#5584 kerberos authentication error during uninstall check when cleaning up after unsuccesful replica install
Closed: Fixed None Opened 3 years ago by mbabinsk.

When trying to uninstall IPA server after failed domain level 1 replica install, the check which is supposed to check topology connectivity of the server fails with the following error:

I have encountered this issue when cleaning up after failed domain level 1 replica install.
First I have cleaned up all replication data using {{{ipa-replica-manage del}}}. During uninstallation of IPA server on replica I got the following error:

[root@replica1 ~]# ipa-server-install --uninstall -U
ipa         : ERROR    Kerberos authentication as 'host/replica1.ipa.test@IPA.TEST' failed: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638918): Client 'host/replica1.ipa.test@IPA.TEST' not found in Kerberos database
WARNING: This IPA master is still a part of the replication topology.
...

The error makes sense since the master entry (and thus principal) is removed before cleaning up segments/replication agreements. The code should thus correctly handle this case and assume that the master was removed from topology if KDC cannot find the principal.


master:

  • d726da3 uninstallation: more robust check for master removal from topology

ipa-4-3:

  • 4f0266f uninstallation: more robust check for master removal from topology

Metadata Update from @mbabinsk:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.3.1

2 years ago

Login to comment on this ticket.

Metadata