freeipa

Clone
Source Code
GIT

#6832 ipa-getkeytab's error message is not helpful
Opened 7 years ago by devahmedshendy. Modified 5 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

At some time, I was unable to get keytab

[root@client1 ~]# ipa-getkeytab -s ipa.example.locladomain -p nfs/nfsserver.example.localdomain -k /etc/krb5.keytab
SASL Bind failed Can't contact LDAP server (-1) !
Failed to bind to server!
Retrying with pre-4.0 keytab retrieval method...
SASL Bind failed Can't contact LDAP server (-1) !
Failed to bind to server!
Failed to get keytab

I did long time troubleshooting for hours then get help from guys on freenode IRC channel, but while following their steps in troubleshooting I found that I have a typing error in "local" of "locladomain".

Here is the dig for the wrong name

[root@client1 ~]# dig ipa.example.locladomain

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> ipa.example.locladomain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44734
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ipa.example.locladomain.       IN  A

;; AUTHORITY SECTION:
.           7572    IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2017032900 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.67#53(192.168.1.67)
;; WHEN: Wed Mar 29 13:47:17 EET 2017
;; MSG SIZE  rcvd: 125

Here is the dig for the right name

[root@client1 ~]# dig ipa.example.localdomain

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> ipa.example.localdomain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ipa.example.localdomain.       IN  A

;; ANSWER SECTION:
ipa.example.localdomain.    1200    IN  A   192.168.1.67

;; AUTHORITY SECTION:
example.localdomain.    86400   IN  NS  ipa.example.localdomain.

;; Query time: 0 msec
;; SERVER: 192.168.1.67#53(192.168.1.67)
;; WHEN: Wed Mar 29 13:47:25 EET 2017
;; MSG SIZE  rcvd: 80

Now after hours of troubleshooting I am able to get the keytab

[root@client1 ~]# ipa-getkeytab -s ipa.example.localdomain -p nfs/nfsserver.example.localdomain -k /etc/krb5.keytab
Keytab successfully retrieved and stored in: /etc/krb5.keytab

Some guy recommended to create issue because a better error message would have saved time and spared some frustration.

[root@ipa ~]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core)
[root@client1 ~]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core)

Some suggestion for the error message:

[root@client1 ~]# ipa-getkeytab -s ipa.example.locladomain -p nfs/nfsserver.example.localdomain -k /etc/krb5.keytab
Could not resolve host 'ipa.example.locladomain'

Metadata Update from @mbasti:
- Custom field external_tracker adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1448512
6 years ago

Metadata Update from @mbasti:
- Issue tagged with: tracker
6 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7
6 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
5 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Login to comment on this ticket.

Metadata
None

tracker

None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1448512
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.