ipa-getkeytab doesn't work

thanks for testing, I'll look at it after my vacation.

timo

i just compiled freeipa 2.2.0 and this looks more broken (running it
on f17 and there it works)
ipa client install breaks with a glibc trace
debian.py needs more adjustment ( patch will be send tomorrow)
so i think something i wrong with our deps i think

furthermore i did some backports for krb5 and libapache2 mod auth krb
for doing s4uproxy support

will push it into to lp tomorrow for testing this would be a big step
tonhave freeipa server running on ubuntu

have a nice vacation :-)

\sh

Sent from my iPhone

On 18.07.2012, at 00:30, Timo Aaltonen <email address hidden> wrote:

> thanks for testing, I'll look at it after my vacation.
>
> ** Changed in: freeipa (Ubuntu)
> Assignee: (unassigned) => Timo Aaltonen (tjaalton)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1025864
>
> Title:
> ipa-getkeytab doesn't work
>
> Status in “freeipa” package in Ubuntu:
> New
>
> Bug description:
> Dear Colleagues,
>
> after successfully joining a freeipa domain with 12.04, it should be
> possible to use ipa-getkeytab from the freeipa-client package.
>
> Sadly this is just an expectation.
>
> so, "ipa-getkeytab --help" on F17 gives this output:
>
> [root@authmgr ~]# ipa-getkeytab --help
> Usage: ipa-getkeytab [OPTION...]
> -q, --quiet Print as little as
> possible
> -s, --server=Server Name Contact this
> specific KDC Server
> -p, --principal=Kerberos Service Principal Name The principal to
> get a keytab for
> (ex:
> <email address hidden>)
> -k, --keytab=Keytab File Name File were to store
> the keytab
> information
> -e, --enctypes=Comma separated encryption types list Encryption types to
> request
> --permitted-enctypes Show the list of
> permitted
> encryption types
> and exit
> -P, --password Asks for a
> non-random password
> to use for the
> principal
> -D, --binddn=DN to bind as if not using kerberos LDAP DN
> -w, --bindpw=password to use if not using kerberos LDAP password
>
> Help options:
> -?, --help Show this help
> ...

Well, getting the server working needs lot more, including reshuffling the whole ipapython/platform stuff around, so the current debian.py is temporary until that work is done upstream (I'll get to it in two weeks). The current freeipa package in 12.04 will only get fixes so that the client install goes more smoothly etc, but server would need a backport of 3.1 most likely.

The packaging is in git.debian.org btw.

timo

if i can of help with upstream

Jr aquino is just sitting Some cubicals next to me so i have a direct
wire to upstream ;-)

actually with him i am working on this project

so whatever it takes we have everything in place

Sent from my iPhone

On 18.07.2012, at 00:55, Timo Aaltonen <email address hidden> wrote:

> Well, getting the server working needs lot more, including reshuffling
> the whole ipapython/platform stuff around, so the current debian.py is
> temporary until that work is done upstream (I'll get to it in two
> weeks). The current freeipa package in 12.04 will only get fixes so that
> the client install goes more smoothly etc, but server would need a
> backport of 3.1 most likely.
>
> The packaging is in git.debian.org btw.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1025864
>
> Title:
> ipa-getkeytab doesn't work
>
> Status in “freeipa” package in Ubuntu:
> New
>
> Bug description:
> Dear Colleagues,
>
> after successfully joining a freeipa domain with 12.04, it should be
> possible to use ipa-getkeytab from the freeipa-client package.
>
> Sadly this is just an expectation.
>
> so, "ipa-getkeytab --help" on F17 gives this output:
>
> [root@authmgr ~]# ipa-getkeytab --help
> Usage: ipa-getkeytab [OPTION...]
> -q, --quiet Print as little as
> possible
> -s, --server=Server Name Contact this
> specific KDC Server
> -p, --principal=Kerberos Service Principal Name The principal to
> get a keytab for
> (ex:
> <email address hidden>)
> -k, --keytab=Keytab File Name File were to store
> the keytab
> information
> -e, --enctypes=Comma separated encryption types list Encryption types to
> request
> --permitted-enctypes Show the list of
> permitted
> encryption types
> and exit
> -P, --password Asks for a
> non-random password
> to use for the
> principal
> -D, --binddn=DN to bind as if not using kerberos LDAP DN
> -w, --bindpw=password to use if not using kerberos LDAP password
>
> Help options:
> -?, --help Show this help
> ...

I have a direct link too (ab on #freeipa) :) But we could discuss these matters after two weeks, can't be in such a hurry? :)

actually for us its critical to have at least a working package of the client

but i do my best to have an overlay pkg in our own repos which works
until there is a better solution :-)

so be warned that more bug reports are coming in ;-)

have a nice holiday :-)

Sent from my iPhone

On 18.07.2012, at 01:25, Timo Aaltonen <email address hidden> wrote:

> I have a direct link too (ab on #freeipa) :) But we could discuss these
> matters after two weeks, can't be in such a hurry? :)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1025864
>
> Title:
> ipa-getkeytab doesn't work
>
> Status in “freeipa” package in Ubuntu:
> New
>
> Bug description:
> Dear Colleagues,
>
> after successfully joining a freeipa domain with 12.04, it should be
> possible to use ipa-getkeytab from the freeipa-client package.
>
> Sadly this is just an expectation.
>
> so, "ipa-getkeytab --help" on F17 gives this output:
>
> [root@authmgr ~]# ipa-getkeytab --help
> Usage: ipa-getkeytab [OPTION...]
> -q, --quiet Print as little as
> possible
> -s, --server=Server Name Contact this
> specific KDC Server
> -p, --principal=Kerberos Service Principal Name The principal to
> get a keytab for
> (ex:
> <email address hidden>)
> -k, --keytab=Keytab File Name File were to store
> the keytab
> information
> -e, --enctypes=Comma separated encryption types list Encryption types to
> request
> --permitted-enctypes Show the list of
> permitted
> encryption types
> and exit
> -P, --password Asks for a
> non-random password
> to use for the
> principal
> -D, --binddn=DN to bind as if not using kerberos LDAP DN
> -w, --bindpw=password to use if not using kerberos LDAP password
>
> Help options:
> -?, --help Show this help
> message
> --usage Display brief usage
> message
>
>
> On Ubuntu 12.04:
>
>
> root@ubuntu-ipa-client...

Ok,

the bug occurs as well on ipa-join.

Anyways...found the bug.
if locales are not configured correctly it will fail, because the call to ret=init_gettext() fails and all utils are exiting.

WIll close it