Description of problem: Trying to perform any administration task with the lastest IPA v2.0 code results in: Invalid credentials:SASL(-14): authorization failure: ipa console output: >>> api.Command.user_find(u'admin') Traceback (most recent call last): File "<console>", line 1, in ? File "/usr/lib/python2.4/site-packages/ipalib/plugable.py", line 410, in __call__ return self['__call__'](*args, **kw) File "/usr/lib/python2.4/site-packages/ipalib/frontend.py", line 398, in __call__ result = self.run(*args, **options) File "/usr/lib/python2.4/site-packages/ipalib/frontend.py", line 607, in run return self.forward(*args, **options) File "/usr/lib/python2.4/site-packages/ipalib/frontend.py", line 628, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.4/site-packages/ipalib/rpc.py", line 406, in forward raise error(message=e.faultString) DatabaseError: Invalid credentials:SASL(-14): authorization failure: ipa cli output: [root@jennyv2 ipalib]# ipa user-find admin ipa: ERROR: Invalid credentials:SASL(-14): authorization failure: Version-Release number of selected component (if applicable): 2.0 How reproducible: always Steps to Reproduce: 1. Install ipa server lastest build 2. ipa find-user admin 3. Actual results: Invalid credentials:SASL(-14): authorization failure: Expected results: admin user information returned Additional info: dirsrv access log: [22/Jun/2009:12:14:15 -0400] conn=5 op=115 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BOS.REDHAT.COM.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=115 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=5 op=116 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BOS.REDHAT.COM.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=116 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=5 op=117 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BOS.REDHAT.COM.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=117 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=5 op=118 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BOS.REDHAT.COM.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=118 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=41 fd=85 slot=85 connection from 127.0.0.1 to 127.0.0.1 [22/Jun/2009:12:14:15 -0400] conn=5 op=119 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BOS.REDHAT.COM.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=119 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=5 op=120 SRCH base="dc=bos,dc=redhat,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ldap/jennyv2.bos.redhat.com.COM))" attrs="krbPrincipalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth nsAccountLock loginexpirationtime logindisabled modifyTimestamp krbLastPwdChange krbExtraData krbObjectReferences" [22/Jun/2009:12:14:15 -0400] conn=5 op=120 RESULT err=0 tag=101 nentries=1 etime=0 [22/Jun/2009:12:14:15 -0400] conn=41 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [22/Jun/2009:12:14:15 -0400] conn=41 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [22/Jun/2009:12:14:15 -0400] conn=41 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [22/Jun/2009:12:14:15 -0400] conn=41 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [22/Jun/2009:12:14:15 -0400] conn=41 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [22/Jun/2009:12:14:15 -0400] conn=41 op=2 RESULT err=49 tag=97 nentries=0 etime=0 http error log: ipa: INFO: response: DatabaseError: Invalid credentials:SASL(-14): authorization failure: kerberos Information: [root@jennyv2 plugins]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin.COM Valid starting Expires Service principal 06/22/09 09:11:18 06/23/09 09:11:11 krbtgt/BOS.REDHAT.COM.COM 06/22/09 09:32:26 06/23/09 09:11:11 HTTP/jennyv2.bos.redhat.com.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached
executing ipa CLI with -d flag: [root@jennyv2 ipa]# ipa -d user-find admin ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.4/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/aci2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/application.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/basegroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/basegroup2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/cert.py' ipa: INFO: skipping plugin module ipalib.plugins.cert: env.enable_ra is not True ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/config2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/defaultoptions.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/dns2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/group2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/host2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/hostgroup2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/join.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/netgroup2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/passwd2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/pwpolicy2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/rolegroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/rolegroup2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/service2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/taskgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/taskgroup2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/user.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/user2.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.4/site-packages/ipalib/plugins/xmlclient.py' ipa: INFO: Created connection context.xmlclient ipa: DEBUG: raw: user_find(u'admin', all=False) ipa: INFO: user_find(u'admin', all=False) ipa: INFO: Forwarding 'user_find' to server 'https://jennyv2.bos.redhat.com/ipa/xml' ipa: DEBUG: Caught fault 4203 from server https://jennyv2.bos.redhat.com/ipa/xml: Invalid credentials:SASL(-14): authorization failure: ipa: INFO: Destroyed connection context.xmlclient ipa: ERROR: Invalid credentials:SASL(-14): authorization failure:
Closing - bug DS issue that has already been reported. *** This bug has been marked as a duplicate of bug 504383 ***