Bug 723622
Summary: | Need an arch-specific Requires on cyrus-sasl-gssapi | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 6.1 | CC: | benl, grajaiya, jgalipea |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.1.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: ipa-getkeytab fails with a bind error.
Consequence: Client enrollment fails: ipa-getkeytab is not successful in retrieving keytabs for a client.
Fix: If 32-bit packages are used on a 64-bit system then 32-bit cyrus-sasl-gssapi is required. Add architecture-specific Requires to the rpm spec file.
Result: The right packages are installed on the right architectures.
|
Story Points: | --- |
Clone Of: | 723620 | Environment: | |
Last Closed: | 2011-12-06 18:41:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 723620 | ||
Bug Blocks: |
Description
Rob Crittenden
2011-07-20 17:47:24 UTC
master: 3fe36a63b6747ef1d961e1ffd287177d7341f1f9 ipa-2-0: 99a18c3ac258b47f949b301fe09ed1a01fed28cf Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: ipa-getkeytab fails with a bind error. Consequence: Client enrollment fails: ipa-getkeytab is not successful in retrieving keytabs for a client. Fix: If 32-bit packages are used on a 64-bit system then 32-bit cyrus-sasl-gssapi is required. Add architecture-specific Requires to the rpm spec file. Result: The right packages are installed on the right architectures. [root@ipaqa64vmc ~]# arch x86_64 [root@ipaqa64vmc ~]# [root@ipaqa64vmc ~]# yum localinstall ipa-admintools-2.1.3-8.el6.i686.rpm ipa-client-2.1.3-8.el6.i686.rpm ... Dependencies Resolved =========================================================================== Package Arch Version =========================================================================== Installing: ipa-admintools i686 2.1.3-8.el6 ipa-client i686 2.1.3-8.el6 Installing for dependencies: cyrus-sasl-gssapi i686 2.1.23-13.el6 cyrus-sasl-lib i686 2.1.23-13.el6 ... [root@ipaqa64vmc ~]# yum install nss-sysinit-3.12.10-15.el6.i686.rpm Dependency requirement for nss-sysinit is tracked at https://bugzilla.redhat.com/show_bug.cgi?id=751694 [root@ipaqa64vmc ~]# ipa-client-install DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): rhts.eng.bos.redhat.com DNS discovery failed to find the IPA Server Provide your IPA server name (ex: ipa.example.com): hp-dl580g5-01.rhts.eng.bos.redhat.com The failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured. Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Hostname: ipaqa64vmc.idm.lab.bos.redhat.com Realm: RHTS.ENG.BOS.REDHAT.COM DNS Domain: rhts.eng.bos.redhat.com IPA Server: hp-dl580g5-01.rhts.eng.bos.redhat.com BaseDN: dc=rhts,dc=eng,dc=bos,dc=redhat,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Password for admin.BOS.REDHAT.COM: Enrolled in IPA realm RHTS.ENG.BOS.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm RHTS.ENG.BOS.REDHAT.COM SSSD enabled NTP enabled Client configuration complete. [root@ipaqa64vmc ~]# [root@ipaqa64vmc ~]# klist -ekt /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (aes256-cts-hmac-sha1-96) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (aes128-cts-hmac-sha1-96) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (des3-cbc-sha1) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (arcfour-hmac) [root@ipaqa64vmc ~]# [root@ipaqa64vmc ~]# ipa-getkeytab --server=hp-dl580g5-01.rhts.eng.bos.redhat.com --principal=HTTP/hp-dl580g5-01.rhts.eng.bos.redhat.com.BOS.REDHAT.COM --keytab=/etc/krb5.keytab --binddn="cn=directory manager" --bindpw=Secret123 Keytab successfully retrieved and stored in: /etc/krb5.keytab [root@ipaqa64vmc ~]# klist -ekt /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (aes256-cts-hmac-sha1-96) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (aes128-cts-hmac-sha1-96) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (des3-cbc-sha1) 1 11/07/11 05:28:48 host/ipaqa64vmc.idm.lab.bos.redhat.com.BOS.REDHAT.COM (arcfour-hmac) 3 11/07/11 05:33:36 HTTP/hp-dl580g5-01.rhts.eng.bos.redhat.com.BOS.REDHAT.COM (aes256-cts-hmac-sha1-96) 3 11/07/11 05:33:36 HTTP/hp-dl580g5-01.rhts.eng.bos.redhat.com.BOS.REDHAT.COM (aes128-cts-hmac-sha1-96) 3 11/07/11 05:33:36 HTTP/hp-dl580g5-01.rhts.eng.bos.redhat.com.BOS.REDHAT.COM (des3-cbc-sha1) 3 11/07/11 05:33:36 HTTP/hp-dl580g5-01.rhts.eng.bos.redhat.com.BOS.REDHAT.COM (arcfour-hmac) [root@ipaqa64vmc ~]# [root@ipaqa64vmc ~]# rpm -qi ipa-client Name : ipa-client Relocations: (not relocatable) Version : 2.1.3 Vendor: Red Hat, Inc. Release : 8.el6 Build Date: Tue 01 Nov 2011 05:50:44 PM EDT Install Date: Mon 07 Nov 2011 05:22:55 AM EST Build Host: x86-004.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.3-8.el6.src.rpm Size : 220595 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : IPA authentication for use on clients Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |