#1613 ipa client setup should configure host properly in a trust is in place
Closed: Fixed None Opened 6 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=870278 (Red Hat Enterprise Linux 6)

Description of problem:

I would expect that any necessary client install (including via
ipa-replica-install) would configure necessary changes when a cross domain
trust is in place.

After having to re-configure/re-install a replica, I noticed that
/etc/sssd/sssd.conf was missing subdomains_provider line.

ipa-client-install, ipa-replica-install should properly configure client config
files for trusts if trusts are enabled for the environemt.

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-105.20121022T2338zgit3488770.el6.x86_64

How reproducible:
Unknown


Steps to Reproduce:
1.  Install IPA Master and Replica
2.  Install AD Server
3.  Setup trust to AD domain
4.  on replica:  ipa-server-install --uninstall -U
5.  on master: ipa-replica-manage -p PASSWORD del REPLICA --force
6.  on master: ipa-replica-prepare -p PASSWORD --ip-address=REPLICA_IP REPLICA
7.  on replica: sftp MASTER:/var/lib/ipa/replica-info-REPLICA.gpg
8.  on replica: ipa-replica-install -U --setup-ca --setup-dns
--forwarder=DNSFORWARDER -w PASSWORD -p PASSWD replica-info-REPLICA.gpg

Actual results:

configs missing.  at the very least /etc/sssd/sssd.conf is missing
subdomains_provider = ipa line.

Expected results:

all trust related configs should be handled by ipa install commands.

Additional info:

This seems like an ipa-client bug to me.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Instead of enabling the IPA subdomain provider by default if id_provider=ipa is set we will try at startup (or after) to read the subdomains from the server but stop trying if there is an indication that the server isn't configured for trusts.

Additionally the pac responder should be started implictily if there is a domain with id_provider=ipa.

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.9.4 => SSSD 1.9.3

sssd-1-9:
- a3241ce
- 03b555b
- 6830f45
master:
- 032d098
- 778491b
- 5063dcc

resolution: => fixed
status: assigned => closed

Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata