[Freeipa-devel] Fwd: Still failing on 5.7 with the same error........

JR Aquino JR.Aquino at citrix.com
Tue Sep 20 05:16:23 UTC 2011 

We're having significant reproducible problems with rhel 5.7 + FreeIPA master...
I'm not sure if it is localized to us or even which side is responsible for the error...

Has anyone had success with rhel 5.7's repo included FreeIPA client joining a fedora based FreeIPA server?

We are essentially dead in the water at this point.

Sent from my iPad

Begin forwarded message:

From: Brett Campbell <<mailto:Brett.Campbell at citrix.com>Brett.Campbell at citrix.com<mailto:Brett.Campbell at citrix.com>>
Date: September 19, 2011 6:48:55 PM PDT
To: JR Aquino <<mailto:JR.Aquino at citrix.com>JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>>
Cc: Jason Vagalatos <<mailto:Jason.Vagalatos at citrix.com>Jason.Vagalatos at citrix.com<mailto:Jason.Vagalatos at citrix.com>>
Subject: RE: Still failing on 5.7 with the same error........

Apparently this error is printed from FreeIPA code and not an underlying library.
Here’s the relevant bit from ipa-getkeytab.c:

       /* Format of response
       *
       * KeytabGetRequest ::= SEQUENCE {
       *     new_kvno      Int32
       *     SEQUENCE OF   KeyTypes
       * }
       *
       * * List of accepted enctypes *
       * KeyTypes ::= SEQUENCE {
       *     enctype              Int32
       * }
       */

       rtag = ber_scanf(sctrl, "{i{", &kvno);
       if (rtag == LBER_ERROR) {
              fprintf(stderr, "ber_scanf() failed, Invalid control ?!\n");
              goto error_out;
       }


However, the call that’s failing (ber_scanf()) is one from the openldap library:

[root at util1 Server]# strings /usr/lib/liblber-2.3.so.0 |grep ber_scanf
ber_scanf
ber_scanf fmt (%s) ber:
ber_scanf: unknown fmt %c
ber_scanf



From: /O=EXPERTCITY.COM/OU=BETA.EXPERTCITY/CN=RECIPIENTS/CN=BRETT.CAMPBELL On Behalf Of Brett Campbell
Sent: Monday, September 19, 2011 6:29 PM
To: <mailto:JR.Aquino at citrix.com> <mailto:JR.Aquino at citrix.com> JR.Aquino at citrix.com<mailto:JR.Aquino at citrix.com>
Subject: Still failing on 5.7 with the same error........

Are you sure it’s not the server?  Can you check the logs?


[root at util1 Server]# cat /etc/issue
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
Kernel \r on an \m
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]# rpm --aid -ivh /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm certmonger-0.42-1.el5.x86_64.rpm cyrus-sasl-gssapi-2.1.22-5.el5_4.3.x86_64.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-1.5.1-37.el5.x86_64.rpm xmlrpc-c-1.16.24-1206.1840.el5.x86_64.rpm libcollection-0.6.0-10.el5.x86_64.rpm libdhash-0.4.2-10.el5.x86_64.rpm libldb-0.9.10-33.el5.x86_64.rpm libtdb-1.2.1-6.el5.x86_64.rpm openssl-devel-0.9.8e-20.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm libpath_utils-0.2.1-10.el5.x86_64.rpm libini_config-0.6.1-10.el5.x86_64.rpm libref_array-0.1.1-10.el5.x86_64.rpm openldap24-libs-2.4.23-5.el5.x86_64.rpm  xmlrpc-c-client-1.16.24-1206.1840.el5.x86_64.rpm libtalloc-2.0.1-11.el5.x86_64.rpm c-ares-1.6.0-5.el5.x86_64.rpm krb5-devel-1.6.1-62.el5.x86_64.rpm zlib-devel-1.2.3-4.el5.x86_64.rpm libtevent-0.9.8-10.el5.x86_64.rpm e2fsprogs-devel-1.39-33.el5.x86_64.rpm keyutils-libs-devel-1.2-1.el5.x86_64.rpm libselinux-devel-1.33.4-5.7.el5.x86_64.rpm libsepol-devel-1.15.2-3.el5.x86_64.rpm
warning: /tmp/ipa-client-2.0-14.el5_7.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
   1:libtalloc              ########################################### [  4%]
   2:libtevent              ########################################### [  8%]
   3:xmlrpc-c               ########################################### [ 12%]
   4:xmlrpc-c-client        ########################################### [ 15%]
   5:libref_array           ########################################### [ 19%]
   6:libtdb                 ########################################### [ 23%]
   7:libcollection          ########################################### [ 27%]
   8:cyrus-sasl-gssapi      ########################################### [ 31%]
  9:libldb                 ########################################### [ 35%]
  10:certmonger             ########################################### [ 38%]
  11:c-ares                 ########################################### [ 42%]
  12:openldap24-libs        ########################################### [ 46%]
  13:libpath_utils          ########################################### [ 50%]
  14:libini_config          ########################################### [ 54%]
  15:libdhash               ########################################### [ 58%]
  16:sssd-client            ########################################### [ 62%]
  17:sssd                   ########################################### [ 65%]
  18:libsepol-devel         ########################################### [ 69%]
  19:libselinux-devel       ########################################### [ 73%]
  20:keyutils-libs-devel    ########################################### [ 77%]
  21:e2fsprogs-devel        ########################################### [ 81%]
  22:krb5-devel             ########################################### [ 85%]
  23:zlib-devel             ########################################### [ 88%]
  24:ipa-client             ########################################### [ 92%]
  25:openssl-devel          ########################################### [ 96%]
  26:libref_array           ########################################### [100%]
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
BaseDN: dc=expertcity,dc=com


Joining realm failed: ber_scanf() failed, Invalid control ?!
child exited with 9
Certificate subject base is: O=EXPERTCITY.COM
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]#
[root at util1 Server]# ipa-client-install --unattended --password='n7 I,6TN+!TF' --domain=expertcity.com --server=authstage1.ops.expertcity.com --hostname=$(hostname) --no-ntp
Realm: <http://EXPERTCITY.COM> <http://EXPERTCITY.COM> EXPERTCITY.COM<http://EXPERTCITY.COM>
DNS Domain: <http://expertcity.com> <http://expertcity.com> expertcity.com<http://expertcity.com>
IPA Server: <http://authstage1.ops.expertcity.com> <http://authstage1.ops.expertcity.com> authstage1.ops.expertcity.com<http://authstage1.ops.expertcity.com>
BaseDN: dc=expertcity,dc=com


Joining realm failed: Host is already joined.
Certificate subject base is: O=EXPERTCITY.COM

More information about the Freeipa-devel mailing list