Bug 1437378 - ipa-adtrust-install produced an error and failed on starting smb when hostname is not FQDN
Summary: ipa-adtrust-install produced an error and failed on starting smb when hostnam...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Sudhir Menon
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-30 08:35 UTC by mpanaous
Modified: 2017-08-01 09:47 UTC (History)
4 users (show)

Fixed In Version: ipa-4.5.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:47:49 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Comment 2 Petr Vobornik 2017-03-31 13:31:08 UTC
Fixed upstream:

master:
    0d817ae63a4ad8ba7a29910a9342a78e15e89593 adtrust: make sure that runtime hostname result is consistent with the configuration

ipa-4-5:
    e430699024df06e1e6f819824548986eb0fa5fd2 adtrust: make sure that runtime hostname result is consistent with the configuration


It was fixed in a way that ipa-adtrust-install fails with proper error message:

     raise ValueError("Host reports different name than configured: "
                      "'%s' versus '%s'. Samba requires to have "
                      "the same hostname or Kerberos principal "
                      "'cifs/%s' will not be found in Samba keytab." %
                       (hostname, self.fqdn, self.fqdn))


It is not a job of ipa-adtrust-install to set hostname.

Comment 4 Sudhir Menon 2017-05-16 06:34:59 UTC
Tested on RHEL7.4 using

ipa-server-4.5.0-11.el7.x86_64
389-ds-base-1.3.6.1-13.el7.x86_64
pki-ca-10.4.1-4.el7.noarch
krb5-server-1.15.1-8.el7.x86_64
sssd-1.15.2-29.el7.x86_64
selinux-policy-3.13.1-148.el7.noarch

[root@master ~]# hostname
master

[root@master ~]# ipa-adtrust-install
The log file for this installation can be found in /var/log/ipaserver-install.log
    ==============================================================================
This program will setup components needed to establish trust to AD domains for
the IPA Server.
     
This includes:
      * Configure Samba
      * Add trust related objects to IPA LDAP server
     
To accept the default shown in brackets, press the Enter key.
Configuring cross-realm trusts for IPA server requires password for user 'admin'.This user is a regular system account used for IPA server administration.
admin password:
     
Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users.
     
Enable trusted domains support in slapi-nis? [no]:
Enter the NetBIOS name for the IPA domain.
Only up to 15 uppercase ASCII letters, digits and dashes are allowed.
Example: EXAMPLE.
     
NetBIOS domain name [TESTRELM]:
     
WARNING: 3 existing users or groups do not have a SID identifier assigned.
Installer can run a task to have ipa-sidgen Directory Server plugin generate
the SID identifier for all these users. Please note, the in case of a high
number of users and groups, the operation might lead to high replication
traffic and performance degradation. Refer to ipa-adtrust-install(1) man page
for details.
     
Do you want to run the ipa-sidgen task? [no]:
     
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
     
Configuring CIFS
[1/22]: validate server hostname
[error] ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab.
Unexpected error - see /var/log/ipaserver-install.log for details:
ValueError: Host reports different name than configured: 'master' versus 'master.testrelm.test'. Samba requires to have the same hostname or Kerberos principal 'cifs/master.testrelm.test' will not be found in Samba keytab.

Comment 5 errata-xmlrpc 2017-08-01 09:47:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.