RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 768257 - Man Page : Document client IP addressing / FQDN requirements
Summary: Man Page : Document client IP addressing / FQDN requirements
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-16 07:41 UTC by Martin Kosek
Modified: 2012-06-20 13:28 UTC (History)
5 users (show)

Fixed In Version: ipa-2.2.0-11.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:28:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Martin Kosek 2011-12-16 07:41:38 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/1967

Currently ipa-client-install man page states about IP addressing / hostname only that:

        --hostname
             The  hostname  of this server (FQDN). If specified, the hostname
             will be set and the system configuration will be updated to per-
             sist  over reboot. By default a nodename result from uname(2) is
             used.

But if one runs ipa-client-install without --hostname on a client-to-be using using dynamic IP / hostname from corporate DHCP/DNS without MAC binding then eventually the client's IP address and hostname will change causing issues on the client, e.g., with Kerberos.

Manual page should clearly state that a static hostname for clients is needed.
Comment 1 Martin Kosek 2012-02-27 16:52:41 UTC 
Fixed upstream. Man pages now contain a special section about hostname requirements.

master: https://fedorahosted.org/freeipa/changeset/dc47f77dc1f7df8aafa09ed6d9baa7f209016f35
ipa-2-2: https://fedorahosted.org/freeipa/changeset/cac915e607d0e4bdaf4bede36e34beb61be10d15
Comment 3 Kaleem 2012-04-19 11:39:44 UTC 
Following text has been added in man page of ipa-client-install for hostname
==========================================================================
   HOSTNAME REQUIREMENTS
       Client  must use a static hostname. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server,
       client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication.

       --hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot.
==========================================================================

In man page of ipa-client-install, hostname switch description is changed but in ipa-client-install's help text it is still the same.

hostname switch description from ipa-client-install's help text

    --hostname=HOSTNAME
                        The hostname of this server (FQDN). If specified, the
                        hostname will be set and the system configuration will
                        be updated to persist over reboot. By default a
                        nodename result from uname(2) is used.

Here is above description word "server" should be changed with "machine" which has been done in man page.
Comment 4 Jenny Severance 2012-04-19 14:22:48 UTC 
based on comments, setting bug status to Assigned
Comment 6 Martin Kosek 2012-04-19 17:58:44 UTC 
Fixed upstream - "server" was replaced with "machine".

master: https://fedorahosted.org/freeipa/changeset/4d66cc07dc0b8dd357ab8dfe555702130aba299f
ipa-2-2: https://fedorahosted.org/freeipa/changeset/0457210e26d7fb2a2ec1a2968d1ab0c31a62be07
Comment 8 Martin Kosek 2012-04-19 19:29:38 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 9 Kaleem 2012-04-24 13:00:28 UTC 
Verified.

Now, ipa-client-install's help text also contains "machine" instead of "server" .

[root@dhcp201-121 ~]# rpm -q ipa-server ipa-client
ipa-server-2.2.0-11.el6.x86_64
ipa-client-2.2.0-11.el6.x86_64
[root@dhcp201-121 ~]#
Comment 11 errata-xmlrpc 2012-06-20 13:28:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.