Bug 679087
| Summary: | SSSD IPA provider should honor the krb5_realm option | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Stephen Gallagher <sgallagh> |
| Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 5.7 | CC: | benl, dpal, grajaiya, jgalipea, prc, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.5.1-12.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 679082 | Environment: | |
| Last Closed: | 2011-07-21 08:09:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 679082 | ||
| Bug Blocks: | |||
|
Comment 2
Jenny Severance
2011-05-31 20:05:43 UTC
Same result with RHEL 5 ipa-client scratch build: ipa-client-install --domain=testrelm --realm=QWQW -p mysecret -w mysecret -U --server=ipaserver.testrelm DNS domain 'qwqw' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Realm: QWQW DNS Domain: testrelm IPA Server: ipaserver.testrelm BaseDN: dc=qwqw kinit(v5): Cannot contact any KDC for realm 'QWQW' while getting initial credentials # rpm -q ipa-client ipa-client-2.0-15.el5 ipa-server: RHEL 6.1 ipa-server-2.0.0-23.el6.x86_64 ipa-client: RHEL 5.7 sssd-1.5.1-36.el5 ipa-client-2.0-15.el5 # ipa-client-install --domain=testrelm --realm=QWQW -p admin -w mysecret -U --server=ipaserver.testrelm DNS domain 'qwqw' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Realm: QWQW DNS Domain: testrelm IPA Server: ipaserver.testrelm BaseDN: dc=qwqw Enrolled in IPA realm QWQW Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm QWQW Warning: Hostname (client.testrelm) not found in DNS Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status -6) Failed to stop the NSCD daemon SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. # kinit jennyg Password for jennyg@QWQW: Password expired. You must change it now. Enter new password: Enter it again: # cat /etc/ipa/default.conf #File modified by ipa-client-install [global] basedn = dc=qwqw realm = QWQW domain = testrelm server = ipaserver.testrelm xmlrpc_uri = https://ipaserver.testrelm/ipa/xml enable_ra = True # cat /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = testrelm [nss] [pam] [domain/testrelm] cache_credentials = True krb5_realm = QWQW ipa_domain = testrelm id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_server = _srv_, ipaserver.testrelm # cat /etc/krb5.conf #File modified by ipa-client-install [libdefaults] default_realm = QWQW dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] QWQW = { kdc = ipaserver.testrelm:88 admin_server = ipaserver.testrelm:749 default_domain = testrelm pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .testrelm = QWQW testrelm = QWQW [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html |