Bug 1437378
| Summary: | ipa-adtrust-install produced an error and failed on starting smb when hostname is not FQDN | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | mpanaous |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Sudhir Menon <sumenon> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | ksiddiqu, pvoborni, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.5.0-5.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 09:47:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Tested on RHEL7.4 using
ipa-server-4.5.0-11.el7.x86_64
389-ds-base-1.3.6.1-13.el7.x86_64
pki-ca-10.4.1-4.el7.noarch
krb5-server-1.15.1-8.el7.x86_64
sssd-1.15.2-29.el7.x86_64
selinux-policy-3.13.1-148.el7.noarch
[root@master ~]# hostname
master
[root@master ~]# ipa-adtrust-install
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup components needed to establish trust to AD domains for
the IPA Server.
This includes:
* Configure Samba
* Add trust related objects to IPA LDAP server
To accept the default shown in brackets, press the Enter key.
Configuring cross-realm trusts for IPA server requires password for user 'admin'.This user is a regular system account used for IPA server administration.
admin password:
Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users.
Enable trusted domains support in slapi-nis? [no]:
Enter the NetBIOS name for the IPA domain.
Only up to 15 uppercase ASCII letters, digits and dashes are allowed.
Example: EXAMPLE.
NetBIOS domain name [TESTRELM]:
WARNING: 3 existing users or groups do not have a SID identifier assigned.
Installer can run a task to have ipa-sidgen Directory Server plugin generate
the SID identifier for all these users. Please note, the in case of a high
number of users and groups, the operation might lead to high replication
traffic and performance degradation. Refer to ipa-adtrust-install(1) man page
for details.
Do you want to run the ipa-sidgen task? [no]:
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring CIFS
[1/22]: validate server hostname
[error] ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab.
Unexpected error - see /var/log/ipaserver-install.log for details:
ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |
Fixed upstream: master: 0d817ae63a4ad8ba7a29910a9342a78e15e89593 adtrust: make sure that runtime hostname result is consistent with the configuration ipa-4-5: e430699024df06e1e6f819824548986eb0fa5fd2 adtrust: make sure that runtime hostname result is consistent with the configuration It was fixed in a way that ipa-adtrust-install fails with proper error message: raise ValueError("Host reports different name than configured: " "'%s' versus '%s'. Samba requires to have " "the same hostname or Kerberos principal " "'cifs/%s' will not be found in Samba keytab." % (hostname, self.fqdn, self.fqdn)) It is not a job of ipa-adtrust-install to set hostname.