Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1854557
[+] Description of problem: - During the ipa-client-install, nsupdate runs but tries to bind with GSSAPI. If the bind fails, nsupdate stops. [+] How reproducible: - Always [+] Steps to Reproduce: 1. Run ipa-client-install. [+] Expected results: - nsupdate tries to bind with gssapi but then tries unsecure if gssapi fails
Metadata Update from @fcami: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1854557
In: https://github.com/freeipa/freeipa/blob/0df4e8813d573f3e6ad1d084823764cf40a4b5c9/ipaclient/install/client.py#L1337
nsupdate is called with -g: [paths.NSUPDATE, '-g', UPDATE_FILE]
This could be easily enhanced with a second call without -g ; if the first call fails, SSSD's configuration must be switched to 'dyndns_auth' = 'none' .
Metadata Update from @fcami: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4909
master:
ipa-4-9:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @fcami: - Custom field changelog adjusted to Invoke nsupdate without authentication if the GSS-TSIG attempt fails at install time ; configure SSSD to use nsupdate without GSS-TSIG in this case.
Log in to comment on this ticket.