Bug 1252414
Summary: | Trust agent install does not detect available replicas to add to master | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Varun Mylaraiah <mvarun> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | dpal, jcholast, rcritten |
Target Milestone: | rc | Keywords: | TestBlocker |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.2.0-4.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 12:05:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Varun Mylaraiah
2015-08-11 10:56:25 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5199 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/1fc21e980bb901bf71f7ee024cdbb15c1caec3a7 ipa-4-2: https://fedorahosted.org/freeipa/changeset/ef192fb17be348c526029e8fa5165b9108e1f6da Verified ipa version: ============= ipa-server-4.2.0-4.el7.x86_64 "ipa-adtrust-install --add-agents" command now identify the available replica's. [root@master1 ~]# ipa-adtrust-install --add-agents The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: y Configuring cross-realm trusts for IPA server requires password for user 'admin'. This user is a regular system account used for IPA server administration. admin password: The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring CIFS [1/22]: stopping smbd [2/22]: creating samba domain object Samba domain object already exists [3/22]: creating samba config registry [4/22]: writing samba config file [5/22]: adding cifs Kerberos principal [6/22]: adding cifs and host Kerberos principals to the adtrust agents group [7/22]: check for cifs services defined on other replicas [8/22]: adding cifs principal to S4U2Proxy targets cifs principal already targeted, nothing to do. [9/22]: adding admin(group) SIDs Admin SID already set, nothing to do Admin group SID already set, nothing to do [10/22]: adding RID bases RID bases already set, nothing to do [11/22]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [12/22]: activating CLDAP plugin CLDAP plugin already configured, nothing to do [13/22]: activating sidgen task Sidgen task plugin already configured, nothing to do [14/22]: configuring smbd to start on boot [15/22]: adding special DNS service records [16/22]: enabling trusted domains support for older clients via Schema Compatibility plugin [17/22]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [18/22]: adding fallback group Fallback group already set, nothing to do [19/22]: adding Default Trust View Default Trust View already exists. [20/22]: setting SELinux booleans [21/22]: enabling oddjobd [22/22]: starting CIFS services Done configuring CIFS. WARNING: 1 IPA masters are not yet able to serve information about users from trusted forests. Installer can add them to the list of IPA masters allowed to access infromation about trusts. If you choose to do so, you also need to restart LDAP service on those masters. Refer to ipa-adtrust-install(1) man page for details. Do you want to allow following IPA masters to serve information about users from trusted forests? IPA master [replica2.btestrelm.test]? [no]: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |