Bug 714924
| Summary: | ipa-client-install complains about non-existing nss_ldap | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Marko Myllynen <myllynen> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.1 | CC: | benl, dpal, jgalipea, nsoman, syeghiay |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.1.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: When configuring an IPA client to use sssd if an error occurs looking up users an error message that "nss_ldap is not able to use DNS discovery" is displayed.
Consequence: This is confusing because the default is to use sssd, not nss_ldap.
Fix: The nss services are tested at the end of installation to be sure they are working. If sssd takes longer to start up than expected this error message will appear because the command 'getent passwd admin' failed. Make the error message more specific.
Result: The user is show exactly what has failed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 18:36:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marko Myllynen
2011-06-21 10:49:36 UTC
master: d6875b9adc6d43ae9eec74e52070dd0833ccf2dc Can you please add steps to reproduce this issue? When is "sometimes"? This happened in a test network environment which has been since decommissioned. But since the issue has been clearly fixed in the referenced commit this BZ can be closed. Tested using ipa-client-2.1.2-2.el6.x86_64 Seeing the new error message, using steps below: # ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123 --no-sssd Discovery was successful! Hostname: rhel62-server2.testrelm Realm: TESTRELM DNS Domain: testrelm IPA Server: rhel62-server1.testrelm BaseDN: dc=testrelm Continue to configure the system with these values? [no]: y Synchronizing time with KDC... Enrolled in IPA realm TESTRELM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm TESTRELM LDAP enabled Kerberos 5 enabled Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. NTP enabled Client configuration complete. NeedInfo: I see the new error.....but should I be seeing it? Namita, I think you've found a new bug introduced in the fix for this. It looks like we don't update all the ldap config files we need to. It is unclear how Marko was doing his installation but if you were installing with sssd you could get an error about nss_ldap not being configured and I think that is was the original driver of this was. I was installing with SSSD so the complain about non-existing nss_ldap was misguided but it has been clearly fixed already. If there are any other issues with non-sssd case then a new BZ should be filed. opened bug 746276 for what I saw earlier I think the thing to do here is test without the --no-sssd option and confirm you don't get an error about nss_ldap to verify the original bug report. We'll tackle the new issue in bug 746276. Resetting ON_QA. Verified using ipa-client-2.1.2-2.el6.x86_64 When running an install ipa-client-install -p admin -w <xxx> i get error: Configured /etc/krb5.conf for IPA realm TESTRELM SSSD enabled Unable to find 'admin' user with 'getent passwd admin'! Recognized configuration: SSSD NTP enabled Like Marko, not sure of steps i took to get in this state, but confirmed that I'm not seeing the old nss_ldap message, and am getting the new error.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: When configuring an IPA client to use sssd if an error occurs looking up users an error message that "nss_ldap is not able to use DNS discovery" is displayed.
Consequence: This is confusing because the default is to use sssd, not nss_ldap.
Fix: The nss services are tested at the end of installation to be sure they are working. If sssd takes longer to start up than expected this error message will appear because the command 'getent passwd admin' failed. Make the error message more specific.
Result: The user is show exactly what has failed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |