Red Hat Bugzilla – Bug 1442427
ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB Group not found
Last modified: 2017-08-01 05:48:56 EDT
Description of problem: ipa-server-install displays "ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB Group not found" Version-Release number of selected component (if applicable): ipa-server-4.5.0-6.el7.x86_64 389-ds-base-1.3.6.1-7.el7.x86_64 How reproducible:Always Steps to Reproduce: 1. Install IPA-server on RHEL7.4 with SELINUX in permissive mode. 2. Check the message displayed on the console. 3. Run ipa-server-upgrade. 4. Check message displayed on the console. Actual results: 2. Below is the message displayed on the console. Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/9]: stopping directory server [2/9]: saving configuration [3/9]: disabling listeners [4/9]: enabling DS global lock [5/9]: starting directory server [6/9]: upgrading server ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB Group not found [7/9]: stopping directory server [8/9]: restoring configuration [9/9]: starting directory server 4. Below is the message displayed on the console. [root@master quickinstall]# ipa-server-upgrade Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/10]: stopping directory server [2/10]: saving configuration [3/10]: disabling listeners [4/10]: enabling DS global lock [5/10]: starting directory server [6/10]: updating schema [7/10]: upgrading server Default SMB Group not found [8/10]: stopping directory server Expected results: Need to fix the issue seen during installation and ipa-server-upgrade. Additional info: Attaching the ipa-server install/upgrade log
Created attachment 1271714 [details] Install log
Created attachment 1271715 [details] Upgrade log
Upstream ticket: https://pagure.io/freeipa/issue/6881
Fixed upstream master: https://pagure.io/freeipa/c/434d9e539d24fe0110c5d6bf4a4342daf40d15d5 ipa-4-5: https://pagure.io/freeipa/c/c05bd60585fb80e061b8582a648a65204c709f51
Fix is seen. Verified on RHEL7.4 using ipa-server-4.5.0-9.el7.x86_64 389-ds-base-1.3.6.1-9.el7.x86_64 sssd-1.15.2-21.el7.x86_64 selinux-policy-3.13.1-145.el7.noarch pki-kra-10.4.1-2.el7.noarch pki-ca-10.4.1-2.el7.noarch selinux-policy-3.13.1-145.el7.noarch ipa-server-trust-ad-4.5.0-9.el7.x86_64 [root@master config]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [root@master config]# ipa-server-upgrade Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/10]: stopping directory server [2/10]: saving configuration [3/10]: disabling listeners [4/10]: enabling DS global lock [5/10]: starting directory server [6/10]: updating schema [7/10]: upgrading server [8/10]: stopping directory server [9/10]: restoring configuration [10/10]: starting directory server Done. Update complete Upgrading IPA services Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] CRL tree already moved [Verifying that CA proxy configuration is correct] [Verifying that KDC configuration is using ipa-kdb backend] [Fix DS schema file syntax] Syntax already fixed [Removing RA cert from DS NSS database] RA cert already removed [Enable sidgen and extdom plugins by default] [Updating HTTPD service IPA configuration] [Updating mod_nss protocol versions] Protocol versions already updated [Updating mod_nss cipher suite] [Fixing trust flags in /etc/httpd/alias] Trust flags already processed [Moving HTTPD service keytab to gssproxy] [Removing self-signed CA] [Removing Dogtag 9 CA] [Checking for deprecated KDC configuration files] [Checking for deprecated backups of Samba configuration files] [Remove FILE: prefix from 'dedicated keytab file' in Samba configuration] [Add missing CA DNS records] IPA CA DNS records already processed [Removing deprecated DNS configuration options] [Ensuring minimal number of connections] [Updating GSSAPI configuration in DNS] [Updating pid-file configuration in DNS] [Checking global forwarding policy in named.conf to avoid conflicts with automatic empty zones] Changes to named.conf have been made, restart named [Upgrading CA schema] CA schema update complete (no changes) [Verifying that CA audit signing cert has 2 year validity] [Update certmonger certificate renewal configuration to version 6] [Enable PKIX certificate path discovery and validation] PKIX already enabled [Authorizing RA Agent to modify profiles] [Authorizing RA Agent to manage lightweight CAs] [Ensuring Lightweight CAs container exists in Dogtag database] [Adding default OCSP URI configuration] [Ensuring CA is using LDAPProfileSubsystem] [Migrating certificate profiles to LDAP] [Ensuring presence of included profiles] [Add default CA ACL] Default CA ACL already added [Set up lightweight CA key retrieval] Creating principal Retrieving keytab Creating Custodia keys Configuring key retriever [Setup PKINIT] The IPA services were upgraded The ipa-server-upgrade command was successful
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304