#7993 Incorrect error message when /usr/sbin/authselect is missing
Opened 2 months ago by mikhailnov. Modified a month ago

ipa-client-install --mkhomedir
<...>
2019-06-25T18:58:06Z INFO Disabling client Kerberos and LDAP configurations
2019-06-25T18:58:06Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2019-06-25T18:58:06Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2019-06-25T18:58:06Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
2019-06-25T18:58:06Z DEBUG Starting external process
2019-06-25T18:58:06Z DEBUG args=['/usr/bin/authselect', 'select', 'sssd', '--force']
2019-06-25T18:58:06Z DEBUG Process execution failed

/usr/sbin/authselect did not exist. But the error message was:
Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory

The error message is incorrect.


Please attach the full /var/log/ipaclient-install.log

What distribution is this and what version of IPA?

I already don't have this log, but I can try to reproduce it if it is needed very much. The problem disappeared after installing authselect (https://abf.io/import/authselect). FreeIPA 4.7.2, ROSA distribution with custom platform support (https://abf.io/rosaserver/ipa-client47)

It will give more context around the error.

Upon a failure the client will try to roll back the things it has done. That rollback can generate its own error messages so things can be sometimes confusing.

I don't know that we've ever tested requiring but not installing authselect so it's possible some odd error is being displayed. If you can reproduce that would be very helpful.

Nice to see new platform support. Feel free to submit this upstream at https://github.com/freeipa/freeipa when you're done.

Trying to reproduce it, I have enrolled a test container into IPA domain, then uninstalled it from there, ran rpm -e --nodeps authselect and ipa-client-install --mkhomedir --force-join

The error was not so confusing:

2019-07-20T02:10:52Z DEBUG Starting external process
2019-07-20T02:10:52Z DEBUG args=['/usr/bin/authselect', 'current', '--raw']
2019-07-20T02:10:52Z DEBUG Process execution failed
<...>
2019-07-20T02:10:52Z DEBUG The ipa-client-install command failed, exception: OSError: [Errno 2] No such file or directory
2019-07-20T02:10:52Z ERROR [Errno 2] No such file or directory
2019-07-20T02:10:52Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

This seems to be a correct error.

Full log:
ipaclient-install_FreeIPA_bug7993.log
Alternative link: https://yadi.sk/d/tjPt5RVDEYRuow

Made a clean install, removed authselect and again got just "[Errno 2] No such file or directory", nothing about krb5/ldap.

I've caught something similar when running ipa-server-install --uninstall

[root@rosa-ipa3 ~]# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding.

Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
ipaserver.install.dsinstance: ERROR    Instance removal failed.
ipaserver.install.dsinstance: ERROR    Failed to remove DS instance. You may need to remove instance data manually
Unconfiguring ipa-custodia
Unconfiguring ipa-otpd
Removing IPA client configuration
Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory
The ipa-client-install command failed. See /var/log/ipaclient-uninstall.log for more information
Uninstall of client side components failed!
ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information
<...>
2019-07-20T03:32:00Z DEBUG stderr=certutil: Could not find cert: IPA Machine Certificate - rosa-ipa3.ipa.loc
: PR_FILE_NOT_FOUND_ERROR: File not found
<...>
2019-07-20T03:32:00Z DEBUG Starting external process
2019-07-20T03:32:00Z DEBUG args=/usr/sbin/authconfig --disablekrb5 --disablesssdauth --disablemkhomedir --update --disableldap
2019-07-20T03:32:00Z DEBUG Process execution failed
<...>
2019-07-20T03:32:00Z DEBUG The ipa-client-install command failed, exception: ScriptError: Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory
2019-07-20T03:32:00Z ERROR Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory
# /usr/sbin/authconfig --disablekrb5 --disablesssdauth --disablemkhomedir --update --disableldap
-bash: /usr/sbin/authconfig: No such file or directory

ipaclient-uninstall.log
(https://yadi.sk/d/9cVHHf9pcV3CcA)

Here "Failed to remove krb5/LDAP configuration" seems correct because it failed because of misisng file /usr/bin/authconfig.

Yes it's a bit misleading I suppose but the proper error is buried in there. It is unexpected that required executables are not present. I'm inclined to close this as wontfix.

Login to comment on this ticket.

Metadata
Attachments 2