When client is already joined, ipa-client-install fails:
ipa-client-install
# ipa-client-install --domain f19.ad.test --hostname client.f19.ad.test -p admin -w kokos123 Discovery was successful! Hostname: client.f19.ad.test Realm: F19.AD.TEST DNS Domain: f19.ad.test IPA Server: ipa.f19.ad.test BaseDN: dc=f19,dc=ad,dc=test Continue to configure the system with these values? [no]: y Synchronizing time with KDC... Successfully retrieved CA cert Subject: CN=Certificate Authority,O=F19.AD.TEST Issuer: CN=Certificate Authority,O=F19.AD.TEST Valid From: Thu Apr 18 08:09:16 2013 UTC Valid Until: Mon Apr 18 08:09:16 2033 UTC Joining realm failed: Host is already joined. Installation failed. Rolling back changes. Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration /etc/ipa/default.conf could not be removed: [Errno 2] No such file or directory: '/etc/ipa/default.conf' Please remove /etc/ipa/default.conf manually, as it can cause subsequent installation to fail. Client uninstall complete.
We should advertise that --force-join flag can be used to re-enroll, otherwise use may not even know its there.
--force-join
Thus something like:
ipa-client-install ... Valid From: Thu Apr 18 08:09:16 2013 UTC Valid Until: Mon Apr 18 08:09:16 2033 UTC Joining realm failed: Host is already joined. Use --force-join to forcefully join the server (overwrites client data on server) ...
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=955701
master: 6e8d311
Metadata Update from @mkosek: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)
Log in to comment on this ticket.