Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=870278 (Red Hat Enterprise Linux 6)
Description of problem:
I would expect that any necessary client install (including via
ipa-replica-install) would configure necessary changes when a cross domain
trust is in place.
After having to re-configure/re-install a replica, I noticed that
/etc/sssd/sssd.conf was missing subdomains_provider line.
ipa-client-install, ipa-replica-install should properly configure client config
files for trusts if trusts are enabled for the environemt.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install IPA Master and Replica
2. Install AD Server
3. Setup trust to AD domain
4. on replica: ipa-server-install --uninstall -U
5. on master: ipa-replica-manage -p PASSWORD del REPLICA --force
6. on master: ipa-replica-prepare -p PASSWORD --ip-address=REPLICA_IP REPLICA
7. on replica: sftp MASTER:/var/lib/ipa/replica-info-REPLICA.gpg
8. on replica: ipa-replica-install -U --setup-ca --setup-dns
--forwarder=DNSFORWARDER -w PASSWORD -p PASSWD replica-info-REPLICA.gpg
configs missing. at the very least /etc/sssd/sssd.conf is missing
subdomains_provider = ipa line.
all trust related configs should be handled by ipa install commands.
This seems like an ipa-client bug to me.
design_review: => 0
testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.4
Instead of enabling the IPA subdomain provider by default if id_provider=ipa is set we will try at startup (or after) to read the subdomains from the server but stop trying if there is an indication that the server isn't configured for trusts.
Additionally the pac responder should be started implictily if there is a domain with id_provider=ipa.
owner: somebody => sbose
status: new => assigned
patch: 0 => 1
milestone: SSSD 1.9.4 => SSSD 1.9.3
resolution: => fixed
status: assigned => closed
Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.3
to comment on this ticket.