#5483 Retrieving DS keytab fails on ipa-getkeytab on replica if LC_* is not set properly
Closed: Fixed None Opened 8 years ago by mbasti.

  [23/43]: enabling SASL mapping fallback
  [24/43]: restarting directory server
  [25/43]: creating DS keytab
  [error] CalledProcessError: Command ''/usr/sbin/ipa-getkeytab' '-k' '/etc/dirsrv/ds.keytab' '-p' 'ldap/replica1.ipa.test@IPA.TEST' '-s' 'master.ipa.test'' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Command ''/usr/sbin/ipa-getkeytab' '-k' '/etc/dirsrv/ds.keytab' '-p' 'ldap/replica1.ipa.test@IPA.TEST' '-s' 'master.ipa.test'' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

ipa-getkeytab does not return any error message, just error code 1.

ipa-getkeytab should return warning instead of error.

The responsible part of code from ipa-getkeytab.c is:

    ret = init_gettext();
    if (ret) {
        exit(1);
    }

Also return code 1 should be used for 'Kerberos context initialization failed'. This is a generic error and should return -1 error code.

We should probably just log the error and continue, gettext init failure is not critical, at most you get no translations.

master:

  • d43c3be ipa-getkeytab: do not return error when translations cannot be loaded

ipa-4-2:

  • 34db888 ipa-getkeytab: do not return error when translations cannot be loaded

Metadata Update from @mbasti:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.2.4

7 years ago

Login to comment on this ticket.

Metadata