On Thu, 2017-08-10 at 11:12 -0500, Robert Giles wrote:
> I'll throw this out there (there's no doubt a myriad of other, likely more
> reliable ways to do this).
>
> In Puppet, I'm executing a 'join domain' script unless this condition is
> true:
>
> ...
> unless => "/usr/bin/klist -k ${::sssd::keytab} | /bin/grep -q
> 'host/${::fqdn}@${::sssd::realm_upcase}'"
> ...
>
> Check the global keytab file, say /etc/krb5.keytab, to see if
> "host/[email protected]" exists. This could depend on how
> you're joining the domain; "[email protected]" might also be used.
I always figured kvno was the tool for that:
# > kvno "[email protected]"
Either you get an error or it prints the full line including the KVNO number.
Is that correct?
Jocke
>
> Robert
>
>
> On August 10th, 2017, at 10:32, Eugene Vilensky wrote:
> > Hello,
> >
> > Apologies for the naivete of this question. How can I test if a machine
> > already has a successful relationship with active directory?
> >
> > context: I want to set an ansible fact if it is in fact join and if not
> > execute
> > adcli to join.
> >
> > Thank you!
> > -Eugene
> >
>
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
