On 01/20/2016 05:55 PM, bahan w wrote:
> Ah sorry, for security reasons I didn't want to put the original name and I
> made a mistake.
> 
> Here we are, for the confusing lines :
> ###
> Assuming realm is the same as domain: <MYDOMAIN>
> Generated basedn from realm: dc=<mydomain>
> Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=<mydomain>,
> kdc=None, basedn=dc=<mydomain>
> Validated servers: <fqdn ipa server>
> will use discovered domain: <mydomain>
> Using servers from command line, disabling DNS discovery
> will use provided server: <fqdn ipa server>
> will use discovered realm: <MYDOMAIN>
> The provided realm name [<MYREALM>] does not match discovered one
> [<MYDOMAIN>]
> (<MYDOMAIN>: Assumed same as domain)
> Installation failed. Rolling back changes
> IPA client is not configured on this system.
> ###
> 
> Is it more clear ? Sorry again for the confusion.
> 
> I use a realm which is different than the domain.

Ah, I see. I think you just found a bug. The problem is that given the server
is not reachable, the realm is calculated based on the domain and then rejected
as it is different from the option. In this case, ipa-client-install should
just accept the realm passed to the script. It is very specific condition, but
we should be able to fix that easily

I filed a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1300561

We will need to think if there is a workaround for you until the fix is 
delivered.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to