[23/43]: enabling SASL mapping fallback [24/43]: restarting directory server [25/43]: creating DS keytab [error] CalledProcessError: Command ''/usr/sbin/ipa-getkeytab' '-k' '/etc/dirsrv/ds.keytab' '-p' 'ldap/replica1.ipa.test@IPA.TEST' '-s' 'master.ipa.test'' returned non-zero exit status 1 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Command ''/usr/sbin/ipa-getkeytab' '-k' '/etc/dirsrv/ds.keytab' '-p' 'ldap/replica1.ipa.test@IPA.TEST' '-s' 'master.ipa.test'' returned non-zero exit status 1 ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
ipa-getkeytab does not return any error message, just error code 1.
ipa-getkeytab should return warning instead of error.
The responsible part of code from ipa-getkeytab.c is:
ret = init_gettext(); if (ret) { exit(1); }
Also return code 1 should be used for 'Kerberos context initialization failed'. This is a generic error and should return -1 error code.
We should probably just log the error and continue, gettext init failure is not critical, at most you get no translations.
master:
ipa-4-2:
Metadata Update from @mbasti: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.4
Login to comment on this ticket.