Description of problem: When adding 'firewall --enabled --ssh' to a kickstart that otherwise works (read: 'firewall --disabled' lokkit hangs at install time which hangs anaconda. Version-Release number of selected component (if applicable): system-config-securitylevel-1.6.29.1-1 How reproducible: Always Steps to Reproduce: 1. Add 'firewall --enabled --ssh' to a known working kickstart Actual results: lokkit hangs, needs to be killed to make install proceed. If left long enough, install reboots and then hangs at applying ip6tables firewall rules (read: ip6tables init) Expected results: Everything works. Additional info: http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html states that --ssh and --port=22 should work.
s/disabled'/disabled'\)/ --port=22 is not valid, testing --port=22:tcp now.
--port=22:tcp also hangs. The resulting command is (read: the command that is hanging): lokkit --quiet --nostart -f --enabled --port=22:tcp --port=22:tcp
Manually running this command seems to succeed, however the anaconda started lokkit command still hangs.
Could you please attach the output of attaching a strace on the hanging lokkit command?
How might I get strace into the active install? It seems busybox doesn't have it. Should I just scp a compatible binary?
Oh right, that is a busybox environment. I do not know if it possible to get the strace from an installed system working with it.
So, Jeroen van Meeuwen has ran into this issue before. The issue is setting: --enableldapauth --ldapserver=ldap.domain.tld --ldapbasedn=dc=domain,dc=tld --enablecache where the ldap.domain.tld is MS AD. Fun. Lokkit now runs as expected.
Well, I had a similar issue where /etc/nsswitch.conf has "hosts: files dns ldap", network didn't come up properly, querying files and dns for "ldap01.domain.tld" failed accordingly and it fell back to ldap (which then again wanted ldap01.domain.tld), which resulted in timeouts and eventually segfaulted. While the catch-22 I encountered was caused by the network not coming up properly (hence no bug was logged), obviously one would want to see this particular issue fixed, as it's occurring during the installation and a perfectly viable use-case.
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
This looks to have been fixed is the 5.3 nss as I've been unable to reproduce it.
Closing as CURRENTRELEASE as per comment #11. Please feel free to reopen in case the problem reappears. Thanks & regards, Phil