Ticket #3573 (closed defect: fixed)

Opened 2 years ago

Last modified 12 months ago

Should not display ports to open when password is incorrect during ipa-client-install.

Reported by: shanks Owned by: someone
Priority: minor Milestone: FreeIPA 4.0 - 2014/02
Component: Client Version:
Keywords: Cc:
Blocked By: Blocking:
Affects Documentation: no Patch posted for review: yes
Red Hat Bugzilla: 1108230 Patch review by:
External tracker: Design link:
Test coverage: Test by:
Test case: Needs UI design:
Feature: Source:
Expertise:
Release Notes:

Description

[root@dhcp201-120 ~]# ipa-client-install --force-ntpd
Discovery was successful!
Hostname: dhcp201-120.englab.pnq.redhat.com
Realm: ENGLAB.PNQ.REDHAT.COM
DNS Domain: englab.pnq.redhat.com
IPA Server: dhcp201-146.englab.pnq.redhat.com
BaseDN: dc=englab,dc=pnq,dc=redhat,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@ENGLAB.PNQ.REDHAT.COM: 
Kerberos authentication failed
kinit: Password incorrect while getting initial credentials

Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Installation failed. Rolling back changes.
IPA client is not configured on this system.
[root@dhcp201-120 ~]# 

Should not display the ports to open when the installation failure is because of kerberos password incorrect.

Change History

comment:1 Changed 2 years ago by akrivoka

  • Owner changed from someone to akrivoka
  • Status changed from new to assigned
  • Cc akrivoka@… added

comment:2 Changed 2 years ago by akrivoka

  • Patch posted for review set

comment:3 Changed 2 years ago by dpal

  • Milestone changed from 0.0 NEEDS_TRIAGE to Pilsner barrel

comment:4 Changed 2 years ago by dpal

  • Red Hat Bugzilla set to todo

comment:5 Changed 2 years ago by mkosek

  • Component changed from ipa-client to Client

Rename component.

comment:6 follow-up: ↓ 7 Changed 2 years ago by adelton

Is there a way to reliably distinguish situation when it was password which was wrong in kinit (which assumes the ports are probably right and the message would not be needed) and when it was a different error? I'm afraid the kinit exit status will not help and parsing stderr output will break unless it also accounts for localized variants of those messages ...

comment:7 in reply to: ↑ 6 Changed 2 years ago by akrivoka

Replying to adelton:

Is there a way to reliably distinguish situation when it was password which was wrong in kinit (which assumes the ports are probably right and the message would not be needed) and when it was a different error? I'm afraid the kinit exit status will not help and parsing stderr output will break unless it also accounts for localized variants of those messages ...

You are right on both accounts - see the discussion in this thread on freeipa-devel: https://www.redhat.com/archives/freeipa-devel/2013-April/msg00324.html

comment:8 Changed 2 years ago by dpal

  • Type changed from enhancement to defect

comment:9 Changed 16 months ago by mkosek

  • Feature set to someone

Moving the tickets back to free-to-take pool.

comment:10 Changed 16 months ago by mkosek

  • Feature someone deleted
  • Owner changed from akrivoka to someone

comment:11 Changed 15 months ago by mkosek

  • Milestone changed from Future Releases to FreeIPA 3.4 - 2014/02
  • Status changed from assigned to closed
  • Resolution set to fixed

master:

comment:12 Changed 15 months ago by akrivoka

  • Cc akrivoka@… removed

comment:13 Changed 12 months ago by mkosek

  • Red Hat Bugzilla changed from todo to [https://bugzilla.redhat.com/show_bug.cgi?id=1108230 1108230]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1108230

Note: See TracTickets for help on using tickets.