeytabGetRequest ::= SEQUENCE {
> * new_kvno Int32
> * SEQUENCE OF KeyTypes
> * }
> *
> * * List of accepted enctypes *
> * KeyTypes ::= SEQUENCE {
> * enctype Int32
> * }
> */
>
> rtag = ber_scanf(sctrl, "{i{", &kvno);
> if (rtag == LBER_ERROR) {
> fprintf(stderr, "ber_scanf() failed, Invalid control ?!\n");
> goto error_out;
> }
>
>
> However, the call that’s failing (ber_scanf()) is one from the openldap library:
>
> [root at util1 Server]# strings /usr/lib/liblber-2.3.so.0 |grep ber_scanf
> ber_scanf
> ber_scanf fmt (%s) ber:
> ber_scanf: unknown fmt %c
> ber_scanf
>
>
>
> From: /O=EXPERTCITY.COM/OU=BETA.EXPERTCITY/CN=RECIPIENTS/CN=BRETT.CAMPBELL On Behalf Of Brett Campbell
> Sent: Monday, September 19, 2011 6:29 PM
> To: <mailto:JR.Aquino at citrix.com> <mailto:JR.Aquino at citrix.com> JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>
> Subject: Still failing on 5.7 with the same error........
>
> Are you sure it’s not the server? Can you check the logs?
>
>
> [root at util1 Server]# cat /etc/issue
> Red Hat Enterprise Linux Server release 5.7 (Tikanga)
> Kernel \r on an \m
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# rpm --aid -ivh /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm certmonger-0.42-1.el5.x86_64.rpm cyrus-sasl-gssapi-2.1.22-5.el5_4.3.x86_64.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-1.5.1-37.el5.x86_64.rpm xmlrpc-c-1.16.24-1206.1840.el5.x86_64.rpm libcollection-0.6.0-10.el5.x86_64.rpm libdhash-0.4.2-10.el5.x86_64.rpm libldb-0.9.10-33.el5.x86_64.rpm libtdb-1.2.1-6.el5.x86_64.rpm openssl-devel-0.9.8e-20.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm libpath_utils-0.2.1-10.el5.x86_64.rpm libini_config-0.6.1-10.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm openldap24-libs-2.4.23-5.el5.x86_64.rpm xmlrpc-c-client-1.16.24-1206.1840.el5.x86_64.rpm libtalloc-2.0.1-11.el5.x86_64.rpm c-ares-1.6.0-5.el5.x86_64.rpm krb5-devel-1.6.1-62.el5.x86_64.rpm zlib-devel-1.2.3-4.el5.x86_64.rpm libtevent-0.9.8-10.el5.x86_64.rpm e2fsprogs-devel-1.39-33.el5.x86_64.rpm keyutils-libs-devel-1.2-1.el5.x86_64.rpm libselinux-devel-1.33.4-5.7.el5.x86_64.rpm libsepol-devel-1.15.2-3.el5.x86_64.rpm
> warning: /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
> Preparing... ########################################### [100%]
> 1:libtalloc ########################################### [ 4%]
> 2:libtevent ########################################### [ 8%]
> 3:xmlrpc-c ########################################### [ 12%]
> 4:xmlrpc-c-client ########################################### [ 15%]
> 5:libref_array ########################################### [ 19%]
> 6:libtdb ########################################### [ 23%]
> 7:libcollection ########################################### [ 27%]
> 8:cyrus-sasl-gssapi ########################################### [ 31%]
> 9:libldb ########################################### [ 35%]
> 10:certmonger ########################################### [ 38%]
> 11:c-ares ########################################### [ 42%]
> 12:openldap24-libs ########################################### [ 46%]
> 13:libpath_utils ########################################### [ 50%]
> 14:libini_config ########################################### [ 54%]
> 15:libdhash ########################################### [ 58%]
> 16:sssd-client ########################################### [ 62%]
> 17:sssd ########################################### [ 65%]
> 18:libsepol-devel ########################################### [ 69%]
> 19:libselinux-devel ########################################### [ 73%]
> 20:keyutils-libs-devel ########################################### [ 77%]
> 21:e2fsprogs-devel ########################################### [ 81%]
> 22:krb5-devel ########################################### [ 85%]
> 23:zlib-devel ########################################### [ 88%]
> 24:ipa-client ########################################### [ 92%]
> 25:openssl-devel ########################################### [ 96%]
> 26:libref_array ########################################### [100%]
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
> Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
> DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
> IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
> BaseDN: dc=expertcity,dc=com
>
>
> Joining realm failed: ber_scanf() failed, Invalid control ?!
> child exited with 9
> Certificate subject base is: O=EXPERTCITY.COM
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
> Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
> DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
> IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
> BaseDN: dc=expertcity,dc=com
>
>
> Joining realm failed: Host is already joined.
> Certificate subject base is: O=EXPERTCITY.COM
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Simo recently fixed a bug in master that was preventing users keytabs from being recognized as non expired... Following a hunch, I updated the Stage Server with the newest master and now I get a completely new error from the RHEL 5.7 Client:
Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.
More information about the Freeipa-devel
mailing list