ipa server-del <hostname> as trusted aduser user displays Internal Error: 'KeyError: 'ipa_master_server'
[root@master ~]# klist -l Principal name Cache name -------------- ---------- aduser1@IPAAD2016.TEST KEYRING:persistent:0:krb_ccache_g4W0N5n [root@master ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: ipaad2016.test Domain NetBIOS name: IPAAD2016 Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 UPN suffixes: testupnsuffix.test, upn14.in, tomupn14.in, upn2016.in, newad2016.test ---------------------------- Number of entries returned 1 ----------------------------
Server name: master.venus.test
[root@master ~]# ipa server-del replica.venus.test Removing replica.venus.test from replication topology, please wait... ipa: ERROR: an internal error has occurred
[Mon Sep 03 19:15:11.126900 2018] [:error] [pid 1931] ipa: INFO: [jsonserver_session] aduser1@IPAAD2016.TEST: ping(): SUCCESS [Mon Sep 03 19:15:11.138672 2018] [:warn] [pid 1934] [client :37462] failed to set perms (3140) on file (/var/run/ipa/ccaches/aduser1@IPAAD2016.TEST)!, referer: https://master.venus.test/ipa/xml [Mon Sep 03 19:15:11.283422 2018] [:error] [pid 1928] ipa: ERROR: non-public: KeyError: 'ipa_master_server' [Mon Sep 03 19:15:11.283468 2018] [:error] [pid 1928] Traceback (most recent call last): [Mon Sep 03 19:15:11.283481 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 369, in wsgi_execute [Mon Sep 03 19:15:11.283492 2018] [:error] [pid 1928] result = command(args, options) [Mon Sep 03 19:15:11.283503 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 450, in call [Mon Sep 03 19:15:11.283549 2018] [:error] [pid 1928] return self.__do_call(*args, options) [Mon Sep 03 19:15:11.283561 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 478, in __do_call [Mon Sep 03 19:15:11.283571 2018] [:error] [pid 1928] ret = self.run(args, options) [Mon Sep 03 19:15:11.283582 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run [Mon Sep 03 19:15:11.283592 2018] [:error] [pid 1928] return self.execute(*args, options) [Mon Sep 03 19:15:11.283603 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1587, in execute [Mon Sep 03 19:15:11.283614 2018] [:error] [pid 1928] delete_entry(pkey) [Mon Sep 03 19:15:11.283624 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1538, in delete_entry [Mon Sep 03 19:15:11.283635 2018] [:error] [pid 1928] dn = callback(self, ldap, dn, nkeys, *options) [Mon Sep 03 19:15:11.283645 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/server.py", line 750, in pre_callback [Mon Sep 03 19:15:11.283655 2018] [:error] [pid 1928] pkey, ignore_last_of_role=options.get('ignore_last_of_role', False) [Mon Sep 03 19:15:11.283666 2018] [:error] [pid 1928] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/server.py", line 484, in _ensure_last_of_role [Mon Sep 03 19:15:11.283676 2018] [:error] [pid 1928] ipa_masters = ipa_config['ipa_master_server'] [Mon Sep 03 19:15:11.283686 2018] [:error] [pid 1928] KeyError: 'ipa_master_server' [Mon Sep 03 19:15:11.284079 2018] [:error] [pid 1928] ipa: INFO: [jsonserver_session] aduser1@IPAAD2016.TEST: server_del/1([u'replica.venus.test'], version=u'2.229'): InternalError
internal error should be fixed
ipa-server-4.6.4-7.el7.x86_64 sssd-1.16.2-12.el7.x86_64 samba-4.8.3-4.el7.x86_64 389-ds-base-1.3.8.4-12.el7.x86_64 pki-server-10.5.9-6.el7.noarch ipa-client-4.6.4-7.el7.x86_64
The same error happens with an IPA user that is non-admin. Non-admin user probably does not have the required ACIs to read the data it's trying to access. Need to check if some ACIs are missing or if the permissions need to be checked earlier, before executing any code for server_del.
Login to comment on this ticket.