[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

Thu, 08 Dec 2016 07:57:17 -0800 

  URL: https://github.com/freeipa/freeipa/pull/62
Title: #62: Configure Anonymous PKINIT on server install

abbra commented:
"""
@simo5 I tried to run the branch as an upgrade against Fedora 25 version 
(4.4.2-1.fc25) and it failed at first because I was running in SELinux 
enforcing:
     Unexpected error - see /var/log/ipaupgrade.log for details:
     DBusException: org.fedorahosted.certmonger.bad_arg: The parent of location 
"/var/kerberos/krb5kdc/kdc.crt" could not be accessed due to insufficient 
permissions.
     The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for 
more information

Re-running `ipa-server-upgrade` with 'setenforce 0', I get different error:

    2016-12-08T15:52:28Z ERROR IPA server upgrade failed: Inspect 
/var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
    2016-12-08T15:52:28Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
        return_value = self.run()
      File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", 
line 46, in run    server.upgrade()
      File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 
1820, in upgrade     upgrade_configuration()
      File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 
1755, in upgrade_configuration
        enable_anonymous_principal(krb)
      File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 
1498, in enable_anonymous_principal
        dn = DN(('krbprincipalname', princ_realm), krb.get_realm_suffix())
      File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", 
line 74, in get_realm_suffix
    return DN(('cn', self.realm), ('cn', 'kerberos'), self.suffix)
      File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1107, in 
__init__
    self.rdns = self._rdns_from_sequence(args)
      File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1148, in 
_rdns_from_sequence
    rdn = self._rdns_from_value(item)
      File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1141, in 
_rdns_from_value
    % type(value))

    2016-12-08T15:52:28Z DEBUG The ipa-server-upgrade command failed, 
exception: TypeError: must be str, unicode, tuple, Name, RDN or DN, got <type 
'NoneType'> instead
    2016-12-08T15:52:28Z ERROR Unexpected error - see /var/log/ipaupgrade.log 
for details:
TypeError: must be str, unicode, tuple, Name, RDN or DN, got <type 'NoneType'> 
instead

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/62#issuecomment-265775539

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to