Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem: client install with --preserve-sssd does not preserve old sssd configuration. Configure sssd.conf to point to incorrect domain,then install client with --preserve-sssd, install went through successfully. Version-Release number of selected component (if applicable): ipa-client-4.1.0-15 How reproducible: Always Steps to Reproduce: 1.configure sssd to point to incorrect domain 2.install client with --preserve-sssd 3.check install status Actual results: install complete Expected results: install fail Additional info: [root@beast ~]# cat /etc/sssd/sssd.conf.deleted [domain/testrelm.test] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = testrelm.test id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = beast.testrelm.test chpass_provider = ipa ipa_server = _srv_, mgmt9.testrelm.test ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, sudo, pam, ssh config_file_version = 2 domains = testrelm.test [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [root@beast ~]# cat /etc/sssd/sssd.conf.deleted > /etc/sssd/sssd.conf corrupting sssd: [root@beast ~]# sed -i s/^domains/domains=incorrect.domain-corrupted\\n#domains/g /etc/sssd/sssd.conf [root@beast ~]# sed -i s/^ipa_domain/ipa_domain=incorrect.domain-corrupted\\n#ipa_domain/g /etc/sssd/sssd.conf [root@beast ~]# cat /etc/sssd/sssd.conf [domain/testrelm.test] cache_credentials = True krb5_store_password_if_offline = True ipa_domain=incorrect.domain-corrupted #ipa_domain = testrelm.test id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = beast.testrelm.test chpass_provider = ipa ipa_server = _srv_, mgmt9.testrelm.test ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, sudo, pam, ssh config_file_version = 2 domains=incorrect.domain-corrupted #domains = testrelm.test [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [root@beast ~]# ipa-client-install --server=$MASTER --password=$ADMINPW --unattended --realm=$RELM --domain=$DOMAIN --principal=$ADMINID --preserve-sssd Hostname: beast.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: mgmt9.testrelm.test BaseDN: dc=testrelm,dc=test Synchronizing time with KDC... Successfully retrieved CA cert Subject: CN=Certificate Authority,O=TESTRELM.TEST Issuer: CN=Certificate Authority,O=TESTRELM.TEST Valid From: Wed Jan 28 14:48:17 2015 UTC Valid Until: Sun Jan 28 14:48:17 2035 UTC Enrolled in IPA realm TESTRELM.TEST Created /etc/ipa/default.conf Domain testrelm.test is already configured in existing SSSD config, creating a new one. The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall. Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.TEST trying https://mgmt9.testrelm.test/ipa/json Forwarding 'ping' to json server 'https://mgmt9.testrelm.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://mgmt9.testrelm.test/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://mgmt9.testrelm.test/ipa/json' SSSD enabled SSSD service restart was unsuccessful. Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Unable to reliably detect configuration. Check NSS setup manually. NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring testrelm.test as NIS domain. Client configuration complete.