Red Hat Bugzilla – Bug 1437378
ipa-adtrust-install produced an error and failed on starting smb when hostname is not FQDN
Last modified: 2017-08-01 05:47:49 EDT
Fixed upstream: master: 0d817ae63a4ad8ba7a29910a9342a78e15e89593 adtrust: make sure that runtime hostname result is consistent with the configuration ipa-4-5: e430699024df06e1e6f819824548986eb0fa5fd2 adtrust: make sure that runtime hostname result is consistent with the configuration It was fixed in a way that ipa-adtrust-install fails with proper error message: raise ValueError("Host reports different name than configured: " "'%s' versus '%s'. Samba requires to have " "the same hostname or Kerberos principal " "'cifs/%s' will not be found in Samba keytab." % (hostname, self.fqdn, self.fqdn)) It is not a job of ipa-adtrust-install to set hostname.
Tested on RHEL7.4 using ipa-server-4.5.0-11.el7.x86_64 389-ds-base-1.3.6.1-13.el7.x86_64 pki-ca-10.4.1-4.el7.noarch krb5-server-1.15.1-8.el7.x86_64 sssd-1.15.2-29.el7.x86_64 selinux-policy-3.13.1-148.el7.noarch [root@master ~]# hostname master [root@master ~]# ipa-adtrust-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. Configuring cross-realm trusts for IPA server requires password for user 'admin'.This user is a regular system account used for IPA server administration. admin password: Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: Enter the NetBIOS name for the IPA domain. Only up to 15 uppercase ASCII letters, digits and dashes are allowed. Example: EXAMPLE. NetBIOS domain name [TESTRELM]: WARNING: 3 existing users or groups do not have a SID identifier assigned. Installer can run a task to have ipa-sidgen Directory Server plugin generate the SID identifier for all these users. Please note, the in case of a high number of users and groups, the operation might lead to high replication traffic and performance degradation. Refer to ipa-adtrust-install(1) man page for details. Do you want to run the ipa-sidgen task? [no]: The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring CIFS [1/22]: validate server hostname [error] ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab. Unexpected error - see /var/log/ipaserver-install.log for details: ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304