Bug 1442427 - ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB Group not found
Summary: ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Sudhir Menon
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-14 17:28 UTC by Sudhir Menon
Modified: 2017-08-01 09:48 UTC (History)
5 users (show)

Fixed In Version: ipa-4.5.0-9.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:48:56 UTC
Target Upstream Version:


Attachments (Terms of Use)
Install log (3.80 MB, text/plain)
2017-04-14 17:44 UTC, Sudhir Menon
no flags Details
Upgrade log (5.03 MB, text/plain)
2017-04-14 17:49 UTC, Sudhir Menon
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Sudhir Menon 2017-04-14 17:28:27 UTC
Description of problem: ipa-server-install displays "ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR Default SMB Group not found" 

Version-Release number of selected component (if applicable):

ipa-server-4.5.0-6.el7.x86_64
389-ds-base-1.3.6.1-7.el7.x86_64

How reproducible:Always

Steps to Reproduce:
1. Install IPA-server on RHEL7.4 with SELINUX in permissive mode.
2. Check the message displayed on the console.
3. Run ipa-server-upgrade.
4. Check message displayed on the console.

Actual results:
2. Below is the message displayed on the console.

Upgrading IPA:. Estimated time: 1 minute 30 seconds
  [1/9]: stopping directory server
  [2/9]: saving configuration
  [3/9]: disabling listeners
  [4/9]: enabling DS global lock
  [5/9]: starting directory server
  [6/9]: upgrading server
ipa.ipaserver.install.plugins.adtrust.update_tdo_gidnumber: ERROR    Default SMB Group not found
  [7/9]: stopping directory server
  [8/9]: restoring configuration
  [9/9]: starting directory server

4. Below is the message displayed on the console.

[root@master quickinstall]# ipa-server-upgrade 
Upgrading IPA:. Estimated time: 1 minute 30 seconds
  [1/10]: stopping directory server
  [2/10]: saving configuration
  [3/10]: disabling listeners
  [4/10]: enabling DS global lock
  [5/10]: starting directory server
  [6/10]: updating schema
  [7/10]: upgrading server
Default SMB Group not found
  [8/10]: stopping directory server

Expected results: Need to fix the issue seen during installation and ipa-server-upgrade.

Additional info: Attaching the ipa-server install/upgrade log

Comment 2 Sudhir Menon 2017-04-14 17:44:58 UTC
Created attachment 1271714 [details]
Install log

Comment 3 Sudhir Menon 2017-04-14 17:49:24 UTC
Created attachment 1271715 [details]
Upgrade log

Comment 4 Petr Vobornik 2017-04-20 14:30:27 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6881

Comment 7 Sudhir Menon 2017-05-03 09:16:11 UTC
Fix is seen. Verified on RHEL7.4 using

ipa-server-4.5.0-9.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
sssd-1.15.2-21.el7.x86_64
selinux-policy-3.13.1-145.el7.noarch
pki-kra-10.4.1-2.el7.noarch
pki-ca-10.4.1-2.el7.noarch
selinux-policy-3.13.1-145.el7.noarch
ipa-server-trust-ad-4.5.0-9.el7.x86_64

[root@master config]# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

[root@master config]# ipa-server-upgrade 
Upgrading IPA:. Estimated time: 1 minute 30 seconds
  [1/10]: stopping directory server
  [2/10]: saving configuration
  [3/10]: disabling listeners
  [4/10]: enabling DS global lock
  [5/10]: starting directory server
  [6/10]: updating schema
  [7/10]: upgrading server
  [8/10]: stopping directory server
  [9/10]: restoring configuration
  [10/10]: starting directory server
Done.
Update complete
Upgrading IPA services
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
CRL tree already moved
[Verifying that CA proxy configuration is correct]
[Verifying that KDC configuration is using ipa-kdb backend]
[Fix DS schema file syntax]
Syntax already fixed
[Removing RA cert from DS NSS database]
RA cert already removed
[Enable sidgen and extdom plugins by default]
[Updating HTTPD service IPA configuration]
[Updating mod_nss protocol versions]
Protocol versions already updated
[Updating mod_nss cipher suite]
[Fixing trust flags in /etc/httpd/alias]
Trust flags already processed
[Moving HTTPD service keytab to gssproxy]
[Removing self-signed CA]
[Removing Dogtag 9 CA]
[Checking for deprecated KDC configuration files]
[Checking for deprecated backups of Samba configuration files]
[Remove FILE: prefix from 'dedicated keytab file' in Samba configuration]
[Add missing CA DNS records]
IPA CA DNS records already processed
[Removing deprecated DNS configuration options]
[Ensuring minimal number of connections]
[Updating GSSAPI configuration in DNS]
[Updating pid-file configuration in DNS]
[Checking global forwarding policy in named.conf to avoid conflicts with automatic empty zones]
Changes to named.conf have been made, restart named
[Upgrading CA schema]
CA schema update complete (no changes)
[Verifying that CA audit signing cert has 2 year validity]
[Update certmonger certificate renewal configuration to version 6]
[Enable PKIX certificate path discovery and validation]
PKIX already enabled
[Authorizing RA Agent to modify profiles]
[Authorizing RA Agent to manage lightweight CAs]
[Ensuring Lightweight CAs container exists in Dogtag database]
[Adding default OCSP URI configuration]
[Ensuring CA is using LDAPProfileSubsystem]
[Migrating certificate profiles to LDAP]
[Ensuring presence of included profiles]
[Add default CA ACL]
Default CA ACL already added
[Set up lightweight CA key retrieval]
Creating principal
Retrieving keytab
Creating Custodia keys
Configuring key retriever
[Setup PKINIT]
The IPA services were upgraded
The ipa-server-upgrade command was successful

Comment 8 errata-xmlrpc 2017-08-01 09:48:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.