[Freeipa-users] gssapi sasl error - only picking up short hostname when running ipa-client-install (and failing)

Martin Kosek mkosek at redhat.com
Fri Nov 29 13:30:29 UTC 2013 

On 11/29/2013 02:20 PM, Les Stott wrote:
> Martin,
> 
> there is no entries in /etc/hosts for the freeipa servers on the client.
> the clients hosts own entry is there with fqdn first.
> 
> Because you mentioned it, i added the hostname of both freeipa server to the hosts file on the client. It actually ran and setup the client. However it did get the following errors at the end after it did kerberos config....

I checked the spec file for RHEL-6.4 and this is a bug (already fixed in
current upstream version). It does not include "keyutils" dependency. Thus, the
dependency may be missing in some super minimal RHELs and cause this error. If
you manuall install keyutils, this error should vanish.

# yum install keyutils

> 
> =======
> Configured /etc/krb5.conf for IPA realm MYDOMAIN.COM
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 2377, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 2363, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 2135, in install
>     delete_persistent_client_session_data(host_principal)
>   File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in delete_persistent_client_session_data
>     kernel_keyring.del_key(keyname)
>   File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 99, in del_key
>     real_key = get_real_key(key)
>   File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 45, in get_real_key
>     (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key], raiseonerr=False)
>   File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295, in run
>     close_fds=True, env=env, cwd=cwd)
>   File "/usr/lib64/python2.6/subprocess.py", line 639, in __init__
>     errread, errwrite)
>   File "/usr/lib64/python2.6/subprocess.py", line 1220, in _execute_child
>     raise child_exception
> OSError: [Errno 2] No such file or directory
> =======
> 
> Is that normal?

No.

> 
> Do i need to add entries to the hosts file on every client?

By all means no, you should not need to do that if your DNS is sane and
working. But if the addition to /etc/hosts helped, there must be something
wrong with the DNS.

Maybe there are wrong DNS PTR records cached? Do you have nscd daemon running?

Are you 100% sure that the software on the client machine resolves the FQDN of
the server when doing a reverse search?

$ host $IPA_SERVER_IP

HTH,
Martin

More information about the Freeipa-users mailing list