ERF12-5287 » History » Revision 7
Revision 6 (Stephen Benjamin, 07/13/2015 12:17 PM) → Revision 7/9 (Stephen Benjamin, 07/13/2015 12:18 PM)
h1. ERF12-5287: Unable to create realm entry
Possible solutions to this issue:
h2. Upgraded IPA 3.x to 4.x
If you upgraded IPA from 3 to 4, the permissions system has changed and the custom permissions foreman needs are not migrated correctly. You can verify this is the problem by looking at /var/log/httpd/*.log for permissions errors.
Re-run `foreman-prepare-realm` from a server with the IPA version *4* client tools installed (such as the FreeIPA server itself).
h2. Expired Keytab
Do you see an error like this in /var/log/foreman-proxy/proxy.log?
<pre>
ERROR -- : Failed to initailize credentials cache from keytab: krb5_get_init_creds_keytab: Decrypt integrity check failed
</pre>
Your Keytab may be expired. The keytab expiration follows your password expiration policies.
You can get a new one by:
<pre>
# kinit admin@EXAMPLE.COM (or other suitable IPA admin)
# ipa-getkeytab -s ipa01.example.com -p realm-proxy@EXAMPLE.COM -k /etc/foreman-proxy/freeipa.keytab
# chown foreman-proxy:foreman-proxy /etc/foreman-proxy/freeipa.keytab
</pre>
h2. Wrong Size Error
Do you see an error like this in /var/log/foreman-proxy/proxy.log?
<pre>
E, [2014-11-03T15:23:02.715791 #21273] ERROR -- : Wrong size. Was 307, should be 191
</pre>
This is due to a bug in Ruby:
https://bugs.ruby-lang.org/issues/8182
This has been fixed in RHEL 7.1 + rebuilds, please run @yum update ruby@. The relevant bugzilla
is: https://bugzilla.redhat.com/show_bug.cgi?id=1071187
On 7.0, you can temporarily work around the problem by commenting these out on lines 505-506 in
/usr/share/ruby/xmlrpc/client.rb:
<pre>
#elsif expected != "<unknown>" and expected.to_i != data.bytesize and resp["Transfer-Encoding"].nil?
# raise "Wrong size. Was #{data.bytesize}, should be
# #{expected}"
</pre>