Mauricio Tavares via FreeIPA-users wrote: > On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden <[email protected]> wrote: >> >> Mauricio Tavares via FreeIPA-users wrote: >>> So I am trying to add the first ipa client to my test environment. If >>> I am running ipa-client-install as a root, why is it barking that >>> >>> nisdomainname: you must be root to change the domain name >>> >>> [root@idm-client1 /]# ipa-client-install --domain example.test >>> --no-ntp --mkhomedir >>> This program will set up IPA client. >>> Version 4.9.12 >>> >>> Discovery was successful! >>> Client hostname: idm-client1.example.test >>> Realm: EXAMPLE.TEST >>> DNS Domain: example.test >>> IPA Server: idm01.example.test >>> BaseDN: dc=example,dc=test >>> >>> Continue to configure the system with these values? [no]: yes >>> Continue to configure the system with these values? [no]: yes >>> Skipping chrony configuration >>> User authorized to enroll computers: admin >>> Password for [email protected]: >>> Successfully retrieved CA cert >>> Subject: CN=Certificate Authority,O=EXAMPLE.TEST >>> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST >>> Valid From: 2024-02-07 15:25:44 >>> Valid Until: 2044-02-07 15:25:44 >>> >>> Enrolled in IPA realm EXAMPLE.TEST >>> Created /etc/ipa/default.conf >>> Configured /etc/sssd/sssd.conf >>> Systemwide CA database updated. >>> SSSD enabled >>> Configured /etc/openldap/ldap.conf >>> /etc/ssh/ssh_config not found, skipping configuration >>> /etc/ssh/sshd_config not found, skipping configuration >>> Configuring example.test as NIS domain. >>> CalledProcessError(Command ['/bin/systemctl', 'restart', >>> 'nis-domainname.service'] returned non-zero exit status 1: 'Job for >>> nis-domainname.service failed because the control process exited with >>> error code.\nSee "systemctl status nis-domainname.service" and >>> "journalctl -xe" for details.\n') >>> The ipa-client-install command failed. See >>> /var/log/ipaclient-install.log for more information >>> [root@idm-client1 /]# >>> >>> [root@idm-client1 /]# systemctl status nis-domainname.service --full >>> --no-pager >>> ● nis-domainname.service - Read and set NIS domainname from >>> /etc/sysconfig/network >>> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service; >>> enabled; vendor preset: enabled) >>> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58 >>> UTC; 2min 24s ago >>> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname >>> (code=exited, status=1/FAILURE) >>> Main PID: 300 (code=exited, status=1/FAILURE) >>> >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and >>> set NIS domainname from /etc/sysconfig/network... >>> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]: >>> nisdomainname: you must be root to change the domain name >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: >>> nis-domainname.service: Main process exited, code=exited, >>> status=1/FAILURE >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: >>> nis-domainname.service: Failed with result 'exit-code'. >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start >>> Read and set NIS domainname from /etc/sysconfig/network. >>> [root@idm-client1 /]# >> >> Looks like this message appears on any EPERM failure [1]. Are you >> running in a container? Any SELinux errors? > > Right you are: running in container. SELinux currently disabled in host.
You could try --no-nisdomain Or a more complex approach like the server container does, https://github.com/freeipa/freeipa-container/blob/master/hostnamectl-wrapper rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
