[Freeipa-devel] Still failing on 5.7 with the same error........

JR Aquino JR.Aquino at citrix.com
Tue Sep 20 16:58:01 UTC 2011


On Sep 19, 2011, at 10:16 PM, JR Aquino wrote:

> We're having significant reproducible problems with rhel 5.7 + FreeIPA master...
> I'm not sure if it is localized to us or even which side is responsible for the error...
> 
> Has anyone had success with rhel 5.7's repo included FreeIPA client joining a fedora based FreeIPA server?
> 
> We are essentially dead in the water at this point.
> 
> Sent from my iPad
> 
> Begin forwarded message:
> 
> From: Brett Campbell <<mailto:Brett.Campbell at citrix.com>Brett.Campbell at citrix.com<mailto:Brett.Campbell at citrix.com>>
> Date: September 19, 2011 6:48:55 PM PDT
> To: JR Aquino <<mailto:JR.Aquino at citrix.com>JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>>
> Cc: Jason Vagalatos <<mailto:Jason.Vagalatos at citrix.com>Jason.Vagalatos at citrix.com<mailto:Jason.Vagalatos at citrix.com>>
> Subject: RE: Still failing on 5.7 with the same error........
> 
> Apparently this error is printed from FreeIPA code and not an underlying library.
> Here’s the relevant bit from ipa-getkeytab.c:
> 
>       /* Format of response
>       *
>       * KeytabGetRequest ::= SEQUENCE {
>       *     new_kvno      Int32
>       *     SEQUENCE OF   KeyTypes
>       * }
>       *
>       * * List of accepted enctypes *
>       * KeyTypes ::= SEQUENCE {
>       *     enctype              Int32
>       * }
>       */
> 
>       rtag = ber_scanf(sctrl, "{i{", &kvno);
>       if (rtag == LBER_ERROR) {
>              fprintf(stderr, "ber_scanf() failed, Invalid control ?!\n");
>              goto error_out;
>       }
> 
> 
> However, the call that’s failing (ber_scanf()) is one from the openldap library:
> 
> [root at util1 Server]# strings /usr/lib/liblber-2.3.so.0 |grep ber_scanf
> ber_scanf
> ber_scanf fmt (%s) ber:
> ber_scanf: unknown fmt %c
> ber_scanf
> 
> 
> 
> From: /O=EXPERTCITY.COM/OU=BETA.EXPERTCITY/CN=RECIPIENTS/CN=BRETT.CAMPBELL On Behalf Of Brett Campbell
> Sent: Monday, September 19, 2011 6:29 PM
> To: <mailto:JR.Aquino at citrix.com> <mailto:JR.Aquino at citrix.com> JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>
> Subject: Still failing on 5.7 with the same error........
> 
> Are you sure it’s not the server?  Can you check the logs?
> 
> 
> [root at util1 Server]# cat /etc/issue
> Red Hat Enterprise Linux Server release 5.7 (Tikanga)
> Kernel \r on an \m
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# rpm --aid -ivh /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm certmonger-0.42-1.el5.x86_64.rpm cyrus-sasl-gssapi-2.1.22-5.el5_4.3.x86_64.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-1.5.1-37.el5.x86_64.rpm xmlrpc-c-1.16.24-1206.1840.el5.x86_64.rpm libcollection-0.6.0-10.el5.x86_64.rpm libdhash-0.4.2-10.el5.x86_64.rpm libldb-0.9.10-33.el5.x86_64.rpm libtdb-1.2.1-6.el5.x86_64.rpm openssl-devel-0.9.8e-20.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm libpath_utils-0.2.1-10.el5.x86_64.rpm libini_config-0.6.1-10.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm openldap24-libs-2.4.23-5.el5.x86_64.rpm  xmlrpc-c-client-1.16.24-1206.1840.el5.x86_64.rpm libtalloc-2.0.1-11.el5.x86_64.rpm c-ares-1.6.0-5.el5.x86_64.rpm krb5-devel-1.6.1-62.el5.x86_64.rpm zlib-devel-1.2.3-4.el5.x86_64.rpm libtevent-0.9.8-10.el5.x86_64.rpm e2fsprogs-devel-1.39-33.el5.x86_64.rpm keyutils-libs-devel-1.2-1.el5.x86_64.rpm libselinux-devel-1.33.4-5.7.el5.x86_64.rpm libsepol-devel-1.15.2-3.el5.x86_64.rpm
> warning: /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
> Preparing...                ########################################### [100%]
>   1:libtalloc              ########################################### [  4%]
>   2:libtevent              ########################################### [  8%]
>   3:xmlrpc-c               ########################################### [ 12%]
>   4:xmlrpc-c-client        ########################################### [ 15%]
>   5:libref_array           ########################################### [ 19%]
>   6:libtdb                 ########################################### [ 23%]
>   7:libcollection          ########################################### [ 27%]
>   8:cyrus-sasl-gssapi      ########################################### [ 31%]
>  9:libldb                 ########################################### [ 35%]
>  10:certmonger             ########################################### [ 38%]
>  11:c-ares                 ########################################### [ 42%]
>  12:openldap24-libs        ########################################### [ 46%]
>  13:libpath_utils          ########################################### [ 50%]
>  14:libini_config          ########################################### [ 54%]
>  15:libdhash               ########################################### [ 58%]
>  16:sssd-client            ########################################### [ 62%]
>  17:sssd                   ########################################### [ 65%]
>  18:libsepol-devel         ########################################### [ 69%]
>  19:libselinux-devel       ########################################### [ 73%]
>  20:keyutils-libs-devel    ########################################### [ 77%]
>  21:e2fsprogs-devel        ########################################### [ 81%]
>  22:krb5-devel             ########################################### [ 85%]
>  23:zlib-devel             ########################################### [ 88%]
>  24:ipa-client             ########################################### [ 92%]
>  25:openssl-devel          ########################################### [ 96%]
>  26:libref_array           ########################################### [100%]
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
> Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
> DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
> IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
> BaseDN: dc=expertcity,dc=com
> 
> 
> Joining realm failed: ber_scanf() failed, Invalid control ?!
> child exited with 9
> Certificate subject base is: O=EXPERTCITY.COM
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]#
> [root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
> Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
> DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
> IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
> BaseDN: dc=expertcity,dc=com
> 
> 
> Joining realm failed: Host is already joined.
> Certificate subject base is: O=EXPERTCITY.COM
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Simo recently fixed a bug in master that was preventing users keytabs from being recognized as non expired... Following a hunch, I updated the Stage Server with the newest master and now I get a completely new error from the RHEL 5.7 Client:

Joining realm failed because of failing XML-RPC request.
  This error may be caused by incompatible server/client major versions.








More information about the Freeipa-devel mailing list