Hide Forgot
Description of problem: Install ipa-client specifying an incorrect hostname. ipa-join will force this host to be added on server. Install indicates errors. But when uninstalling this client, the keytab for this client is not cleared on the server. Uninstall indicates errors. run: ipa-client-install -d --hostname rhel61-client.xxx stderr has: Warning: Hostname (rhel61-client.xxx) not found in DNS Failed to obtain host TGT. DNS server record set to: rhel61-client.xxx -> 10.16.19.131 SSSD enabled nss_ldap is not able to use DNS discovery! Changing configuration to use hardcoded server name: rhel61-server.testrelm debug includes: Warning: Hostname (rhel61-client.xxx) not found in DNS root : DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab root : DEBUG stdout= root : DEBUG stderr=kinit: No key table entry found for host/rhel61-client.testrelm@TESTRELM while getting initial credentials Failed to obtain host TGT. root : DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt root : DEBUG stdout= root : DEBUG stderr=specified zone 'xxx' does not exist (NXDOMAIN) specified zone 'xxx' does not exist (NXDOMAIN) DNS server record set to: rhel61-client.xxx -> 10.16.19.131 ipa-server has: # ipa host-show --all rhel61-client.xxx dn: fqdn=rhel61-client.xxx,cn=computers,cn=accounts,dc=testrelm Host name: rhel61-client.xxx Principal name: host/rhel61-client.xxx@TESTRELM Keytab: True Managed by: rhel61-client.xxx cn: rhel61-client.xxx enrolledby_user: admin ipauniqueid: 56e1e64a-443e-11e0-98b3-5254009f598e krbextradata: AAgBAA==, AAIAUG1NaG9zdC9yaGVsNjEtY2xpZW50Lnh4eEBURVNUUkVMTQA= krblastpwdchange: 20110301195856Z objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top serverhostname: rhel61-client Now uninstall this client. ipa-client-install --uninstall stderr has: Unenrolling host failed: Error obtaining initial credentials: Key table entry not found. debug has: Unenrolling client from IPA server root : DEBUG args=/usr/sbin/ipa-join --unenroll root : DEBUG stdout= root : DEBUG stderr=Error obtaining initial credentials: Key table entry not found. Unenrolling host failed: Error obtaining initial credentials: Key table entry not found. ipa-server still has: # ipa host-show --all rhel61-client.xxx dn: fqdn=rhel61-client.xxx,cn=computers,cn=accounts,dc=testrelm Host name: rhel61-client.xxx Principal name: host/rhel61-client.xxx@TESTRELM Keytab: True Managed by: rhel61-client.xxx cn: rhel61-client.xxx enrolledby_user: admin ipauniqueid: 56e1e64a-443e-11e0-98b3-5254009f598e krbextradata: AAgBAA==, AAIAUG1NaG9zdC9yaGVsNjEtY2xpZW50Lnh4eEBURVNUUkVMTQA= krblastpwdchange: 20110301195856Z objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top serverhostname: rhel61-client Version-Release number of selected component (if applicable): ipa-client-2.0.0-13.el6.x86_64 How reproducible: Steps to Reproduce: 1.ipa-client-install -d --hostname rhel61-client.xxx 2.ipa host-show --all rhel61-client.xxx 3.ipa-client-install --uninstall Actual results: ipa host-show --all rhel61-client.xxx still has Keytab: True Expected results: should be Keytab: False Additional info:
https://fedorahosted.org/freeipa/ticket/1029
master: 3735450ab8089c64f196899ab6af2447d1c4a2fc
Verified. Keytab is set to false when following same steps. Verified using: ipa-client-2.0.0-13.20110310T0728zgited5cffd.el6.x86_64
per comment 5 setting bug status to verified.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0631.html