ok, well in any case it's not freeipa-client that modifies
nsswitch.conf, but libnss-sss in it's postinst, and in there it doesn't
add the sss entries if nsswitch.conf doesn't exist
reassigning anyway but I don't think there's much to do
** Package changed: freeipa (Ubuntu) => sssd (Ubuntu)
** Changed in: sssd (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/2004433
Title:
freeipa-client: ipa-client-install doesn't modify /etc/nsswitch.conf
on 20.04
Status in sssd package in Ubuntu:
New
Bug description:
Hi!
We have Ubuntu 18.04 servers that we're upgrading to 20.04, and we've
found a minor bug.
When running the ipa-client-install tool on Ubuntu 20.04, it installs
everything and enrolls the host, but at the end it skips updating
/etc/nsswitch.conf to add `sss` to anything in /etc/nsswitch.conf.
I haven't looked at the source, but I suspect that the tool doesn't
recognize the exact configuration in /etc/nsswitch.conf as a 'known'
configuration and silently refuses to modify it.
Manually adding `sss` to the passwd, group, shadow, services, and
netgroup lines makes everything work.
Partial output of ipa-client-install:
```
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: 2020-12-09 23:35:59
Valid Until: 2040-12-09 23:35:59
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Unable to find 'service-account' user with 'getent passwd
service-acco...@example.com'!
Unable to reliably detect configuration. Check NSS setup manually.
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring ca.example.com as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
```
When it says "Check NSS setup manually.", it's really saying
"Configure NSS setup manually".
Here's the resulting /etc/nsswitch.conf file, after manually appending
'sss':
```
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd sss
group: compat systemd sss
shadow: compat sss
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis
sudoers: files sss
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2004433/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp
