https://bugzilla.redhat.com/show_bug.cgi?id=830598 (Red Hat Enterprise Linux 6)
Description of problem: occasionally sssd is left running after an ipa-server-install --uninstall. On an attempted re-install using ipa-replica-install, I am seeing ipa-replica-conncheck errors. Version-Release number of selected component (if applicable): ipa-server-2.2.0-16.el6.x86_64 How reproducible: Very but not always. I'm seeing this in automated testing. Steps to Reproduce: 1. <Install IPA on RHEL 6.3 Master> 2. <Create Replica package file> 3. <Install IPA on RHEL 6.3 Replica> 4. ipa-replica-manage del $REPLICA # on master 5. ipa-server-install --uninstall -U # on replica 6. ipa-replica-install -U --setup-dns --no-forwarders -w $ADMINPW -p $ADMINPW /path/to/replica-info-$REPLICA.gpg Actual results: Error seen at end of ipa-replica-conneck from ipa-replica-install: # tail ipareplica-conncheck.log ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } 2012-06-10T18:16:32Z DEBUG args=/usr/bin/kinit admin@TESTRELM.COM 2012-06-10T18:16:32Z DEBUG stdout= 2012-06-10T18:16:32Z DEBUG stderr=kinit: Invalid message type while getting initial credentials Then checking to see what's running: [root@qe-blade-06 log]# ps -ef|grep sssd root 12741 12699 0 14:13 pts/0 00:00:00 grep sssd root 17255 1 0 Jun09 ? 00:00:02 /usr/sbin/sssd -f -D root 17279 17255 0 Jun09 ? 00:00:03 /usr/libexec/sssd/sssd_be --domain testrelm.com --debug-to-files root 17288 17255 0 Jun09 ? 00:00:00 /usr/libexec/sssd/sssd_nss --debug-to-files root 17289 17255 0 Jun09 ? 00:00:00 /usr/libexec/sssd/sssd_pam --debug-to-files root 17290 17255 0 Jun09 ? 00:00:00 /usr/libexec/sssd/sssd_ssh --debug-to-files Expected results: ipa uninstall cleanly stops sssd. Additional info: If I stop sssd, ipa-replica-conncheck works though: # service sssd stop Stopping sssd: [ OK ] # /usr/sbin/ipa-replica-conncheck --master qe-blade-09.testrelm.com --auto-master-check --realm TESTRELM.COM --principal admin --hostname qe-blade-06.testrelm.com --password Secret123 Check connection from replica to remote master 'qe-blade-09.testrelm.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Execute check on remote master Check connection from master to remote replica 'qe-blade-06.testrelm.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. # ps -ef|grep sssd root 12844 12699 0 15:58 pts/0 00:00:00 grep sssd
Might be related to #2824
The issue has apparently been resolved as we're no longer able to reproduce it (verified in BZ). See the bugzilla ticket for more information.
Metadata Update from @rcritten: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.