Bug 1049531

Summary: adcli delete-computer doesn't work
Product: [Fedora] Fedora EPEL Reporter: David Spurek <dspurek>
Component: adcliAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: el6CC: dspurek, ebenes, sgallagh, stefw
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-08 11:13:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Spurek 2014-01-07 17:13:39 UTC 
Description of problem:
adcli delete-computer doesn't work.

Command ends with error:
...
 ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)


Version-Release number of selected component (if applicable):
adcli-0.7.3-1.el6

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:
adcli -v delete-computer --domain=ad.baseos.qe --domain-controller=10.34.37.22 rhel6_5.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: RHEL6_5
 * Calculated domain realm from name: AD.BASEOS.QE
 * Sending cldap pings to domain controller: 10.34.37.22
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-ARWBsf/krb5.d/adcli-krb5-conf-8bog7q
Password for Administrator.QE: 
 * Authenticated as user: Administrator.QE
 ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
adcli: couldn't connect to ad.baseos.qe domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)

Expected results:
adcli -v delete-computer pass

Additional info:
Comment 1 Stef Walter 2014-01-07 17:23:02 UTC 
Hmmm, I've never tested adcli on RHEL 6. Could easily have problems with the older version of krb5 there.

Could you run the command again with the environment variable KRB5_TRACE=/dev/stderr
Comment 4 Stef Walter 2014-01-08 11:13:34 UTC 
krb5.conf is missing 'rdns=false' on RHEL 6. If you add it to your [libdefaults] section then the test case will work. 'rdns=false' is the default on RHEL 7 and Fedora 19+.

Well it won't "work" in this case, because I just deleted the computer account you were testing against :) ... but you get what I mean.
Comment 5 David Spurek 2014-01-08 12:42:53 UTC 
Now it works, thank you for the help Stef.