Bug 1658908
| Summary: | Leaving IPA domain fails: Unable to activate profile [sssd] [22]: Invalid argument | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Martin Pitt <mpitt> | ||||
| Component: | authselect | Assignee: | Pavel Březina <pbrezina> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Steeve Goveas <sgoveas> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.0 | CC: | pbrezina | ||||
| Target Milestone: | rc | Keywords: | Regression | ||||
| Target Release: | 8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-01-03 11:06:34 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
This is fixed on IPA side: https://bugzilla.redhat.com/show_bug.cgi?id=1654291 |
Created attachment 1513912 [details] /var/log/ipaclient-uninstall.log Description of problem: Leaving an IPA domain started to fail very recently in RHEL 8.0 nightlies. Between ipa-client, sssd, and authselect, only the latter changed recently, so supposedly the regression is there. Version-Release number of selected component (if applicable): ipa-client-4.7.1-1.el8+1957+d517d3b2.x86_64 sssd-2.0.0-23.el8.x86_64 authselect-1.0-9.el8.x86_64 Still worked with authselect-1.0-6.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Join a domain with "ipa-client-install" and let it succeed. 2. Leave the domain with "ipa-client-install --uninstall" Actual results: Step 2 fails, with Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations WARNING: Unable to revert to the pre-installation state ('authconfig' tool has been deprecated in favor of 'authselect'). The default sssd profile will be used instead. The authconfig arguments would have been: authconfig --disableldap --disablekrb5 --disablesssdauth --disablemkhomedir Failed to remove krb5/LDAP configuration: CalledProcessError(Command ['/usr/bin/authselect', 'select', 'sssd', '', '--force'] returned non-zero exit status 1: '[error] Unknown profile feature []\n[error] Unable to activate profile [sssd] [22]: Invalid argument\nUnable to activate profile [22]: Invalid argument\n') The ipa-client-install command failed. See /var/log/ipaclient-uninstall.log for more information I attach /var/log/ipaclient-uninstall.log. Expected results: Leaving domain succeeds.