IPA replica install failed with following error:
2017-02-24T13:00:53Z DEBUG [9/21]: retrieving anonymous keytab 2017-02-24T13:00:53Z DEBUG Backing up system configuration file '/var/lib/ipa/api/anon.keytab' 2017-02-24T13:00:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-02-24T13:00:53Z DEBUG Starting external process 2017-02-24T13:00:53Z DEBUG args=/usr/sbin/ipa-getkeytab -k /var/lib/ipa/api/anon.keytab -p WELLKNOWN/ANONYMOUS -H ldapi://%2Fvar%2Frun%2Fslapd-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM.socket -Y EXTERNAL 2017-02-24T13:00:53Z DEBUG Process finished, return code=9 2017-02-24T13:00:53Z DEBUG stdout= 2017-02-24T13:00:53Z DEBUG stderr=Failed to load translations Failed to parse result: PrincipalName not found. Retrying with pre-4.0 keytab retrieval method... Failed to parse result: PrincipalName not found. Failed to get keytab! Failed to get keytab
Original master was upgraded from 4.4 to git master (future 4.5). It looks that there is a bug in upgrade code, that anonymous principal is not created on master
ldapsearch krbPrincipalName=WELLKNOWN/ANONYMOUS@$REALM
Returns no anonymous principal on master
Upgrade failed, that's why I dont have anonymous principal
Metadata Update from @mbasti: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.