2:58 p.m.
Greetings,
I cannot get the ipa-replica-install to proceed past step 26/41 - creating DS keytab. I
see the command that is to be run, and I can run that just fine before and after the
ipa-replica-install command, and it creates the keytab. I am not sure how to proceed from
here - the bug reports I see all pertain to earlier versions, and my files reflect those
changes.
I have also tried running this with all manner of password flags, which are correct, but
still getting insufficient access rights.
particulars:
centos 7 3.10.0-957.1.3.el7.x86_64
ipa-server-4.6.4-10.el7.centos.x86_64
ipa-common-4.6.4-10.el7.centos.noarch
ipa-server-common-4.6.4-10.el7.centos.noarch
ipa-client-4.6.4-10.el7.centos.x86_64
ipa-server-dns-4.6.4-10.el7.centos.noarch
ipa-client-common-4.6.4-10.el7.centos.noarch
* Note: anonymized output below
ipapython.ipautil: DEBUG stderr=
ipalib.backend: DEBUG Created connection context.ldap2_139891568509776
ipaserver.install.service: DEBUG duration: 7 seconds
ipaserver.install.service: DEBUG [26/41]: creating DS keytab
[26/41]: creating DS keytab
ipalib.frontend: DEBUG raw:
service_add(u'ldap/<ipa-replica-host>(a)<domain>.NET', force=True,
version=u'2.229')
ipalib.frontend: DEBUG
service_add(ipapython.kerberos.Principal('ldap/<ipa-replica-host>(a)<domain>.NET'),
force=True, all=False, raw=False, version=u'2.229', no_members=False)
ipalib.frontend: DEBUG raw: host_show(u'<ipa-replica-host>',
version=u'2.229')
ipalib.frontend: DEBUG host_show(u'<ipa-replica-host>', rights=False,
all=False, raw=False, version=u'2.229', no_members=False)
ipalib.install.sysrestore: DEBUG Backing up system configuration file
'/etc/dirsrv/ds.keytab'
ipalib.install.sysrestore: DEBUG -> Not backing up -
'/etc/dirsrv/ds.keytab' doesn't exist
ipapython.ipautil: DEBUG Starting external process
ipapython.ipautil: DEBUG args=/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p
ldap/<ipa-replica-host>(a)<domain>.NET -H ldaps://<ipa-replica-master>
ipapython.ipautil: DEBUG Process finished, return code=9
ipapython.ipautil: DEBUG stdout=
ipapython.ipautil: DEBUG stderr=Failed to parse result: Insufficient access rights
Retrying with pre-4.0 keytab retrieval method...
Failed to parse result: Insufficient access rights
Failed to get keytab!
Failed to get keytab
ipaserver.install.service: DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
570, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
560, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
1308, in request_service_keytab
super(DsInstance, self).request_service_keytab()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
742, in request_service_keytab
self.run_getkeytab(self.api.env.ldap_uri, self.keytab, self.principal)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
732, in run_getkeytab
ipautil.run(args, nolog=nolog)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in
run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p
ldap/<ipa-replica-host>(a)<domain>.NET -H
ldaps://<ipa-replica-master>' returned non-zero exit status 9
ipaserver.install.service: DEBUG [error] CalledProcessError: Command
'/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p
ldap/<ipa-replica-host>(a)<domain>.NET -H
ldaps://<ipa-replica-master>' returned non-zero exit status 9
[error] CalledProcessError: Command '/usr/sbin/ipa-getkeytab -k
/etc/dirsrv/ds.keytab -p ldap/<ipa-replica-host>(a)<domain>.NET -H
ldaps://<ipa-replica-master>' returned non-zero exit status 9
ipalib.backend: DEBUG Destroyed connection context.ldap2_139891548583120
ipalib.install.sysrestore: DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
ipalib.install.sysrestore: DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in
run
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364,
in run
return self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 389,
in execute
for rval in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424,
in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658,
in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424,
in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in
run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in
run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py",
line 622, in main
replica_install(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 406, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1431, in install
fstore=fstore)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 113, in install_replica_ds
setup_pkinit=not options.no_pkinit,
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
419, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
570, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
560, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line
1308, in request_service_keytab
super(DsInstance, self).request_service_keytab()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
742, in request_service_keytab
self.run_getkeytab(self.api.env.ldap_uri, self.keytab, self.principal)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
732, in run_getkeytab
ipautil.run(args, nolog=nolog)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in
run
raise CalledProcessError(p.returncode, arg_string, str(output))
ipapython.admintool: DEBUG The ipa-replica-install command failed, exception:
CalledProcessError: Command '/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p
ldap/<ipa-replica-host>(a)<domain>.NET -H
ldaps://<ipa-replica-master>' returned non-zero exit status 9
ipapython.admintool: ERROR Command '/usr/sbin/ipa-getkeytab -k
/etc/dirsrv/ds.keytab -p ldap/<ipa-replica-host>(a)<domain>.NET -H
ldaps://<ipa-replica-master>' returned non-zero exit status 9
ipapython.admintool: ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
3:19 p.m.
New subject: ipa-replica-install -- cannot get past [26/41]: creating DS keytab
I have found the issue - on the master there was an old krbPrincipalName associated with
this host. Clearing it out allowed this process to finish.
2:06 a.m.
New subject: ipa-replica-install -- cannot get past [26/41]: creating DS keytab
could you tech me how to clean the old krbPrincipalName. and how to found the old
krbPrincipalName.
Thanks!
388
days inactive
1906
days old
freeipa-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Can Chang -
Jonathon Jenkins