Re: [Freeipa-devel] [PATCH] 311 more integrated client install
On Thu, 2009-11-19 at 14:15 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > On Wed, 2009-11-11 at 11:39 -0500, Rob Crittenden wrote: > >> This patch integrates ipa-join and ipa-rmkeytab into the client > >> installer. This will join a machine to the IPA realm and fetch a host > >> principal for /etc/krb5.keytab. > >> > >> On uninstall all principals for the realm will be removed from > >> /etc/krb5.keytab. > >> > >> By default installation will fail if a host principal cannot be > >> obtained. Use the --force option to continue anyway. > >> > >> rob > > > > nack. this is breaking the installer: > > > > [6/12]: creating a keytab for httpd > > [7/12]: Setting up ssl > > [8/12]: Setting up browser autoconfig > > [9/12]: publish CA cert > > [10/12]: configuring SELinux for httpd > > [11/12]: restarting httpd > > [12/12]: configuring httpd to start on boot > > done configuring httpd. > > Applying LDAP updates > > restarting the directory server > > restarting the KDC > > Sample zone file for bind has been created in /tmp/sample.zone.WUedsi.db > > Configuration of client side components failed! > > ipa-client-install returned: Command '/usr/sbin/ipa-client-install > > --on-master --unattended --domain example.com --server > > fedora11.example.com --realm EXAMPLE.COM' returned non-zero exit status > > 1 > > It shouldn't require a password/principal when on the master. New patch > attached. > > rob ack. pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 311 more integrated client install
Jason Gerard DeRose wrote: On Wed, 2009-11-11 at 11:39 -0500, Rob Crittenden wrote: This patch integrates ipa-join and ipa-rmkeytab into the client installer. This will join a machine to the IPA realm and fetch a host principal for /etc/krb5.keytab. On uninstall all principals for the realm will be removed from /etc/krb5.keytab. By default installation will fail if a host principal cannot be obtained. Use the --force option to continue anyway. rob nack. this is breaking the installer: [6/12]: creating a keytab for httpd [7/12]: Setting up ssl [8/12]: Setting up browser autoconfig [9/12]: publish CA cert [10/12]: configuring SELinux for httpd [11/12]: restarting httpd [12/12]: configuring httpd to start on boot done configuring httpd. Applying LDAP updates restarting the directory server restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.WUedsi.db Configuration of client side components failed! ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain example.com --server fedora11.example.com --realm EXAMPLE.COM' returned non-zero exit status 1 It shouldn't require a password/principal when on the master. New patch attached. rob freeipa-311.2-install.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 311 more integrated client install
On Wed, 2009-11-11 at 11:39 -0500, Rob Crittenden wrote: > This patch integrates ipa-join and ipa-rmkeytab into the client > installer. This will join a machine to the IPA realm and fetch a host > principal for /etc/krb5.keytab. > > On uninstall all principals for the realm will be removed from > /etc/krb5.keytab. > > By default installation will fail if a host principal cannot be > obtained. Use the --force option to continue anyway. > > rob nack. this is breaking the installer: [6/12]: creating a keytab for httpd [7/12]: Setting up ssl [8/12]: Setting up browser autoconfig [9/12]: publish CA cert [10/12]: configuring SELinux for httpd [11/12]: restarting httpd [12/12]: configuring httpd to start on boot done configuring httpd. Applying LDAP updates restarting the directory server restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.WUedsi.db Configuration of client side components failed! ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain example.com --server fedora11.example.com --realm EXAMPLE.COM' returned non-zero exit status 1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel