Red Hat Bugzilla – Bug 965888
Enterprise Login option doesn't work with FreeIPA
Last modified: 2013-06-16 02:07:59 EDT
After an install from the Live Desktop (beta rc2), I am presented with the request to create a user account.
I have 2 'enterprise' system that I can use at home.
1. FreeIPA install
2. OpenLDAP install
But if I select the enteprise option I am only given an empty 'Domain' selector and then a username and password fields.
I normally prefer to configure things to use my FreeIPA 'domain', but some machines go to the openldap install.
I can't see my freeipoa domain there (probably because I have no SRV records in this install) nor a way to manually provide options to use my openldap server, so I can't use either apparently.
The 'enterprise' login option should provide a way to proviude manual configuration if autodetection fails or is simply not possible (like in the pure LDAP Dirctory case)
Moving this to realmd for consideration.
It dos not work with SRV records either in my setup.
Should I change back the subject ?
let's go with something fairly generic for now, if we figure out what exactly about your FreeIPA config it is that realmd/g-i-s doesn't like, we can adjust it again...
Please run this and paste the output here:
$ realm discover --verbose mydomain.com
realmd has no chance to work as I just noticed neither anaconda nor g-i-s let you set the machine name (nor the domain name of course).
And on the live desktop install there is also no way to set the domain in Network Manager even when setting the DNS server manually.
I think the 'Enterprise login' thing has never been tested by anybody and appears completely broken.
I am resetting this bug back to g-i-s, I suggest you drop the 'enterprise login' button until it actually can be made to work.
Provided by Simo:
realmd discover --verbose trust.ssimo.org
* Resolving: _ldap._tcp._msdcs.trust.ssimo.org
* Sending MS-CLDAP ping to: 192.168.122.240
! Discovery timed out after 15 seconds
(In reply to Simo Sorce from comment #5)
> realmd has no chance to work as I just noticed neither anaconda nor g-i-s
> let you set the machine name (nor the domain name of course).
Anaconda lets you set this in the network spoke, although it doesn't seem to be shown when doing a Live install.
> I think the 'Enterprise login' thing has never been tested by anybody and
> appears completely broken.
Yes, this functionality in g-i-s has likely never been tested. Although it can be made to work by setting the hostname in the installer (or in the Live Desktop environment).
But yes, the g-i-s stuff has likely never been tested due to the complete brokenness of the Fedora 19 install process until very recently coupled with the complete absence of any domains (even FreeIPA domains!) available anywhere for developers to test against.
The g-i-s Enterprise login code was copied from gnome-control-center, where the functionality does work and has been tested.
> I am resetting this bug back to g-i-s, I suggest you drop the 'enterprise
> login' button until it actually can be made to work.
It can be made to work, but does not actually work without the work around of setting up the host name.
It should be noted that the authconfig Network Authentication firstboot button has exactly this same problem. In addition it does not install the necessary packages and requires that you know these and manually install them in advance in the installer.
So yes, this feature was completely broken in gnome-initial-setup. It crashed, and didn't look like it had ever been used. I remember being asked in passing to look at this stuff, but I never got around to reviewing the code until now.
Sorry bout that.
18 patches attached to above bugs, which makes things usable.
All upstream patches reviewed, pushed. This makes this feature usable. Although I did only test with 'gnome-initial-setup --force-new-user'
One thing that seems missing from a firstboot type thingy is the ability to setup not just one user, but set defaults for all users, and setup domain logins for any domain user. You might think of this as 'workstation mode'.
gnome-initial-setup as a whole does not currently do fill the 'workstation' use case (it sets up one user), and so its no suprise that the Enterprise login feature that's part of gnome-initial-setup does not fill the workstation use case either.
If in the future gnome-initial-setup gained the feature to be used in a workstation mode, then we could easily extend its the Enterprise Login page to match.
Leaving this back in the hands of mclasen at this point. But I think things are ready for a new Fedora package to verify that this functionality works.
aiui, so far, that is outside the scope of g-i-s' design. g-i-s was designed for the two use cases 'creating a single initial admin user for a newly installed system' and 'configuring the basic environment of any newly created user the first time they log into GNOME'. it was not designed to cover anything outside of those cases.
gnome-initial-setup-0.11-1.fc19 has been submitted as an update for Fedora 19.
gnome-initial-setup-0.11-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.