[Freeipa-users] Re: FreeIPA Community Portal - install errors - "No module named ipalib"

Sun, 13 May 2018 00:11:38 -0700 

On la, 12 touko 2018, Joseph Flynn via FreeIPA-users wrote:

Loading the python2 ipa packages got through the first error.

The script seems to be setting some permissions and creating some users but
then there are some keytab failures.

I'm just a beginner at this so I need to learn more about how ipa handles
these matters.  I see the portal user Self Service in the user table vi the
web UI.

I already kinit admin prior to this and get:

[ me@portal ~ ]$ create-portal-user
Created privilege 'Portal management privilege'
   Added permission 'System: Add Stage User' to privilege
   Added permission 'System: Read Stage User' to privilege
   Added permission 'System: Change User password' to privilege
   Cannot add permission 'System: Read User Standard Attributes' to
privilege
ipa: WARNING:     Cannot add permission 'System: Read User Standard
Attributes' to privilege
   Cannot add permission 'System: Read User Addressbook Attributes' to
privilege
ipa: WARNING:     Cannot add permission 'System: Read User Addressbook
Attributes' to privilege
Created role 'Portal management'
Added privilege 'Portal management privilege' to role 'Portal management'
Created user 'portal'
Added role 'Portal management' to user 'portal'
Retrieving keytab...
   ipa-getkeytab -s prime.ipa.kkgpitt.org -p por...@ipa.kkgpitt.org -k
/etc/ipa/portal.keytab
Failed to add key to the keytab
Traceback (most recent call last):
 File "/home/me/.local/bin/create-portal-user", line 207, in <module>
   main()
 File "/home/me/.local/bin/create-portal-user", line 197, in main
   create_keytab(args.username, args.keytab, args.keytab_owner)
 File "/home/me/.local/bin/create-portal-user", line 180, in create_keytab
   subprocess.check_call(cmd)
 File "/usr/lib64/python2.7/subprocess.py", line 190, in check_call
   raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['ipa-getkeytab', '-s', u'
prime.ipa.kkgpitt.org', '-p', u'por...@ipa.kkgpitt.org', '-k',
'/etc/ipa/portal.keytab']' returned non-zero exit status 11

I'd guess that a failure is due to admin not being able to retrieve a
keytab for the user 'portal'.

I'm not sure about the state of the portal app. Probably worth filling a
ticket against it on github.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to