[Freeipa-devel] ipa-adduser stopped working after IPA 1.1 upgrade, any idea why?
Thomas Sailer
sailer at sailer.dynip.lugs.ch
Fri Jul 11 15:16:54 UTC 2008
I installed an Fedora 8 IPA server just before IPA 1.0, and upgraded it
using yum ever since. Now, after the upgrade to IPA 1.1, ipa-adduser
stopped working.
The ipa-* command line tools basically work:
# ipa-finduser t.sailer
Full Name: Thomas Sailer
Home Directory: /home/t.sailer
Login Shell: /bin/bash
Login: t.sailer
However, when I try to add a new user, I get the following:
# ipa-adduser -f Test -l User testuser
* not found
I get the same error message when I try to add a new user in the web
gui.
The output of ipa-adduser -v is the following:
send: "<?xml version='1.0'?>\n<methodCall>\n<methodName>add_user</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string></string></value>\n</member>\n<member>\n<name>krbprincipalname</name>\n<value><string>testuser at XX.COM</string></value>\n</member>\n<member>\n<name>givenname</name>\n<value><string>Test</string></value>\n</member>\n<member>\n<name>sn</name>\n<value><string>User</string></value>\n</member>\n<member>\n<name>uid</name>\n<value><string>testuser</string></value>\n</member>\n</struct></value>\n</param>\n<param>\n<value><string>__NONE__</string></value>\n</param>\n</params>\n</methodCall>\n"
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Fri, 11 Jul 2008 15:12:06 GMT
header: Server: Apache/2.2.8 (Fedora)
header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv8WeyE2CMkQ06ZOTF+EHQgB0fLZUvZ2f946rwYQHn4tpp1L9gFv0R3FUjgSqhzk/ntVUk/b6kQB50zYuDNupV5TiEGiN/ntLiIsoLiQNVZCraW7oy8FUJXZFUB0jZdCVM53c1fWzWul16mic5KDbL
header: Content-Length: 270
header: Connection: close
header: Content-Type: text/xml
body: "<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>65539</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>* not found</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"
Does anybody have an idea, what the problem is?
Another problem I have is that after I add a new user, and then try to
log into a machine, no matter whether using gdm or ssh, I can login, and
I even get the correct default principal (verified using klist), but the
user cannot access NFSv4 shares with sec=krb5p. If I then do kdestroy;
kinit xx at XX.COM, logout, and login again, everything works. Why doesn't
it work the first time, without the kdestroy; kinit thing?
Thanks,
Tom
More information about the Freeipa-devel
mailing list