First Last Prev Next    This bug is not in your last search results.
Bug 45401 - adconnector/check_domain() GSSAPI failed
adconnector/check_domain() GSSAPI failed
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Felix Botner
:
Depends on: 38285 44762
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-15 11:31 CEST by Florian Best
Modified: 2020-07-03 20:55 CEST (History)
9 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.309
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018041721000111, 2018031521000573, 2017111221000467, 2017102421000044, 2017110321000617, 2017092121000641, 2017091221000113, 2017100421000126, 2017092621000712, 2017092521000116
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2017-09-15 11:31:27 CEST 
This has been reported again with UCS 4.2-1 errata118 (Lesum) and a hostname in the error message instead of an IP address:

Execution of command 'setup/check/credentials wizard' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 249, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 755, in check_credentials
    return util.check_credentials_ad(nameserver, address, username, password)
  File "%PY2.7%/univention/management/console/modules/setup/util.py", line 1114, in check_credentials_ad
    check_ad_account(ad_domain_info, username, password)
  File "%PY2.7%/univention/lib/admember.py", line 261, in check_ad_account
    lo_ad.lo.sasl_interactive_bind_s("", auth)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 892, in sasl_interactive_bind_s
    res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 236, in sasl_interactive_bind_s
    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
LOCAL_ERROR: {'info': 'SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (Matching credential (ldap/ngs.ngs@NGS) not found)', 'desc': 'Local error'}

+++ This bug was initially created as a clone of Bug #44762 +++
Comment 1 Florian Best univentionstaff 2017-10-12 20:28:08 CEST 
Reported again, 4.2-1 errata118 (Lesum)
Comment 2 Florian Best univentionstaff 2017-10-12 21:02:57 CEST 
Version: 4.2-2 errata157 (Lesum)

Remark: During a clean SETUP.
Comment 3 Florian Best univentionstaff 2017-10-12 21:08:14 CEST 
Version: 4.2-2 errata157 (Lesum)
Comment 4 Florian Best univentionstaff 2017-10-12 21:16:38 CEST 
Version: 4.2-1 errata118 (Lesum)
Comment 5 Arvid Requate univentionstaff 2017-10-13 11:14:29 CEST 
It's fixed in Erratum 160 for 4.2-1 and 4.2-2.

*** This bug has been marked as a duplicate of bug 44762 ***
Comment 6 Felix Botner univentionstaff 2017-10-13 11:25:23 CEST 
yes, already fixed, please reopen IF this happens with 4.2 errata > 160
Comment 7 Florian Best univentionstaff 2017-10-13 11:47:48 CEST 
(In reply to Felix Botner from comment #6)
> yes, already fixed, please reopen IF this happens with 4.2 errata > 160

The tracebacks in this bug report contain a hostname, not an IP address.
Did errata 160 also fix these cases?
Comment 8 Nico Stöckigt univentionstaff 2018-01-09 13:31:44 CET 
Reported again, 4.2-3 errata256 (master; samba member)
Comment 9 Arvid Requate univentionstaff 2018-01-09 15:58:42 CET 
> Reported again, 4.2-3 errata256 (master; samba member)

Yes, but this time it was not during

> Execution of command 'setup/check/credentials wizard' has failed:

but after the replacement of the AD Server. Let's analyse first at the ticket.
Comment 10 Johannes Keiser univentionstaff 2018-05-03 11:25:04 CEST 
(In reply to Felix Botner from comment #6)
> yes, already fixed, please reopen IF this happens with 4.2 errata > 160

Reported again: Version: 4.2-3 errata265 (Lesum)
Comment 11 Johannes Keiser univentionstaff 2018-05-03 15:19:27 CEST 
Reported again: Version: 4.2-3 errata323 (Lesum)
Comment 12 Arvid Requate univentionstaff 2018-05-07 16:49:59 CEST 
Stefan just remarked that this seems to happen during AD Member setup in system-setup (univention/management/console/modules/setup/__init__.py", line 755, in check_credentials). In Bug 44762 we have only considered the AD Member configuration from the UMC App, maybe that makes a difference (e.g. nscd is not running at all and maybe the static /etc/hosts entry doesn't work yet at that point?)


Also, Felix just remarked that Bug 44762 could be different because there we predominantly saw IPs in the "GSSAPI Error" Message. Please include at least that error message for new reports (maybe set comment to private in that case).
Comment 13 Arvid Requate univentionstaff 2018-06-04 16:47:47 CEST 
Our current impression is that the errata versions reported in the feedback may not be accurate because the packages get updated to latest errata version during installation. So the accused is innocent, unless proven guilty.
Comment 14 Ingo Steuwer univentionstaff 2020-07-03 20:55:40 CEST 
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
First Last Prev Next    This bug is not in your last search results.