On to, 24 kesä 2021, Rob Crittenden wrote:
But there is no change in ipahealthcheck output.
This particular check is only run on trust controllers, those machines
with the server role of AD trust controller. (ipa server-role-show
<hostname> 'AD trust controller')
It makes sure that the ADTRUST service is marked as enabled, so that the
services will be started by ipactl (smb).
You can see it with:
kinit admin
ldapsearch -Y GSSAPI -b
cn=ADTRUST,cn=`hostname`,cn=masters,cn=ipa,cn=etc,dc=example,dc=test
So since it's a trust server and doesn't have ADTRUST enabled it means
that ipactl won't manage smb.
Now given your use case it's possible this is a false positive.
Alexander, what do you think?
ADTRUST service should be present and active if ipa-adtrust-install was
run. If it doesn't that's an error and ipa-healthcheck highlights it
correctly.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
