On Wed, Nov 16, 2016 at 09:39:05AM +0100, Lukas Slebodnik wrote: > On (16/11/16 11:46), Lachlan Musicman wrote: > >I don't know what I've done wrong, but when I use ipa-client-install on a > >new host to add to my one way trust domain, I now have a > >[domain/shadowutils] stanza. > > > >This first happened a couple of weeks ago, I saw this bug and thought "it > >will be solved soon". > > > >https://bugzilla.redhat.com/show_bug.cgi?id=1369118 > > > >The report says it's been resolved in a recent advisory but I'm still > >seeing the error. > > > It was fixed by reverting upstream commit which > introduced such seature. > https://git.fedorahosted.org/cgit/sssd.git/commit/?id=59744cff6edb106ae799b2321cb8731edadf409a > > >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally > >supplied sssd? > > > Yes, theis feature is still available in upstream/fedora. > > A) "domain/shadowutils" should not cause any problems. > If yes then it should be also reproducible on fedora > please filae a bug. > > B) It does not happen with SELinux in enforcing mode. > Another reason for "setenforce 1" :-)
Also, we're going to remove this domain in favor of new domain type with id_provider=files in the next release. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
