Univention Bugzilla – Bug 45401
adconnector/check_domain() GSSAPI failed
Last modified: 2020-07-03 20:55:40 CEST
This has been reported again with UCS 4.2-1 errata118 (Lesum) and a hostname in the error message instead of an IP address: Execution of command 'setup/check/credentials wizard' has failed: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 755, in check_credentials return util.check_credentials_ad(nameserver, address, username, password) File "%PY2.7%/univention/management/console/modules/setup/util.py", line 1114, in check_credentials_ad check_ad_account(ad_domain_info, username, password) File "%PY2.7%/univention/lib/admember.py", line 261, in check_ad_account lo_ad.lo.sasl_interactive_bind_s("", auth) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 892, in sasl_interactive_bind_s res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 236, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) LOCAL_ERROR: {'info': 'SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (Matching credential (ldap/ngs.ngs@NGS) not found)', 'desc': 'Local error'} +++ This bug was initially created as a clone of Bug #44762 +++
Reported again, 4.2-1 errata118 (Lesum)
Version: 4.2-2 errata157 (Lesum) Remark: During a clean SETUP.
Version: 4.2-2 errata157 (Lesum)
Version: 4.2-1 errata118 (Lesum)
It's fixed in Erratum 160 for 4.2-1 and 4.2-2. *** This bug has been marked as a duplicate of bug 44762 ***
yes, already fixed, please reopen IF this happens with 4.2 errata > 160
(In reply to Felix Botner from comment #6) > yes, already fixed, please reopen IF this happens with 4.2 errata > 160 The tracebacks in this bug report contain a hostname, not an IP address. Did errata 160 also fix these cases?
Reported again, 4.2-3 errata256 (master; samba member)
> Reported again, 4.2-3 errata256 (master; samba member) Yes, but this time it was not during > Execution of command 'setup/check/credentials wizard' has failed: but after the replacement of the AD Server. Let's analyse first at the ticket.
(In reply to Felix Botner from comment #6) > yes, already fixed, please reopen IF this happens with 4.2 errata > 160 Reported again: Version: 4.2-3 errata265 (Lesum)
Reported again: Version: 4.2-3 errata323 (Lesum)
Stefan just remarked that this seems to happen during AD Member setup in system-setup (univention/management/console/modules/setup/__init__.py", line 755, in check_credentials). In Bug 44762 we have only considered the AD Member configuration from the UMC App, maybe that makes a difference (e.g. nscd is not running at all and maybe the static /etc/hosts entry doesn't work yet at that point?) Also, Felix just remarked that Bug 44762 could be different because there we predominantly saw IPs in the "GSSAPI Error" Message. Please include at least that error message for new reports (maybe set comment to private in that case).
Our current impression is that the errata versions reported in the feedback may not be accurate because the packages get updated to latest errata version during installation. So the accused is innocent, unless proven guilty.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.