I want to enrol a fedora laptop to freeipa during foreman pxe provisioning. Note that when I login as root after boot and call the same ipa-client-install line from the orginal-ks.cfg, then the enrolment is successful. I have this in the kickstart template: %post exec < /dev/tty3 > /dev/tty3 chvt 3 ( logger "Starting anaconda <%= @host %> postinstall" <% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%> ## ## IPA Client Installation ## echo "Realm found: setup ipa-client" /usr/libexec/openssh/sshd-keygen rsa # HOTFIX for https://github.com/fedora-silverblue/issue-tracker/issues/427 mkdir -p /var/lib/ipa-client/sysrestore mkdir -p /var/lib/ipa-client/pki mkdir -p /var/log touch /var/log/ipaclient-install.log # One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value. /usr/sbin/ipa-client-install -w '<%= @host.otp || "$HOST[OTP]" %>' --realm=<%= @host.realm %> -U --mkhomedir <% end -%> full config: https://gitlab.com/eu-os/eu-os.gitlab.io/-/snippets/4906744 Reproducible: Always Steps to Reproduce: 1. configure everything in foreman (hard to give here the complete setup) 2. provision with foreman via pxe 3. reboot and see that the /etc/krb5.conf is not setup and see errors in the ipaclient-install.log Actual Results: ipa enrolment failed Expected Results: ipa enrolement worked
Created attachment 2116214 [details] ipaclient-install.log