[Pkg-freeipa-devel] Bug#844114: freeipa-server uses different version of kdb (ipadb.so) as krb5-kdc in sid repo
SIPOS, Peter
flatno at gmail.com
Sat Nov 12 16:05:29 UTC 2016
Package: freeipa-server
Version: 4.3.2-3
Severity: important
Tags: d-i
Dear Maintainer,
When I install the `freeipa-server` debian package from the repository and
then run the `ipa-server-install` it fails at the krb5kdc configuration.
The actual error occurs when the installer begins the fifth step of the
`krb5kdc` configuration: [5/9]: creating a keytab for the directory
Then it try to execute the following process:
`kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions`.
An the process above throws this error:
`kadmin.local: Database module does not match KDC version while initializing kadmin.local interface`.
When in a terminal I try to run the `kadmin` or `kadmin.local` I give that same error.
In the `/etc/krb5.conf` there is the database module configuration:
> [dbmodules]
> IT.LOCAL = {
> db_library = ipadb.so
> }
The `ipadb.so` placed in `/usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/`.
The current `krb5-kdc` version is `1.15~beta1-1`.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages freeipa-server depends on:
ii 389-ds-base 1.3.5.14-1
ii acl 2.2.52-3
ii apache2 2.4.23-6
ii certmonger 0.78.6-3
ii custodia 0.1.0-6
ii fonts-font-awesome 4.6.3~dfsg-1
ii freeipa-admintools 4.3.2-3
ii freeipa-client 4.3.2-3
ii freeipa-common 4.3.2-3
ii init-system-helpers 1.46
ii krb5-admin-server 1.15~beta1-1
ii krb5-kdc 1.15~beta1-1
ii krb5-kdc-ldap 1.15~beta1-1
ii krb5-pkinit 1.15~beta1-1
ii ldap-utils 2.4.42+dfsg-2+b3
ii libapache2-mod-auth-gssapi 1.4.1-1
ii libapache2-mod-nss 1.0.14-1
ii libapache2-mod-wsgi 4.5.7-1
ii libc6 2.24-5
ii libcomerr2 1.43.3-1
ii libjs-dojo-core 1.11.0+dfsg-1
ii libjs-jquery 3.1.1-1
ii libk5crypto3 1.15~beta1-1
ii libkrad0 1.15~beta1-1
ii libkrb5-3 1.15~beta1-1
ii libldap-2.4-2 2.4.42+dfsg-2+b3
ii libnspr4 2:4.12-6
ii libnss3 2:3.26.2-1
ii libnss3-tools 2:3.26.2-1
ii libsasl2-modules-gssapi-mit 2.1.27~72-g88d82a3+dfsg-1
ii libssl1.0.2 1.0.2j-4
ii libsss-nss-idmap0 1.14.1-1
ii libtalloc2 2.1.8-1
ii libtevent0 0.9.31-1
ii libunistring0 0.9.6+really0.9.3-0.1
ii libuuid1 2.29-1
ii libverto1 0.2.4-2.1
ii memcached 1.4.33-1
ii ntp 1:4.2.8p8+dfsg-1.1
ii oddjob 0.34.3-2
ii p11-kit 0.23.2-5
ii pki-ca 10.3.5-5
ii pki-kra 10.3.5-5
ii python-dateutil 2.5.3-2
ii python-gssapi 1.2.0-1
ii python-ipaserver 4.3.2-3
ii python-ldap 2.4.22-0.1
ii python-systemd 233-1
pn python:any <none>
ii samba-libs 2:4.4.7+dfsg-1
ii slapi-nis 0.55-1
ii softhsm2 2.2.0~rc1-2
ii systemd-sysv 232-3
Versions of packages freeipa-server recommends:
ii freeipa-server-dns 4.3.2-3
freeipa-server suggests no packages.
-- no debconf information
Here is the full (relevant) log:
```
$ cat /var/log/ipaserver-install.log
2016-11-12T14:54:09Z DEBUG [5/9]: creating a keytab for the directory
2016-11-12T14:54:09Z DEBUG Starting external process
2016-11-12T14:54:09Z DEBUG args=kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions
2016-11-12T14:54:09Z DEBUG Process finished, return code=1
2016-11-12T14:54:09Z DEBUG stdout=Authenticating as principal root/admin at IT.LOCAL with password.
2016-11-12T14:54:09Z DEBUG stderr=kadmin.local: Database module does not match KDC version while initializing kadmin.local interface
2016-11-12T14:54:09Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/krbinstance.py", line 333, in __create_ds_keytab
installutils.kadmin_addprinc(ldap_principal)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 436, in kadmin_addprinc
kadmin("addprinc -randkey " + principal)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 433, in kadmin
"-x", "ipa-setup-override-restrictions"])
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 499, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command 'kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions' returned non-zero exit status 1
2016-11-12T14:54:09Z DEBUG [error] CalledProcessError: Command 'kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions' returned non-zero exit status 1
2016-11-12T14:54:09Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 318, in run
cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 310, in run
self.execute()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 332, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 586, in _configure
next(executor)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 1520, in main
install(self)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 268, in decorated
func(installer)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 938, in install
subject_base=options.subject)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/krbinstance.py", line 173, in create_instance
self.start_creation(runtime=30)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/krbinstance.py", line 333, in __create_ds_keytab
installutils.kadmin_addprinc(ldap_principal)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 436, in kadmin_addprinc
kadmin("addprinc -randkey " + principal)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line 433, in kadmin
"-x", "ipa-setup-override-restrictions"])
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 499, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
2016-11-12T14:54:09Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command 'kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions' returned non-zero exit status 1
2016-11-12T14:54:09Z ERROR Command 'kadmin.local -q addprinc -randkey ldap/ldap.it.local at IT.LOCAL -x ipa-setup-override-restrictions' returned non-zero exit status 1
2016-11-12T14:54:09Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
```
Kindly regards,
SIPOS, Peter
flatno at gmail.com
More information about the Pkg-freeipa-devel
mailing list