#1613 ipa client setup should configure host properly in a trust is in place
Closed: Fixed None Opened 9 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=870278 (Red Hat Enterprise Linux 6)

Description of problem:

I would expect that any necessary client install (including via
ipa-replica-install) would configure necessary changes when a cross domain
trust is in place.

After having to re-configure/re-install a replica, I noticed that
/etc/sssd/sssd.conf was missing subdomains_provider line.

ipa-client-install, ipa-replica-install should properly configure client config
files for trusts if trusts are enabled for the environemt.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Install IPA Master and Replica
2.  Install AD Server
3.  Setup trust to AD domain
4.  on replica:  ipa-server-install --uninstall -U
5.  on master: ipa-replica-manage -p PASSWORD del REPLICA --force
6.  on master: ipa-replica-prepare -p PASSWORD --ip-address=REPLICA_IP REPLICA
7.  on replica: sftp MASTER:/var/lib/ipa/replica-info-REPLICA.gpg
8.  on replica: ipa-replica-install -U --setup-ca --setup-dns
--forwarder=DNSFORWARDER -w PASSWORD -p PASSWD replica-info-REPLICA.gpg

Actual results:

configs missing.  at the very least /etc/sssd/sssd.conf is missing
subdomains_provider = ipa line.

Expected results:

all trust related configs should be handled by ipa install commands.

Additional info:

This seems like an ipa-client bug to me.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Instead of enabling the IPA subdomain provider by default if id_provider=ipa is set we will try at startup (or after) to read the subdomains from the server but stop trying if there is an indication that the server isn't configured for trusts.

Additionally the pac responder should be started implictily if there is a domain with id_provider=ipa.

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.9.4 => SSSD 1.9.3

- a3241ce
- 03b555b
- 6830f45
- 032d098
- 778491b
- 5063dcc

resolution: => fixed
status: assigned => closed

Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.3

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2655

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.