On 01/07/2013 11:00 AM, Natxo Asenjo wrote:

on a workstation *not* joined to the IPA domain but with the the ipa
admin tools installed I get this error when trying to modify dns
settings and I have a kerberos ticket of an admin user:

$ kinit user.ad...@unix.domain.tld
Password for user.ad...@unix.domain.tld
$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: user.ad...@unix.domain.tld

Valid starting     Expires            Service principal
01/07/13 10:47:09  01/08/13 10:47:06  krbtgt/unix.domain....@unix.domain.tld
        renew until 01/14/13 10:47:06

$ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300
ipa: ERROR: Client is not configured. Run ipa-client-install.

Is this 'by design'? This limitation on the cli tool does not apply to
the web interface, by the way, that is, I can login the web interface
without being joined to the domain and modify all kind of stuff there

To be more specific: this is not a problem, I can run this command on
a joined host, but I was just curious.

Create a config file in /etc/ipa/default.conf or ~/.ipa/default.conf (or somewhere else and point ipa to it using the -c option). Copy the `xmlrpc_uri` line from a config on a master or joined machine there.
ipa should work then.


Freeipa-users mailing list

Reply via email to