[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install
abbra
freeipa-github-notification at redhat.com
Thu Dec 8 15:56:30 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/62
Title: #62: Configure Anonymous PKINIT on server install
abbra commented:
"""
@simo5 I tried to run the branch as an upgrade against Fedora 25 version (4.4.2-1.fc25) and it failed at first because I was running in SELinux enforcing:
Unexpected error - see /var/log/ipaupgrade.log for details:
DBusException: org.fedorahosted.certmonger.bad_arg: The parent of location "/var/kerberos/krb5kdc/kdc.crt" could not be accessed due to insufficient permissions.
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Re-running `ipa-server-upgrade` with 'setenforce 0', I get different error:
2016-12-08T15:52:28Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2016-12-08T15:52:28Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1820, in upgrade upgrade_configuration()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1755, in upgrade_configuration
enable_anonymous_principal(krb)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1498, in enable_anonymous_principal
dn = DN(('krbprincipalname', princ_realm), krb.get_realm_suffix())
File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 74, in get_realm_suffix
return DN(('cn', self.realm), ('cn', 'kerberos'), self.suffix)
File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1107, in __init__
self.rdns = self._rdns_from_sequence(args)
File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1148, in _rdns_from_sequence
rdn = self._rdns_from_value(item)
File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1141, in _rdns_from_value
% type(value))
2016-12-08T15:52:28Z DEBUG The ipa-server-upgrade command failed, exception: TypeError: must be str, unicode, tuple, Name, RDN or DN, got <type 'NoneType'> instead
2016-12-08T15:52:28Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
TypeError: must be str, unicode, tuple, Name, RDN or DN, got <type 'NoneType'> instead
"""
See the full comment at https://github.com/freeipa/freeipa/pull/62#issuecomment-265775539
More information about the Freeipa-devel
mailing list