| Summary: | authconfig --disableipav2 should call ipa-client-install --uninstall | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | David Spurek <dspurek> | |
| Component: | authconfig | Assignee: | Tomas Mraz <tmraz> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.0 | CC: | dspurek, ebenes | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | authconfig-6.2.8-1.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1023294 (view as bug list) | Environment: | ||
| Last Closed: | 2014-06-13 13:12:05 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1023294 | |||
'authconfig --disableipav2' doesn't remove pam_sss from pam configuration and sss from /etc/nsswitch.conf This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: authconfig --disableipav2 should call ipa-client-install --uninstall if authconfig was called with authconfig --enableipav2 --ipav2join and machine was successfully enrolled to IPA domain. Version-Release number of selected component (if applicable): authconfig-6.2.7-1.el7 How reproducible: always Steps to Reproduce: 1.authconfig --enableipav2 --ipav2domain=domain--ipav2join=user --update 2.authconfig --disableipav2 --update 3.again authconfig --enableipav2 --ipav2domain=domain--ipav2join=user --update Actual results: second authconfig --enableipav2 fail Expected results: second authconfig --enableipav2 success Additional info: [test]authconfig --enableipav2 --ipav2domain=ipa.baseos.qe --ipav2join=admin --update [/usr/sbin/ipa-client-install --noac --domain=ipa.baseos.qe --principal=admin ] WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Discovery was successful! Hostname: ibm-x3650m4-01-vm-02.lab.eng.bos.redhat.com Realm: IPA.BASEOS.QE DNS Domain: ipa.baseos.qe IPA Server: sec-ipa1.ipa.baseos.qe BaseDN: dc=ipa,dc=baseos,dc=qe Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Password for admin.QE: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=IPA.BASEOS.QE Issuer: CN=Certificate Authority,O=IPA.BASEOS.QE Valid From: Tue Jul 23 12:18:48 2013 UTC Valid Until: Sat Jul 23 12:18:48 2033 UTC Enrolled in IPA realm IPA.BASEOS.QE Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm IPA.BASEOS.QE Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub host_mod: Unknown option: no_members Failed to upload host SSH public keys. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete. [test]authconfig --disableipav2 --update [test]authconfig --enableipav2 --ipav2domain=ipa.baseos.qe --ipav2join=admin --update [/usr/sbin/ipa-client-install --noac --domain=ipa.baseos.qe --principal=admin ] IPA client is already configured on this system. If you want to reinstall the IPA client, uninstall it first using 'ipa-client-install --uninstall'. authconfig: IPAv2 domain join was not succesful. The ipa-client-install command failed.