Hide Forgot
The same problem on rhel6, tested with authconfig-6.1.12-13.el6 +++ This bug was initially created as a clone of Bug #1014992 +++ Description of problem: authconfig --disableipav2 should call ipa-client-install --uninstall if authconfig was called with authconfig --enableipav2 --ipav2join and machine was successfully enrolled to IPA domain. Version-Release number of selected component (if applicable): authconfig-6.2.7-1.el7 How reproducible: always Steps to Reproduce: 1.authconfig --enableipav2 --ipav2domain=domain--ipav2join=user --update 2.authconfig --disableipav2 --update 3.again authconfig --enableipav2 --ipav2domain=domain--ipav2join=user --update Actual results: second authconfig --enableipav2 fail Expected results: second authconfig --enableipav2 success Additional info: [test]authconfig --enableipav2 --ipav2domain=ipa.baseos.qe --ipav2join=admin --update [/usr/sbin/ipa-client-install --noac --domain=ipa.baseos.qe --principal=admin ] WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Discovery was successful! Hostname: ibm-x3650m4-01-vm-02.lab.eng.bos.redhat.com Realm: IPA.BASEOS.QE DNS Domain: ipa.baseos.qe IPA Server: sec-ipa1.ipa.baseos.qe BaseDN: dc=ipa,dc=baseos,dc=qe Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Password for admin.QE: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=IPA.BASEOS.QE Issuer: CN=Certificate Authority,O=IPA.BASEOS.QE Valid From: Tue Jul 23 12:18:48 2013 UTC Valid Until: Sat Jul 23 12:18:48 2033 UTC Enrolled in IPA realm IPA.BASEOS.QE Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm IPA.BASEOS.QE Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub host_mod: Unknown option: no_members Failed to upload host SSH public keys. Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete. [test]authconfig --disableipav2 --update [test]authconfig --enableipav2 --ipav2domain=ipa.baseos.qe --ipav2join=admin --update [/usr/sbin/ipa-client-install --noac --domain=ipa.baseos.qe --principal=admin ] IPA client is already configured on this system. If you want to reinstall the IPA client, uninstall it first using 'ipa-client-install --uninstall'. authconfig: IPAv2 domain join was not succesful. The ipa-client-install command failed. --- Additional comment from David Spurek on 2013-10-03 08:51:27 EDT --- 'authconfig --disableipav2' doesn't remove pam_sss from pam configuration and sss from /etc/nsswitch.conf
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1558.html