On Thu May 19 2016 15:48:44 GMT-0600 (MDT) Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > 6. https://bugzilla.redhat.com/show_bug.cgi?id=1330766 - realmd - MODIFIED > [abrt] realmd: g_cancellable_is_cancelled(): realmd killed by SIGSEGV > > This is an issue in FreeIPA client enrolment which I hit in manual > testing, a potential fix just appeared so we need to test that. I tested and updated Bugzilla but can't get my comment into Bodhi so here it is the screenlog: [root@qaclient ~]# realm -v join --user=admin1 freeipa.qa-test * Resolving: _ldap._tcp.freeipa.qa-test * Resolving: freeipa.qa-test * Performing LDAP DSE lookup on: 192.168.0.242 * Successfully discovered: qa-test Password for admin1: * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd * LANG=C /usr/sbin/ipa-client-install --domain qa-test --realm QA-TEST --mkhomedir --enable-dns-updates --unattended --force-join --server freeipa.qa-test --fixed-primary --principal admin1 -W --force-ntpd WARNING: yacc table file version is out of date Using existing certificate '/etc/ipa/ca.crt'. Client hostname: qaclient.can.local Realm: QA-TEST DNS Domain: qa-test IPA Server: freeipa.qa-test BaseDN: dc=qa-test Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds Enrolled in IPA realm QA-TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm QA-TEST trying https://freeipa.qa-test/ipa/json Forwarding 'ping' to json server 'https://freeipa.qa-test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://freeipa.qa-test/ipa/json' Systemwide CA database updated. Hostname (qaclient.can.local) does not have A/AAAA record. Failed to update DNS records. Missing A/AAAA record(s) for host qaclient.can.local: 192.168.122.118. Missing reverse record(s) for address(es): 192.168.122.118. Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Forwarding 'host_mod' to json server 'https://freeipa.qa-test/ipa/json' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf No SRV records of NTP servers found. IPA server address will be used NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring qa-test as NIS domain. Client configuration complete. * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# #####################3 [root@qaclient ~]# ## # Expected Results: [root@qaclient ~]# ##################### [root@qaclient ~]# [root@qaclient ~]# # Check that the domain is now configured: realm list [root@qaclient ~]# realm list qa-test type: kerberos realm-name: QA-TEST domain-name: qa-test configured: kerberos-member server-software: ipa client-software: sssd required-package: freeipa-client required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd login-formats: %U@qa-test login-policy: allow-realm-logins [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# # Check that you can resolve domain accounts on the local computer [root@qaclient ~]# getent passwd admin@qa-test admin@qa-test:*:1310000000:1310000000:Administrator:/home/admin:/bin/bash [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# # Check that you have an appropriate entry in your host's keytab: su -c 'klist -k' [root@qaclient ~]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/qaclient.can.local@QA-TEST 1 host/qaclient.can.local@QA-TEST 1 host/qaclient.can.local@QA-TEST 1 host/qaclient.can.local@QA-TEST [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# [root@qaclient ~]# # Check that you can use your keytab with kerberos: su -c 'kinit -k (principal)' [root@qaclient ~]# [root@qaclient ~]# kinit -k host/qaclient.can.local@QA-TEST [root@qaclient ~]# echo $? 0 [root@qaclient ~]# -- Viorel -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
