Hi folks, running ipa-client-install in an LXC container I stumbled over this:
root@debian12:~# ipa-client-install This program will set up IPA client. Version 4.9.11 WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd Discovery was successful! Do you want to configure chrony with NTP server or pool address? [no]: no Client hostname: debian12.vs.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ipa1.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes Synchronizing time Augeas failed to configure file /etc/chrony/chrony.conf Using default chrony configuration. CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service'] returned non-zero exit status 5: 'Failed to restart chrony.service: Unit chrony.service not found.\n') The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information This seems weird. First it asks about configuring chrony, which was denied, and yet it fails due to the chrony configuration. ? This is the freeipa client package 4.9.11 backported to Debian 12. There is neither crony nor ntp or systemd-timesyncd installed. The clock is managed on the host. It is pretty unfortunate that freeipa tries to "mess around" with the clock, anyway. Keep it simple. I understand that Kerberos might run into problems when the clock is out-of-sync, but this is very well documented, and obviously freeipa cannot take all ntp-clones into account. Regards Harri -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
