Bug 1658294
Summary: | ipa-replica-install allows to use --setup-adtrust without the package freeipa-server-trust-ad installed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Thomas Woerner <twoerner> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | abokovoy, amore, ksiddiqu, pvoborni, rcritten, tscherf, twoerner |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1589558 | Environment: | |
Last Closed: | 2019-06-14 01:32:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thomas Woerner
2018-12-11 17:10:52 UTC
Thomas Woerner, How this can be verified? (In reply to anuja from comment #2) > Thomas Woerner, > How this can be verified? Description of problem: Trying to setup a FreeIPA replica with the --setup-adtrust command line option setup, makes the setup fail due to the missing freeipa-server-trust-ad package (not pulled automatically for any package) Version-Release number of selected component (if applicable): freeipa-server-4.6.90.pre2 How reproducible: Steps to Reproduce: 1. dnf install freeipa-server 2. ipa-replica-install --setup-adtrust Actual results: It fails in the end when it tries to restart smb, and the logs show "No builtin nor plugin backend for ipasam found" Expected results: Replica should be installed sucessfully --- Additionally from https://pagure.io/freeipa/c/be968ea01adf1721b0afd7393872a8d311d89d0c ipaserver/install/adtrustinstance.py: + # Check that ipa-server-trust-ad package is installed, + # by looking for the file /usr/share/ipa/smb.conf.empty + if not os.path.exists(os.path.join(paths.USR_SHARE_IPA_DIR, + "smb.conf.empty")): + print("AD Trust requires the '%s' package" % + constants.IPA_ADTRUST_PACKAGE_NAME) + print("Please install the package and start the installation again") + return False That means that the fixed version will fail early and print a message. Verified using : ipa-server-4.7.1-10.module+el8+2699+aa606a46.x86_64 ipa-server-trust-ad-4.7.1-10.module+el8+2699+aa606a46.x86_64 Verification Steps: 1: dnf module install idm:DL1/dns 2: yum install ipa-server-trust-ad 3: ipa-replica-install --setup-adtrust Console Output : # ipa-replica-install --ip-address= -P admin -w --server --domain --setup-adtrust -U Configuring client side components This program will set up IPA client. Version 4.7.1 [7/10]: upgrading server [8/10]: stopping directory server [9/10]: restoring configuration [10/10]: starting directory server Done. Finalize replication settings Restarting the KDC Configuring CIFS [1/23]: validate server hostname [2/23]: stopping smbd [3/23]: creating samba domain object [4/23]: creating samba config registry [5/23]: writing samba config file [6/23]: adding cifs Kerberos principal [7/23]: adding cifs and host Kerberos principals to the adtrust agents group [8/23]: check for cifs services defined on other replicas [9/23]: adding cifs principal to S4U2Proxy targets [10/23]: adding admin(group) SIDs [11/23]: adding RID bases [12/23]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [13/23]: activating CLDAP plugin [14/23]: activating sidgen task [15/23]: map BUILTIN\Guests to nobody group [16/23]: configuring smbd to start on boot [17/23]: adding special DNS service records [18/23]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [19/23]: adding fallback group [20/23]: adding Default Trust View [21/23]: setting SELinux booleans [22/23]: starting CIFS services [23/23]: restarting smbd Done configuring CIFS. WARNING: The CA service is only installed on one server (vm-idm-040.replica.test). It is strongly recommended to install it on another server. Run ipa-ca-install(1) on another master to accomplish this. Based on comment #4 marking bz as verified. |