Bug 1568857
| Summary: | Wrong error message in case domain level should be set to 1 again. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Thorsten Scherf <tscherf> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED WORKSFORME | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.0 | CC: | frenaud, pasik, pvoborni, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-23 11:09:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Thorsten Scherf
2018-04-18 10:42:54 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7511 Hi Thorsten, when you reproduced the issue, which principal was authenticated? I am able to to reproduce if I do # kinit -kt /etc/krb5.keytab # ipa domainlevel-set 1 ipa: ERROR: Domain Level cannot be raised to 1, server server.example.com does not support it. But if I kinit as admin: # kinit admin Password for admin: # ipa domainlevel-set 1 ipa: ERROR: no modifications to be performed I suspect the issue is linked to ipaMinDomainLevel and ipaMaxDomainLevel not readable by all the users. Customer confirmed that he gets the expected output when the command is run with an admin TGT, hence closing as works for me. |