Bug 1476782 - Login to ipa-server UI fails with message "Login failed due to an unknown reason." when ipa configured from ipa-docker image is upgraded to latest version.
Login to ipa-server UI fails with message "Login failed due to an unknown rea...
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa-server-docker (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Petr Vobornik
Nikhil Dehadrai
: Extras
Depends On:
Blocks: 1405325
  Show dependency treegraph
 
Reported: 2017-07-31 09:08 EDT by Nikhil Dehadrai
Modified: 2018-04-05 07:32 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nikhil Dehadrai 2017-07-31 09:08:40 EDT
Description of problem:
Login to ipa-server UI fails with message "Login failed due to an unknown reason."  when ipa configured from ipa-docker image is upgraded to latest version. ( In my case RHEL 7.3.z to RHEL 7.4.z)

Version-Release number of selected component (if applicable):
ipa-docker image: 4.5.0.8

BIND:
bind-dyndb-ldap-11.1-4.el7.x86_64
bind-9.9.4-51.el7.x86_64

IPA-VERSION:
ipa-server-4.5.0-21.el7.x86_64

Atomic host version:
-bash-4.2# atomic host status
State: idle
Deployments:
● atomic-host:rhel-atomic-host/7/x86_64/standard
                Version: 7.4.0 (2017-07-28 00:26:01)
                 Commit: 846fb0e18e65bd9a62fc9d952627413c6467c33c2d726449a1d7ad7690bbb93a

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server and REPLICA server using ipa-docker image(4.4.0.45 i.e RHEL 7.3.z).
2. Upgrade the ipa-server and replica using latest image.(4.5.0.8)


Actual results:
After step2, Upgrade is successful, but, after upgrade the user is unable to login to server UI for IPA/Replica both and same error message "Login failed due to an unknown reason." is noticed. (In my case from rhel 7.3.z to rhel 7.4.z)

#httpd error log:
[Fri Jul 28 12:46:18.524602 2017] [:error] [pid 1207] [remote x.x.x.x:76] mod_wsgi (pid=1207): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Fri Jul 28 12:46:18.524663 2017] [:error] [pid 1207] [remote x.x.x.x:76] Traceback (most recent call last):
[Fri Jul 28 12:46:18.524688 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/share/ipa/wsgi.py", line 51, in application
[Fri Jul 28 12:46:18.524731 2017] [:error] [pid 1207] [remote x.x.x.x:76]     return api.Backend.wsgi_dispatch(environ, start_response)
[Fri Jul 28 12:46:18.524741 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in __call__
[Fri Jul 28 12:46:18.524757 2017] [:error] [pid 1207] [remote x.x.x.x:76]     return self.route(environ, start_response)
[Fri Jul 28 12:46:18.524763 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in route
[Fri Jul 28 12:46:18.524771 2017] [:error] [pid 1207] [remote x.x.x.x:76]     return app(environ, start_response)
[Fri Jul 28 12:46:18.524789 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 929, in __call__
[Fri Jul 28 12:46:18.524799 2017] [:error] [pid 1207] [remote x.x.x.x:76]     self.kinit(user_principal, password, ipa_ccache_name)
[Fri Jul 28 12:46:18.524804 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 965, in kinit
[Fri Jul 28 12:46:18.524812 2017] [:error] [pid 1207] [remote x.x.x.x:76]     pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM],
[Fri Jul 28 12:46:18.524819 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 125, in kinit_armor
[Fri Jul 28 12:46:18.524830 2017] [:error] [pid 1207] [remote x.x.x.x:76]    run(args, env=env, raiseonerr=True, capture_error=True)
[Fri Jul 28 12:46:18.524836 2017] [:error] [pid 1207] [remote x.x.x.x:76]   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 511, in run
[Fri Jul 28 12:46:18.524847 2017] [:error] [pid 1207] [remote x.x.x.x:76]     raise CalledProcessError(p.returncode, arg_string, str(output))
[Fri Jul 28 12:46:18.524875 2017] [:error] [pid 1207] [remote x.x.x.x:76] CalledProcessError: Command '/usr/bin/kinit -n -c /var/run/ipa/ccaches/armor_1207 -X X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem' returned non-zero exit status 1

Expected results:
User should be able to successfully login to IPA-server/ Replica after upgrade.

Additional info:
This issue is not observed for IPA server upgraded from RHEL 7.3.z to RHEL 7.4.z (rpm based installation)
Comment 3 binny 2017-08-11 10:37:03 EDT
I face the exact same issue. Any updates on how to resolve this ?

Note You need to log in before you can comment on or make changes to this bug.