Bug 1049531 - adcli delete-computer doesn't work
Summary: adcli delete-computer doesn't work
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: adcli
Version: el6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-07 17:13 UTC by David Spurek
Modified: 2015-03-02 05:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-08 11:13:34 UTC
Type: Bug


Attachments (Terms of Use)

Description David Spurek 2014-01-07 17:13:39 UTC
Description of problem:
adcli delete-computer doesn't work.

Command ends with error:
...
 ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)


Version-Release number of selected component (if applicable):
adcli-0.7.3-1.el6

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:
adcli -v delete-computer --domain=ad.baseos.qe --domain-controller=10.34.37.22 rhel6_5.ad.baseos.qe
 * Using domain name: ad.baseos.qe
 * Calculated computer account name from fqdn: RHEL6_5
 * Calculated domain realm from name: AD.BASEOS.QE
 * Sending cldap pings to domain controller: 10.34.37.22
 * Received NetLogon info from: sec-ad1.ad.baseos.qe
 * Wrote out krb5.conf snippet to /tmp/adcli-krb5-ARWBsf/krb5.d/adcli-krb5-conf-8bog7q
Password for Administrator@AD.BASEOS.QE: 
 * Authenticated as user: Administrator@AD.BASEOS.QE
 ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
adcli: couldn't connect to ad.baseos.qe domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)

Expected results:
adcli -v delete-computer pass

Additional info:

Comment 1 Stef Walter 2014-01-07 17:23:02 UTC
Hmmm, I've never tested adcli on RHEL 6. Could easily have problems with the older version of krb5 there.

Could you run the command again with the environment variable KRB5_TRACE=/dev/stderr

Comment 4 Stef Walter 2014-01-08 11:13:34 UTC
krb5.conf is missing 'rdns=false' on RHEL 6. If you add it to your [libdefaults] section then the test case will work. 'rdns=false' is the default on RHEL 7 and Fedora 19+.

Well it won't "work" in this case, because I just deleted the computer account you were testing against :) ... but you get what I mean.

Comment 5 David Spurek 2014-01-08 12:42:53 UTC
Now it works, thank you for the help Stef.


Note You need to log in before you can comment on or make changes to this bug.