Issue #3140: dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf when --server argument provided in ipa-client-install - freeipa

freeipa

#3140 dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf when --server argument provided in ipa-client-install

Closed: Invalid None Opened 11 years ago by ksiddiqu.

dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf when --server argument provided in ipa-client-install.

[root@f17-ipa4 ~]# ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w xxxxxxx --unattended --server=f17-ipa1.testrelm.com 
Hostname: f17-ipa4.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: f17-ipa1.testrelm.com
BaseDN: dc=testrelm,dc=com

Synchronizing time with KDC...
Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
trying https://f17-ipa1.testrelm.com/ipa/xml
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to server 'http://f17-ipa1.testrelm.com/ipa/xml'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
[root@f17-ipa4 ~]#

[root@f17-ipa4 ~]# cat /etc/krb5.conf
#File modified by ipa-client-install

[libdefaults]
  default_realm = TESTRELM.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  TESTRELM.COM = {
    kdc = f17-ipa1.testrelm.com:88
    master_kdc = f17-ipa1.testrelm.com:88
    admin_server = f17-ipa1.testrelm.com:749
    default_domain = testrelm.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .testrelm.com = TESTRELM.COM
  testrelm.com = TESTRELM.COM
[root@f17-ipa4 ~]#

Here dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf.
Not sure of this current behaviour as existing automation scripts are failing now which expects these fields to be true. is this expected behaviour now?

These are set to true when no --server argument provided.

rpm version:
============
[root@f17-ipa4 ~]# rpm -qa|grep freeipa*
freeipa-client-2.99.0-0.20121003T1722Zgit5bf1cee.fc17.x86_64
freeipa-python-2.99.0-0.20121003T1722Zgit5bf1cee.fc17.x86_64
freeipa-admintools-2.99.0-0.20121003T1722Zgit5bf1cee.fc17.x86_64
[root@f17-ipa4 ~]#

Please find the attached ipa-client-install.log file.

ksiddiqu commented 11 years ago

attachment
ipaclient-install.log

dpal commented 11 years ago

IMO this is how it should be because when you have --server you explicitly turn off DNS lookups.

dpal commented 11 years ago

This is how it should work.

Metadata Update from @ksiddiqu:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 3.0 GA

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

low

Milestone

FreeIPA 3.0 GA

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#3140 dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf when --server argument provided in ipa-client-install Closed: Invalid None Opened 11 years ago by ksiddiqu.

Metadata

#3140 dns_lookup_kdc and dns_lookup_realm are set to false in krb5.conf when --server argument provided in ipa-client-install

Closed: Invalid None Opened 11 years ago by ksiddiqu.