Bug 965888
| Summary: | Enterprise Login option doesn't work with FreeIPA | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Simo Sorce <ssorce> |
| Component: | gnome-initial-setup | Assignee: | Jasper St. Pierre <jstpierr> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | awilliam, jhrozek, jstpierr, mclasen, samuel-rhbugs, ssorce, stefw, tiagomatos, yelley |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | gnome-initial-setup-0.11-1.fc19 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-16 06:07:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Simo Sorce
2013-05-21 22:43:01 UTC
Moving this to realmd for consideration. It dos not work with SRV records either in my setup. Should I change back the subject ? let's go with something fairly generic for now, if we figure out what exactly about your FreeIPA config it is that realmd/g-i-s doesn't like, we can adjust it again... Please run this and paste the output here: $ realm discover --verbose mydomain.com realmd has no chance to work as I just noticed neither anaconda nor g-i-s let you set the machine name (nor the domain name of course). And on the live desktop install there is also no way to set the domain in Network Manager even when setting the DNS server manually. I think the 'Enterprise login' thing has never been tested by anybody and appears completely broken. I am resetting this bug back to g-i-s, I suggest you drop the 'enterprise login' button until it actually can be made to work. Provided by Simo: realmd discover --verbose trust.ssimo.org * Resolving: _ldap._tcp._msdcs.trust.ssimo.org * Sending MS-CLDAP ping to: 192.168.122.240 ! Discovery timed out after 15 seconds trust.ssimo.org type: kerberos realm-name: TRUST.SSIMO.ORG domain-name: trust.ssimo.org configured: no (In reply to Simo Sorce from comment #5) > realmd has no chance to work as I just noticed neither anaconda nor g-i-s > let you set the machine name (nor the domain name of course). Anaconda lets you set this in the network spoke, although it doesn't seem to be shown when doing a Live install. > I think the 'Enterprise login' thing has never been tested by anybody and > appears completely broken. Yes, this functionality in g-i-s has likely never been tested. Although it can be made to work by setting the hostname in the installer (or in the Live Desktop environment). But yes, the g-i-s stuff has likely never been tested due to the complete brokenness of the Fedora 19 install process until very recently coupled with the complete absence of any domains (even FreeIPA domains!) available anywhere for developers to test against. The g-i-s Enterprise login code was copied from gnome-control-center, where the functionality does work and has been tested. > I am resetting this bug back to g-i-s, I suggest you drop the 'enterprise > login' button until it actually can be made to work. It can be made to work, but does not actually work without the work around of setting up the host name. It should be noted that the authconfig Network Authentication firstboot button has exactly this same problem. In addition it does not install the necessary packages and requires that you know these and manually install them in advance in the installer. https://bugzilla.gnome.org/show_bug.cgi?id=701044 https://bugzilla.gnome.org/show_bug.cgi?id=701045 https://bugzilla.gnome.org/show_bug.cgi?id=701043 https://bugzilla.gnome.org/show_bug.cgi?id=701041 https://bugzilla.gnome.org/show_bug.cgi?id=701039 https://bugzilla.gnome.org/show_bug.cgi?id=700996 So yes, this feature was completely broken in gnome-initial-setup. It crashed, and didn't look like it had ever been used. I remember being asked in passing to look at this stuff, but I never got around to reviewing the code until now. Sorry bout that. 18 patches attached to above bugs, which makes things usable. All upstream patches reviewed, pushed. This makes this feature usable. Although I did only test with 'gnome-initial-setup --force-new-user' One thing that seems missing from a firstboot type thingy is the ability to setup not just one user, but set defaults for all users, and setup domain logins for any domain user. You might think of this as 'workstation mode'. gnome-initial-setup as a whole does not currently do fill the 'workstation' use case (it sets up one user), and so its no suprise that the Enterprise login feature that's part of gnome-initial-setup does not fill the workstation use case either. If in the future gnome-initial-setup gained the feature to be used in a workstation mode, then we could easily extend its the Enterprise Login page to match. Leaving this back in the hands of mclasen at this point. But I think things are ready for a new Fedora package to verify that this functionality works. aiui, so far, that is outside the scope of g-i-s' design. g-i-s was designed for the two use cases 'creating a single initial admin user for a newly installed system' and 'configuring the basic environment of any newly created user the first time they log into GNOME'. it was not designed to cover anything outside of those cases. gnome-initial-setup-0.11-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/FEDORA-2013-9570/gnome-initial-setup-0.11-1.fc19 gnome-initial-setup-0.11-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |