Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/1967 Currently ipa-client-install man page states about IP addressing / hostname only that: --hostname The hostname of this server (FQDN). If specified, the hostname will be set and the system configuration will be updated to per- sist over reboot. By default a nodename result from uname(2) is used. But if one runs ipa-client-install without --hostname on a client-to-be using using dynamic IP / hostname from corporate DHCP/DNS without MAC binding then eventually the client's IP address and hostname will change causing issues on the client, e.g., with Kerberos. Manual page should clearly state that a static hostname for clients is needed.
Fixed upstream. Man pages now contain a special section about hostname requirements. master: https://fedorahosted.org/freeipa/changeset/dc47f77dc1f7df8aafa09ed6d9baa7f209016f35 ipa-2-2: https://fedorahosted.org/freeipa/changeset/cac915e607d0e4bdaf4bede36e34beb61be10d15
Following text has been added in man page of ipa-client-install for hostname ========================================================================== HOSTNAME REQUIREMENTS Client must use a static hostname. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication. --hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot. ========================================================================== In man page of ipa-client-install, hostname switch description is changed but in ipa-client-install's help text it is still the same. hostname switch description from ipa-client-install's help text --hostname=HOSTNAME The hostname of this server (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used. Here is above description word "server" should be changed with "machine" which has been done in man page.
based on comments, setting bug status to Assigned
Fixed upstream - "server" was replaced with "machine". master: https://fedorahosted.org/freeipa/changeset/4d66cc07dc0b8dd357ab8dfe555702130aba299f ipa-2-2: https://fedorahosted.org/freeipa/changeset/0457210e26d7fb2a2ec1a2968d1ab0c31a62be07
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Verified. Now, ipa-client-install's help text also contains "machine" instead of "server" . [root@dhcp201-121 ~]# rpm -q ipa-server ipa-client ipa-server-2.2.0-11.el6.x86_64 ipa-client-2.2.0-11.el6.x86_64 [root@dhcp201-121 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html