On Пан, 19 жні 2024, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
running ipa-client-install in an LXC container I stumbled over this:
root@debian12:~# ipa-client-install
This program will set up IPA client.
Version 4.9.11
WARNING: conflicting time&date synchronization service 'ntp' will be disabled
in favor of chronyd
Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]: no
Client hostname: debian12.vs.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time
Augeas failed to configure file /etc/chrony/chrony.conf
Using default chrony configuration.
CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service']
returned non-zero exit status 5: 'Failed to restart chrony.service: Unit
chrony.service not found.\n')
The ipa-client-install command failed. See /var/log/ipaclient-install.log for
more information
This seems weird. First it asks about configuring chrony, which was
denied, and yet it fails due to the chrony configuration.
You need to say 'ipa-client-install -N' to prevent configuring NTP.
Looks like you didn't do that.
?
This is the freeipa client package 4.9.11 backported to Debian 12.
There is neither crony nor ntp or systemd-timesyncd installed. The
clock is managed on the host.
It is pretty unfortunate that freeipa tries to "mess around" with
the clock, anyway. Keep it simple. I understand that Kerberos might
run into problems when the clock is out-of-sync, but this is very
well documented, and obviously freeipa cannot take all ntp-clones
into account.
Use proper options to ipa-client-install to express your needs.
The question about whether chrony needs to configure NTP server/pool
addresses is asked when a general ask for configuring NTP is there.
That defaults to 'true' so you need to say '-N' to change this setting.
The question 'Do you want to configure chrony with NTP server or pool
address?' is really meant to ask you about specific NTP servers/pool
addresses, not the fact that Chrony would not be configured.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
